Antivirenprogramm lässt sich nicht mehr aktivieren

flof1ghter · 03.04.2014, 22:36

Hallo Experten und Meister der digitalen Welt,
ich möchte mich gleich für fehlende oder fehlerhafte Information entschuldigen.
Hier zu meinem Problem:
Ich habe vor mehreren Tagen eine gepackte Datei von einer "Tauschbörse" runtergeladen. Dann habe ich die gepackte Datei durch den Avira Scanner gejagt (Update aktuell, nichts gefunden). Danach habe ich die Datei entpackt und nochmal durch den Avira Scanner gejagt (wieder nichts gefunden). Nach einigen Minuten zeigte der Windows Defender einen Trojaner an. Die genaue Definition weiß ich nicht mehr. ich habe Windows Defender einfach gesagt er soll ihn löschen/ in Quarantäne schieben. Danach viel mir auf das der Avira Echtzeitscanner nicht mehr aktiviert war und sich auch nach mehrmaligem Klicken nicht mehr aktivieren ließ. Außerdem ließ sich der Windows Defender nicht mehr starten ( Da steht Dienst wird gestartet. Wenn ich ihn dann manuell durch klicken starten will steht da: Der angegebene Dienst ist kein installierter Dienst Fehlercode 0x80070424) und ich kann keine Windows Updates mehr ziehen (Mit Windows Update kann derzeit nicht ´nach Updates gesucht werden, da der Dienste nicht ausgeführt wird. Möglicherweise müssen Sie den Computer neu starten) Danach habe ich erst mal das Netzkabel gezogen und Malwarebyte Anti-Malware über einen anderen Rechner heruntergeladen und per USB-Stick auf dem betroffenen Rechner installiert und mehrere Suchlaufe durchgeführt. Ergebnisslog der letzten beiden Suchläufe:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Florian :: FLORIAN-PC [Administrator]

Schutz: Deaktiviert

03.04.2014 10:36:47
mbam-log-2014-04-03 (10-36-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 503199
Laufzeit: 58 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U7JX1EJ\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U7JX1EJ\pack[2].7z (PUP.Optional.Mediasoft) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIGLOQOD\pack[1].7z (PUP.Optional.BrowserProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIGLOQOD\pack[2].7z (Rogue.InternetSecurityEssentials) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Roaming\.minecraft\bin\Tools\Installer\AudioMusic\SoftonicDownloader_fuer_audacity.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\Desktop\Tools\Install\MusicKonvertYoutube\SoftonicDownloader_fuer_album-cover-finder.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

_-_

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Florian :: FLORIAN-PC [Administrator]

Schutz: Deaktiviert

03.04.2014 22:02:34
mbam-log-2014-04-03 (22-02-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 503075
Laufzeit: 57 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Habe keine Ahnung ob da noch ne Trojaner ist oder was.
Hoffe jemand kann mir helfen.

Danke im Voraus
flof1ghter

System:
Acer Aspire X3900
Intel Core i5 CPU 650 3,20 GHz
Arbeitsspeicher: 6,00GB (5,87 GB verwendbar)
Windows 7 Home Premium 64 Bit-Betriebssystem
Service Pack 1

Bootsektor · 04.04.2014, 01:04

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Mache bitte einen Scan mit FRST
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

flof1ghter · 04.04.2014, 21:45

Hi,
so hab das Programm durchlaufen lassen. Lief ziemlich schnell.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Florian at 2014-04-04 22:35:49
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.7222 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7222 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira (HKLM-x32\...\{59944c0c-fa58-4904-b63a-d8e625c94eb3}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battle Worlds: Kronos Demo (HKLM-x32\...\Steam App 268030) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version:  - Gearbox Software)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eterium Demo (HKLM-x32\...\{49053068-6446-481F-848B-F379DFAF7774}) (Version: 1.0.0.0 - Rogue Earth llc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Gunpoint Demo (HKLM-x32\...\Steam App 240570) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Legends of Pegasus (HKLM-x32\...\Steam App 205590) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG MC USB U330 driver (HKLM-x32\...\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}) (Version: 1.0.0.0000 - LG Electronics)
LG PC Suite III (HKLM-x32\...\{C0E18DC4-C74A-4889-AE3A-933471023787}) (Version: 1.0.0.0 - LG Electronics)
LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LOD Tactics DEMO Docs (HKLM-x32\...\LOD Tactics DEMO Docs) (Version:  - 3000AD, Inc.)
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - )
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{9d5299f9-f94e-43ed-9632-a5e045b51f7d}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 11.0.16500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{4167BAA8-EF59-43EB-B354-EC0A86046E6E}) (Version: 12.0.01300 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quantum Conundrum Demo (HKLM-x32\...\Steam App 205700) (Version:  - )
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5930 - Realtek Semiconductor Corp.)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-12BB-4D88-862E-4F1000008500}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
Resident Evil: Operation Raccoon City (x32 Version: 1.0.0003.133 - CAPCOM U.S.A, INC) Hidden
Resident Evil: Operation Raccoon City (x32 Version: 1.0.0004.133 - CAPCOM U.S.A, INC) Hidden
Serena (HKLM-x32\...\Steam App 272060) (Version:  - Senscape)
ShootMania Storm Demo (HKLM-x32\...\Steam App 233050) (Version:  - Nadeo)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - YAGER)
Star Trek: Armada (HKLM-x32\...\Activision_StarTrekArmadaUninstallKey) (Version:  - )
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate™ (HKLM-x32\...\{FA602928-EB59-449c-B9F7-1FBE1291B63D}) (Version: 1.0.0.1 - Electronic Arts)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
The War Z (HKLM-x32\...\Steam App 226700) (Version:  - )
Tiny and Big: Grandpa's Leftovers Demo (HKLM-x32\...\Steam App 214090) (Version:  - )
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03FE260D-E232-4373-88E4-CC17D0B9EF4C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3927348920-2460297857-693750464-1000
Task: {2FB19FD9-A986-45DB-9B3F-3DB11FBA4148} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {48AE9D87-7851-4953-A0C7-F06AB91763B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated)
Task: {8913DFEA-276A-4523-908C-3E27E24C33F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {AA0C6A25-7E3D-4718-A6F9-E30529860B6A} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-29 18:45 - 2013-03-19 07:46 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-11-02 18:51 - 2013-12-06 17:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-18 09:27 - 2009-08-18 09:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-04-02 22:57 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 03:33 - 2009-02-03 03:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 03:55 - 2008-09-29 03:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-03-25 17:07 - 2014-03-25 17:07 - 00137808 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2014-03-25 17:07 - 2014-03-25 17:07 - 00063568 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-08-18 09:31 - 2009-08-18 09:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2011-12-23 15:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-02 22:58 - 2014-03-25 17:07 - 00049744 _____ () C:\Users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:28BF1793
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 10:32:50 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/04/2014 10:32:02 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 10:00:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 09:59:59 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 11:50:44 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 11:50:07 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 10:32:55 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 10:32:14 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 10:22:25 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 10:21:39 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (04/04/2014 10:30:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (04/04/2014 10:30:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (04/04/2014 10:30:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (04/04/2014 10:30:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "3" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/04/2014 10:30:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/04/2014 10:30:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "2" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/04/2014 10:30:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/03/2014 09:59:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (04/03/2014 09:59:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (04/03/2014 09:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (04/04/2014 10:32:50 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/04/2014 10:32:02 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 10:00:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 09:59:59 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 11:50:44 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 11:50:07 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 10:32:55 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 10:32:14 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 10:22:25 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 10:21:39 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 6007.09 MB
Available physical RAM: 4555.45 MB
Total Pagefile: 12012.37 MB
Available Pagefile: 10386.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.79 GB) (Free:203.32 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.09 GB) (Free:455.74 GB) NTFS
Drive f: (RAWLING4851) (Removable) (Total:1.94 GB) (Free:1.94 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6FDE8588)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2 GB) (Disk ID: 17D5B79F)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Florian (administrator) on FLORIAN-PC on 04-04-2014 22:35:22
Running from C:\Users\Florian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [Google Update] - C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2011-11-30] (Google Inc.)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-01-23] (ICQ, LLC.)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\MountPoints2: {2a32a9f7-1b37-11e1-bce8-90fba6305fac} - "F:\WD SmartWare.exe" autoplay=true
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=173611117207pe428v155w4531u430
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB636EEA41F03CF01
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {59710356-9822-4558-AC31-942E028997D8} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {5DA0D90A-594C-46DF-B912-1FC8B8E9506C} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE460
SearchScopes: HKCU - {71A2B107-5184-499C-90D7-699589AEC5DB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={57E92BD0-331E-437B-BEF8-E29252F7FE99}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {DBB111BD-1734-4221-8430-4A00D17BF2B0} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Florian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Florian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [ajmjhoachiphfncjmgaijclfijkpifcf] - C:\ProgramData\SaveAs\ajmjhoachiphfncjmgaijclfijkpifcf.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [nhgmehmmgnelkpigfchhaleajpijljah] - C:\ProgramData\SaveAs\nhgmehmmgnelkpigfchhaleajpijljah.crx [2013-12-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

U5 362425349084fbfd; C:\Windows\System32\Drivers\362425349084fbfd.sys [77776 2014-04-02] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458704 2012-06-02] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983400 2013-04-10] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] ()
R3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] ()
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] ()
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [409624 2009-10-13] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2010-11-20] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1994272 2009-09-02] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-02] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [151920 2012-06-02] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] ()
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] ()
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22576 2009-06-02] ()
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20016 2009-06-02] ()
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60464 2009-06-02] ()
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-20] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-20] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] ()
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1910632 2013-05-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1910632 2013-05-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-20] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [52224 2010-11-20] ()
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343040 2010-11-20] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-20] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] ()
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] ()
S3 PCDSRVC{D368CD8C-4AA3E163-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 22:35 - 2014-04-04 22:35 - 00034765 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-04 22:35 - 2014-04-04 22:35 - 00000000 ____D () C:\FRST
2014-04-04 22:35 - 2014-04-04 22:24 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-02-25 11:41 - 00131576 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:43 - 2014-04-02 22:57 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:36 - 2014-04-02 22:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 11:39 - 2014-04-02 11:39 - 00077776 _____ () C:\Windows\system32\Drivers\362425349084fbfd.sys
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2014-04-04 22:35 - 2014-04-04 22:35 - 00034765 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-04 22:35 - 2014-04-04 22:35 - 00000000 ____D () C:\FRST
2014-04-04 22:34 - 2011-11-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 22:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 22:30 - 2009-07-14 06:51 - 00101932 _____ () C:\Windows\setupact.log
2014-04-04 22:24 - 2014-04-04 22:35 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 22:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 22:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 22:43 - 2012-04-01 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 22:29 - 2011-11-30 12:15 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job
2014-04-03 22:03 - 2011-11-25 17:26 - 00698124 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 22:03 - 2011-11-25 17:26 - 00148820 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 22:03 - 2009-07-14 07:13 - 01616954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-03 11:39 - 2009-11-26 19:58 - 01317544 _____ () C:\Windows\PFRO.log
2014-04-02 23:03 - 2011-11-30 18:40 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\ICQ
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:57 - 2013-08-15 11:04 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:43 - 2014-04-02 22:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 22:43 - 2013-12-06 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 22:43 - 2011-11-25 08:35 - 01432440 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 22:37 - 2012-03-28 11:34 - 00000000 ____D () C:\Users\Florian\Desktop\Tools
2014-04-02 11:39 - 2014-04-02 11:39 - 00077776 _____ () C:\Windows\system32\Drivers\362425349084fbfd.sys
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:40 - 2011-12-25 12:56 - 00000000 ____D () C:\ProgramData\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-04-02 09:51 - 2012-04-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-02 09:51 - 2012-04-01 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-02 09:51 - 2011-12-01 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-02 09:41 - 2012-02-16 13:22 - 00000000 ____D () C:\Users\Florian\Desktop\Musicloaded
2014-03-17 18:32 - 2011-11-30 12:17 - 00002372 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-07 22:35 - 2012-03-01 15:25 - 00000000 ____D () C:\ProgramData\Origin
2014-03-07 22:34 - 2012-03-01 15:25 - 00000000 ____D () C:\Program Files (x86)\Origin

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\AskSLib.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\avguidx.dll
C:\Users\Florian\AppData\Local\Temp\AVG_toolbar.exe
C:\Users\Florian\AppData\Local\Temp\cres.dll
C:\Users\Florian\AppData\Local\Temp\cshell.dll
C:\Users\Florian\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Florian\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Florian\AppData\Local\Temp\installhelper.dll
C:\Users\Florian\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe
C:\Users\Florian\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Florian\AppData\Local\Temp\oi_{D8C2A70C-6D25-4B5C-B8EB-4C3CCC07835D}.exe
C:\Users\Florian\AppData\Local\Temp\sonarinst.exe
C:\Users\Florian\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Florian\AppData\Local\Temp\sres.dll
C:\Users\Florian\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Florian\AppData\Local\Temp\Syndicate.exe
C:\Users\Florian\AppData\Local\Temp\tmp1083.exe
C:\Users\Florian\AppData\Local\Temp\tmp194A.exe
C:\Users\Florian\AppData\Local\Temp\tmp1FEE.exe
C:\Users\Florian\AppData\Local\Temp\tmp61CE.exe
C:\Users\Florian\AppData\Local\Temp\tmp698B.exe
C:\Users\Florian\AppData\Local\Temp\tmp6B9D.exe
C:\Users\Florian\AppData\Local\Temp\tmp89E7.exe
C:\Users\Florian\AppData\Local\Temp\tmpC956.exe
C:\Users\Florian\AppData\Local\Temp\tmpF823.exe
C:\Users\Florian\AppData\Local\Temp\uninst1.exe
C:\Users\Florian\AppData\Local\Temp\ydetect.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-07-12 10:45] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2012-09-14 10:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Bootsektor · 04.04.2014, 22:36

Hallo flof1ghter,

du hast dir da offensichtlich ein Rootkit eingefangen.

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

Falls du weitermachen möchtest, geht es so weiter:
Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 3
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

flof1ghter · 05.04.2014, 11:36

Hallo Sandra, danke für deine schnelle Hilfe,

ich denke ich werde das ganze System platt machen. Ich benutze das "chip-TAN-comfort-Verfahren und habe jetzt mein Passwort geändert. Was sensible Daten angeht sind da ne Paar digitale Handy- und andere Onlinerechnungen. Ansonsten nur Musik und solche Sachen. Was würde dagegen sprechen diese auf ne externe Festplatte zu retten ???
Was mir auch ziemlich schmerzt ist mein Steam Account und die ganzen Spieledateien.
Ich habe für den PC auch keine Windows-CD aber das müsste ja irgendwie über die Festplatte gehen. Ansonsten habe ich mal ne paar Backup CDs gebrannt. Ich hoffe ich kann das wiederherstellen. Bei meinem letzten Laptop mit Windows Vísta hat es nicht geklappt.

Vielen Dank nochmal

gruß
flof1ghter

Bootsektor · 05.04.2014, 23:30

Hallo flof1ghter,

das ist natürlich deine eigene Entscheidung, die Chancen stehen aber nicht schlecht, dass wir das Rootkit entfernen können.

Musik und Spieledateien kannst du sichern, allerdings solltest du sie vorher mit einem Antivirenscanner scannen lassen.
Dein Steam-Account ist doch mit den Spielen, die du dir dort runtergeladen hast verknüpft. Die müsstest du dann erneut herunterladen.

Und gucke vorher, ob dein PC eine Recovery Partition besitzt aus der du dir eventuell dann DVDs brennen müsstest oder ob es die Möglichkeit gibt, diesen auf Werkseinstellungen zurückzusetzen.
Hilfreich ist auch unserer Artikel zum Neuaufsetzen .

flof1ghter · 06.04.2014, 10:30

Hallo Sandra,
ich denke werde versuchen das System bereinigen.
Nur eine Frage für später wenn der Status Quo wieder steht. Welcher Antivirenscanner ist zu empfehlen? Auch zur Überprüfung von Websites und runtergeladenen Daten??

Gruß
flof1ghter

Code:

ATTFilter

ComboFix 14-04-05.01 - Florian 06.04.2014  11:10:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6007.4923 [GMT 2:00]
ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-06 bis 2014-04-06  ))))))))))))))))))))))))))))))
.
.
2014-04-06 09:15 . 2014-04-06 09:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-04 20:35 . 2014-04-04 20:36	--------	d-----w-	C:\FRST
2014-04-02 20:58 . 2014-04-02 20:58	--------	d-----w-	c:\users\Florian\AppData\Roaming\Avira
2014-04-02 20:57 . 2014-02-25 09:41	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-04-02 20:57 . 2014-02-25 09:41	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-04-02 20:57 . 2014-02-25 09:41	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-04-02 20:49 . 2014-04-02 20:49	--------	d-----w-	c:\users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 20:49 . 2014-04-02 20:49	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-02 20:49 . 2014-04-02 20:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-04-02 20:49 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-02 20:43 . 2014-04-02 20:57	--------	d-----w-	c:\program files (x86)\Avira
2014-04-02 08:40 . 2014-04-02 08:40	--------	d-----w-	c:\users\Florian\AppData\Local\WinZip
2014-04-02 08:39 . 2014-04-02 08:39	--------	d-----w-	c:\program files\WinZip
2014-03-17 16:20 . 2014-03-17 16:20	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 16:20 . 2014-03-17 16:20	--------	d-----w-	c:\program files\iTunes
2014-03-17 16:20 . 2014-03-17 16:20	--------	d-----w-	c:\program files (x86)\iTunes
2014-03-17 16:20 . 2014-03-17 16:20	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-02 07:51 . 2012-04-01 14:00	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-02 07:51 . 2011-12-01 15:59	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 00:32 . 2014-02-28 12:01	10536864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC6F7123-35DF-469B-A487-64C1F0449825}\mpengine.dll
2014-01-27 08:58 . 2011-11-30 10:12	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-04 15:54	294456	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-12-22 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-12-22 181480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-25 173136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 PCDSRVC{D368CD8C-4AA3E163-06020101}_0;PCDSRVC{D368CD8C-4AA3E163-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 362425349084fbfd
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:51]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 09:33]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 09:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-02-19 19:17	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-02 8098848]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D368CD8C-4AA3E163-06020101}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\362425349084fbfd]
"ImagePath"="\SystemRoot\System32\Drivers\362425349084fbfd.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-06  11:23:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-06 09:23
.
Vor Suchlauf: 15 Verzeichnis(se), 217.990.610.944 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 219.721.535.488 Bytes frei
.
- - End Of File - - 9A9D83FA91AE9144E6B74929D8904D36
A36C5E4F47E84449FF07ED3517B43A31

Bootsektor · 06.04.2014, 13:32

Hallo flof1ghter,

das sieht schon sehr viel besser aus

Zitat:

Welcher Antivirenscanner ist zu empfehlen? Auch zur Überprüfung von Websites und runtergeladenen Daten??

Als kostenlosen Antivirenscanner kann ich dir Avast! empfehlen.
Wenn du Geld ausgeben möchtest, dann würde ich dir Eset ans Herz legen.
Und natürlich ist es gut, sein System regelmäßig (einmal die Woche) mit einem On-Demand-Scanner zu überprüfen, da finde ich MBAM gut.

Zur Überprüfung von Webseiten gibt es die Browsererweiterung Web of Trust

Nun fehlen mir noch die Schritte 2 und 3 aus meinem vorherigen Post, dann können wir weitermachen.

flof1ghter · 06.04.2014, 19:29

Code:

ATTFilter

Farbar Service Scanner Version: 25-02-2014
Ran by Florian (administrator) on 06-04-2014 at 19:47:31
Running from "C:\Users\Florian\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Florian at 2014-04-06 20:09:06
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.7222 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7222 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira (HKLM-x32\...\{59944c0c-fa58-4904-b63a-d8e625c94eb3}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battle Worlds: Kronos Demo (HKLM-x32\...\Steam App 268030) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version:  - Gearbox Software)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eterium Demo (HKLM-x32\...\{49053068-6446-481F-848B-F379DFAF7774}) (Version: 1.0.0.0 - Rogue Earth llc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Gunpoint Demo (HKLM-x32\...\Steam App 240570) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Legends of Pegasus (HKLM-x32\...\Steam App 205590) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG MC USB U330 driver (HKLM-x32\...\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}) (Version: 1.0.0.0000 - LG Electronics)
LG PC Suite III (HKLM-x32\...\{C0E18DC4-C74A-4889-AE3A-933471023787}) (Version: 1.0.0.0 - LG Electronics)
LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LOD Tactics DEMO Docs (HKLM-x32\...\LOD Tactics DEMO Docs) (Version:  - 3000AD, Inc.)
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - )
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{9d5299f9-f94e-43ed-9632-a5e045b51f7d}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 11.0.16500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{4167BAA8-EF59-43EB-B354-EC0A86046E6E}) (Version: 12.0.01300 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quantum Conundrum Demo (HKLM-x32\...\Steam App 205700) (Version:  - )
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5930 - Realtek Semiconductor Corp.)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-12BB-4D88-862E-4F1000008500}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
Resident Evil: Operation Raccoon City (x32 Version: 1.0.0003.133 - CAPCOM U.S.A, INC) Hidden
Resident Evil: Operation Raccoon City (x32 Version: 1.0.0004.133 - CAPCOM U.S.A, INC) Hidden
Serena (HKLM-x32\...\Steam App 272060) (Version:  - Senscape)
ShootMania Storm Demo (HKLM-x32\...\Steam App 233050) (Version:  - Nadeo)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - YAGER)
Star Trek: Armada (HKLM-x32\...\Activision_StarTrekArmadaUninstallKey) (Version:  - )
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate™ (HKLM-x32\...\{FA602928-EB59-449c-B9F7-1FBE1291B63D}) (Version: 1.0.0.1 - Electronic Arts)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
The War Z (HKLM-x32\...\Steam App 226700) (Version:  - )
Tiny and Big: Grandpa's Leftovers Demo (HKLM-x32\...\Steam App 214090) (Version:  - )
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-06 11:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03FE260D-E232-4373-88E4-CC17D0B9EF4C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3927348920-2460297857-693750464-1000
Task: {2FB19FD9-A986-45DB-9B3F-3DB11FBA4148} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {48AE9D87-7851-4953-A0C7-F06AB91763B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated)
Task: {8913DFEA-276A-4523-908C-3E27E24C33F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {AA0C6A25-7E3D-4718-A6F9-E30529860B6A} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-29 18:45 - 2013-03-19 07:46 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-11-02 18:51 - 2013-12-06 17:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-18 09:27 - 2009-08-18 09:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-04-02 22:57 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 03:33 - 2009-02-03 03:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 03:55 - 2008-09-29 03:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-03-25 17:07 - 2014-03-25 17:07 - 00137808 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2014-03-25 17:07 - 2014-03-25 17:07 - 00063568 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-08-18 09:31 - 2009-08-18 09:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2011-12-23 15:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-06 19:44 - 2014-03-25 17:07 - 00049744 _____ () C:\Users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:28BF1793
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 08:04:58 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 08:04:20 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 07:45:02 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 07:44:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500932

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1500932

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 10:30:32 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 10:29:54 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 06:20:20 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12f8

Startzeit: 01cf50de310597ce

Endzeit: 0

Anwendungspfad: C:\Users\Florian\Desktop\FRST64.exe

Berichts-ID:


System errors:
=============
Error: (04/06/2014 08:03:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (04/06/2014 08:02:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (04/06/2014 08:02:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (04/06/2014 08:02:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "3" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/06/2014 08:02:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/06/2014 08:02:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "2" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/06/2014 08:02:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (04/06/2014 07:43:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (04/06/2014 07:43:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (04/06/2014 07:43:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (04/06/2014 08:04:58 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 08:04:20 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 07:45:02 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 07:44:22 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500932

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1500932

Error: (04/06/2014 11:08:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 10:30:32 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 10:29:54 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 06:20:20 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.212f801cf50de310597ce0C:\Users\Florian\Desktop\FRST64.exe


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 6007.09 MB
Available physical RAM: 4545.18 MB
Total Pagefile: 12012.37 MB
Available Pagefile: 10384.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.79 GB) (Free:204.73 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.09 GB) (Free:455.74 GB) NTFS
Drive f: (RAWLING4851) (Removable) (Total:1.94 GB) (Free:1.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6FDE8588)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2 GB) (Disk ID: 17D5B79F)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Florian (administrator) on FLORIAN-PC on 06-04-2014 20:08:42
Running from C:\Users\Florian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7.7\ICQ.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-01-23] (ICQ, LLC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB636EEA41F03CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {59710356-9822-4558-AC31-942E028997D8} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {5DA0D90A-594C-46DF-B912-1FC8B8E9506C} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE460
SearchScopes: HKCU - {71A2B107-5184-499C-90D7-699589AEC5DB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={57E92BD0-331E-437B-BEF8-E29252F7FE99}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {DBB111BD-1734-4221-8430-4A00D17BF2B0} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Florian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Florian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [ajmjhoachiphfncjmgaijclfijkpifcf] - C:\ProgramData\SaveAs\ajmjhoachiphfncjmgaijclfijkpifcf.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [nhgmehmmgnelkpigfchhaleajpijljah] - C:\ProgramData\SaveAs\nhgmehmmgnelkpigfchhaleajpijljah.crx [2013-12-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

U5 362425349084fbfd; C:\Windows\System32\Drivers\362425349084fbfd.sys [77776 2014-04-02] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458704 2012-06-02] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983400 2013-04-10] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] ()
R3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] ()
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] ()
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [409624 2009-10-13] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2010-11-20] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1994272 2009-09-02] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-02] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [151920 2012-06-02] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] ()
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] ()
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22576 2009-06-02] ()
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20016 2009-06-02] ()
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60464 2009-06-02] ()
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-20] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-20] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] ()
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1910632 2013-05-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1910632 2013-05-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-20] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [52224 2010-11-20] ()
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343040 2010-11-20] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-20] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] ()
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] ()
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{D368CD8C-4AA3E163-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 19:47 - 2014-04-06 19:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 19:47 - 2014-04-06 19:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 19:47 - 2014-04-06 19:06 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 11:23 - 2014-04-06 11:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 11:09 - 2014-04-06 11:23 - 00000000 ____D () C:\Qoobox
2014-04-06 11:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 11:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 11:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 11:08 - 2014-04-06 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 11:08 - 2014-04-06 10:22 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 16:49 - 2014-04-05 16:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 22:35 - 2014-04-06 20:08 - 00034691 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-04 22:35 - 2014-04-06 20:08 - 00000000 ____D () C:\FRST
2014-04-04 22:35 - 2014-04-04 22:36 - 00034417 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-04 22:35 - 2014-04-04 22:24 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-02-25 11:41 - 00131576 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:43 - 2014-04-02 22:57 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:36 - 2014-04-02 22:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 11:39 - 2014-04-02 11:39 - 00077776 _____ () C:\Windows\system32\Drivers\362425349084fbfd.sys
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2014-04-06 20:08 - 2014-04-04 22:35 - 00034691 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-06 20:08 - 2014-04-04 22:35 - 00000000 ____D () C:\FRST
2014-04-06 20:08 - 2011-11-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-06 20:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 20:03 - 2009-07-14 06:51 - 00102212 _____ () C:\Windows\setupact.log
2014-04-06 19:51 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:51 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:47 - 2014-04-06 19:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 19:47 - 2014-04-06 19:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 19:47 - 2011-11-25 17:26 - 00698124 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 19:47 - 2011-11-25 17:26 - 00148820 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 19:47 - 2009-07-14 07:13 - 01616954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 19:06 - 2014-04-06 19:47 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 11:28 - 2011-11-30 12:15 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job
2014-04-06 11:23 - 2014-04-06 11:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 11:23 - 2014-04-06 11:09 - 00000000 ____D () C:\Qoobox
2014-04-06 11:22 - 2014-04-06 11:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 11:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-06 11:16 - 2009-11-26 19:58 - 01318090 _____ () C:\Windows\PFRO.log
2014-04-06 10:43 - 2012-04-01 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 10:22 - 2014-04-06 11:08 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 16:49 - 2014-04-05 16:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 22:36 - 2014-04-04 22:35 - 00034417 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-04 22:24 - 2014-04-04 22:35 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 23:03 - 2011-11-30 18:40 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\ICQ
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:57 - 2013-08-15 11:04 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:43 - 2014-04-02 22:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 22:43 - 2013-12-06 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 22:43 - 2011-11-25 08:35 - 01432440 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 22:37 - 2012-03-28 11:34 - 00000000 ____D () C:\Users\Florian\Desktop\Tools
2014-04-02 11:39 - 2014-04-02 11:39 - 00077776 _____ () C:\Windows\system32\Drivers\362425349084fbfd.sys
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:40 - 2011-12-25 12:56 - 00000000 ____D () C:\ProgramData\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-04-02 09:51 - 2012-04-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-02 09:51 - 2012-04-01 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-02 09:51 - 2011-12-01 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-02 09:41 - 2012-02-16 13:22 - 00000000 ____D () C:\Users\Florian\Desktop\Musicloaded
2014-03-17 18:32 - 2011-11-30 12:17 - 00002372 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-07 22:35 - 2012-03-01 15:25 - 00000000 ____D () C:\ProgramData\Origin
2014-03-07 22:34 - 2012-03-01 15:25 - 00000000 ____D () C:\Program Files (x86)\Origin

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-07-12 10:45] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2012-09-14 10:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Bootsektor · 06.04.2014, 22:11

Hallo flof1ghter,

wir müssen da noch mal anders ran.

Schritt 1
Lade dir bitte von hier den Necurs cleaner herunter, speichere ihn auf deinem Desktop, starte ihn, akzeptiere die Lizenzbestimmungen und lasse ihn suchen, drücke "Y" wenn du gefragt wirst: Do you want to remove the rootkit
Wenn der Cleaner einen Neustart verlangt, lasse diesen bitte zu.

Der Cleaner erstellt eine Logfile auf deinem Desktop (oder in dem Ordner aus dem er lief) ESETNecursCLeaner.exe[Datum,Version], poste mir dieses bitte hier.

flof1ghter · 07.04.2014, 18:59

Hallo Sandra,
ich habe das Programm ausgeführt. Hat aber glaube ich nicht richtig funktioniert.
Als ich das Programm startete kam die Nachfrage der Lizenz zuzustimmen und ich klickte akzeptieren. Dann startete das Programm und zeigte drei Meldungen an:
1. Scanning for System infection ...
2. Threat Not Found
3. You don`t have Win/Necurs in your System. (Press any Key)

Außerdem wurde besagte Logdatei erstellt.

Code:

ATTFilter

[2014.04.07 19:34:04.413] - 
[2014.04.07 19:34:04.413] -     ....................................
[2014.04.07 19:34:04.413] -   ..::::::::::::::::::....................
[2014.04.07 19:34:04.413] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Necurs
[2014.04.07 19:34:04.413] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 2.1.0.1
[2014.04.07 19:34:04.413] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Sep 17 2013
[2014.04.07 19:34:04.413] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.04.07 19:34:04.413] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright (c) ESET, spol. s r.o.
[2014.04.07 19:34:04.413] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.04.07 19:34:04.413] -     ....................................
[2014.04.07 19:34:04.413] - 
[2014.04.07 19:34:04.413] - --------------------------------------------------------------------------------
[2014.04.07 19:34:04.413] - 
[2014.04.07 19:34:04.429] - INFO: OS: 6.1.7601 SP1
[2014.04.07 19:34:04.429] - INFO: Product Type: Workstation
[2014.04.07 19:34:04.429] - INFO: WoW64: True
[2014.04.07 19:34:04.429] - INFO: Machine guid: 31F5510A-DB33-4961-A004-E0DB3A7B69FC 
[2014.04.07 19:34:04.429] - 
[2014.04.07 19:34:04.429] - INFO: Scanning for system infection...
[2014.04.07 19:34:04.429] - --------------------------------------------------------------------------------
[2014.04.07 19:34:04.429] - 
[2014.04.07 19:34:04.429] - INFO: Found suspicious service - 362425349084fbfd
[2014.04.07 19:34:04.491] - INFO: DT08... - 2
[2014.04.07 19:34:04.507] - INFO: DT01...
[2014.04.07 19:34:04.507] - INFO: Win32/Necurs not found

Keine Ahnung was da falsch lief.

Gruß
flof1ghter

Bootsektor · 07.04.2014, 22:25

Hallo flof1ghter,

Ok, dann machen wir das komplett anders, dazu brauchst du einen USB-Stick und musst deinen Computer im Recovery Modus.

Schritt 1
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu und starte von der CD.
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

flof1ghter · 08.04.2014, 15:54

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by SYSTEM on MININT-UUFIQ3V on 08-04-2014 16:37:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Florian\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\Florian\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-01-23] (ICQ, LLC.)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

S0 362425349084fbfd; C:\Windows\System32\Drivers\362425349084fbfd.sys [77776 2014-04-02] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-28] (LG Electronics Inc.)
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-28] (LG Electronics Inc.)
S3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-28] (LG Electronics Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{D368CD8C-4AA3E163-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 09:34 - 2014-04-07 09:35 - 00021038 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.zip
2014-04-07 09:34 - 2014-04-07 09:35 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.log
2014-04-07 09:33 - 2014-04-07 09:33 - 00021036 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193347.3492.zip
2014-04-07 09:32 - 2014-04-07 09:33 - 00021039 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.zip
2014-04-07 09:32 - 2014-04-07 09:33 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.log
2014-04-07 09:31 - 2014-04-07 09:32 - 00021052 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193157.4348.zip
2014-04-07 09:31 - 2014-04-07 04:27 - 00251584 _____ (ESET) C:\Users\Florian\Desktop\ESETNecursCleaner.exe
2014-04-06 09:47 - 2014-04-06 09:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 09:47 - 2014-04-06 09:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 09:47 - 2014-04-06 09:06 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 01:23 - 2014-04-06 01:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 01:09 - 2014-04-06 01:23 - 00000000 ____D () C:\Qoobox
2014-04-06 01:09 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 01:09 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 01:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 01:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 01:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 01:09 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 01:09 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 01:09 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 01:08 - 2014-04-06 01:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 01:08 - 2014-04-06 00:22 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 06:49 - 2014-04-05 06:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 12:35 - 2014-04-08 16:37 - 00000000 ____D () C:\FRST
2014-04-04 12:35 - 2014-04-06 10:09 - 00044962 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-04 12:35 - 2014-04-06 10:09 - 00034600 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-04 12:35 - 2014-04-04 12:24 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 01:39 - 2014-04-03 01:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 12:58 - 2014-04-02 12:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 12:57 - 2014-02-25 01:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2014-04-02 12:57 - 2014-02-25 01:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2014-04-02 12:57 - 2014-02-25 01:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2014-04-02 12:49 - 2014-04-02 12:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 12:49 - 2013-04-04 04:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-02 12:43 - 2014-04-02 12:57 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 12:36 - 2014-04-02 12:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 01:39 - 2014-04-02 01:39 - 00077776 _____ () C:\Windows\System32\Drivers\362425349084fbfd.sys
2014-04-02 00:40 - 2014-04-02 00:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 00:40 - 2014-04-02 00:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 00:39 - 2014-04-02 00:39 - 00000000 ____D () C:\Program Files\WinZip
2014-03-17 08:20 - 2014-03-17 08:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2014-04-08 16:37 - 2014-04-04 12:35 - 00000000 ____D () C:\FRST
2014-04-08 06:33 - 2011-11-30 02:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 06:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 06:31 - 2009-07-13 20:51 - 00102828 _____ () C:\Windows\setupact.log
2014-04-07 09:35 - 2014-04-07 09:34 - 00021038 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.zip
2014-04-07 09:35 - 2014-04-07 09:34 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.log
2014-04-07 09:35 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 09:35 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 09:33 - 2014-04-07 09:33 - 00021036 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193347.3492.zip
2014-04-07 09:33 - 2014-04-07 09:32 - 00021039 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.zip
2014-04-07 09:33 - 2014-04-07 09:32 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.log
2014-04-07 09:33 - 2011-11-25 07:26 - 00698124 _____ () C:\Windows\System32\perfh007.dat
2014-04-07 09:33 - 2011-11-25 07:26 - 00148820 _____ () C:\Windows\System32\perfc007.dat
2014-04-07 09:33 - 2009-07-13 21:13 - 01616954 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-07 09:32 - 2014-04-07 09:31 - 00021052 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193157.4348.zip
2014-04-07 04:27 - 2014-04-07 09:31 - 00251584 _____ (ESET) C:\Users\Florian\Desktop\ESETNecursCleaner.exe
2014-04-06 10:09 - 2014-04-04 12:35 - 00044962 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-06 10:09 - 2014-04-04 12:35 - 00034600 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-06 09:47 - 2014-04-06 09:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 09:47 - 2014-04-06 09:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 09:06 - 2014-04-06 09:47 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 01:28 - 2011-11-30 02:15 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job
2014-04-06 01:23 - 2014-04-06 01:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 01:23 - 2014-04-06 01:09 - 00000000 ____D () C:\Qoobox
2014-04-06 01:22 - 2014-04-06 01:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 01:19 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-06 01:16 - 2009-11-26 09:58 - 01318090 _____ () C:\Windows\PFRO.log
2014-04-06 00:43 - 2012-04-01 06:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 00:22 - 2014-04-06 01:08 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 06:49 - 2014-04-05 06:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 12:24 - 2014-04-04 12:35 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 01:39 - 2014-04-03 01:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 13:03 - 2011-11-30 08:40 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\ICQ
2014-04-02 12:58 - 2014-04-02 12:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 12:57 - 2014-04-02 12:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 12:57 - 2013-08-15 01:04 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 12:49 - 2014-04-02 12:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 12:49 - 2014-04-02 12:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 12:43 - 2014-04-02 12:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 12:43 - 2013-12-06 07:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 12:43 - 2011-11-24 22:35 - 01432440 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 12:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-02 12:37 - 2012-03-28 01:34 - 00000000 ____D () C:\Users\Florian\Desktop\Tools
2014-04-02 01:39 - 2014-04-02 01:39 - 00077776 _____ () C:\Windows\System32\Drivers\362425349084fbfd.sys
2014-04-02 00:40 - 2014-04-02 00:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 00:40 - 2014-04-02 00:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 00:40 - 2011-12-25 02:56 - 00000000 ____D () C:\ProgramData\WinZip
2014-04-02 00:39 - 2014-04-02 00:39 - 00000000 ____D () C:\Program Files\WinZip
2014-04-01 23:51 - 2012-04-01 06:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-01 23:51 - 2012-04-01 06:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-01 23:51 - 2011-12-01 07:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-01 23:41 - 2012-02-16 03:22 - 00000000 ____D () C:\Users\Florian\Desktop\Musicloaded
2014-03-17 08:32 - 2011-11-30 02:17 - 00002372 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-03-17 08:20 - 2014-03-17 08:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 08:20 - 2014-03-17 08:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-23 08:16:46
Restore point made on: 2014-01-23 08:17:40
Restore point made on: 2014-01-23 08:19:14
Restore point made on: 2014-01-31 02:35:49
Restore point made on: 2014-02-23 06:22:17
Restore point made on: 2014-02-23 06:22:59
Restore point made on: 2014-02-28 04:01:43
Restore point made on: 2014-04-02 00:38:23
Restore point made on: 2014-04-02 00:39:46
Restore point made on: 2014-04-02 01:38:15
Restore point made on: 2014-04-06 01:09:24

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 6007.09 MB
Available physical RAM: 5185.38 MB
Total Pagefile: 6005.24 MB
Available Pagefile: 5176.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.79 GB) (Free:204.24 GB) NTFS
Drive e: (DATA) (Fixed) (Total:456.09 GB) (Free:455.74 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:7.58 GB) NTFS
Drive h: (RAWLING4851) (Removable) (Total:1.94 GB) (Free:1.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6FDE8588)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 17D5B79F)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2012-09-14 00:43

==================== End Of Log ============================

--- --- ---

Bootsektor · 08.04.2014, 20:22

Hallo flof1ghter,

vielen Dank

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S0 362425349084fbfd; C:\Windows\System32\Drivers\362425349084fbfd.sys [77776 2014-04-02] () <===== ATTENTION Necurs Rootkit?
C:\Windows\System32\Drivers\362425349084fbfd.sys 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2
Mache danach bitte ein erneutes Log von FRST im Normalmodus
Mache

flof1ghter · 09.04.2014, 14:45

Hey Sandra, verschwindet die Fixlist.txt vom Stick nach Schritt 1??

Code:

ATTFilter

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SYSTEM at 2014-04-09 15:18:57 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
S0 362425349084fbfd; C:\Windows\System32\Drivers\362425349084fbfd.sys [77776 2014-04-02] () <===== ATTENTION Necurs Rootkit?
C:\Windows\System32\Drivers\362425349084fbfd.sys 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
         
*****************

362425349084fbfd => Service deleted successfully.
C:\Windows\System32\Drivers\362425349084fbfd.sys => Moved successfully.

Der Vorgang wurde erfolgreich beendet.

==== End of Fixlog ====

--

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Florian (administrator) on FLORIAN-PC on 09-04-2014 15:27:43
Running from C:\Users\Florian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3927348920-2460297857-693750464-1000\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-01-23] (ICQ, LLC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB636EEA41F03CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {59710356-9822-4558-AC31-942E028997D8} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {5DA0D90A-594C-46DF-B912-1FC8B8E9506C} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE460
SearchScopes: HKCU - {71A2B107-5184-499C-90D7-699589AEC5DB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={57E92BD0-331E-437B-BEF8-E29252F7FE99}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {DBB111BD-1734-4221-8430-4A00D17BF2B0} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Florian\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Florian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Florian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [ajmjhoachiphfncjmgaijclfijkpifcf] - C:\ProgramData\SaveAs\ajmjhoachiphfncjmgaijclfijkpifcf.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [nhgmehmmgnelkpigfchhaleajpijljah] - C:\ProgramData\SaveAs\nhgmehmmgnelkpigfchhaleajpijljah.crx [2013-12-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{D368CD8C-4AA3E163-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\bixmzz_0veb0\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 19:34 - 2014-04-07 19:35 - 00021038 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.zip
2014-04-07 19:34 - 2014-04-07 19:35 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.log
2014-04-07 19:33 - 2014-04-07 19:33 - 00021036 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193347.3492.zip
2014-04-07 19:32 - 2014-04-07 19:33 - 00021039 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.zip
2014-04-07 19:32 - 2014-04-07 19:33 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.log
2014-04-07 19:31 - 2014-04-07 19:32 - 00021052 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193157.4348.zip
2014-04-07 19:31 - 2014-04-07 14:27 - 00251584 _____ (ESET) C:\Users\Florian\Desktop\ESETNecursCleaner.exe
2014-04-06 19:47 - 2014-04-06 19:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 19:47 - 2014-04-06 19:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 19:47 - 2014-04-06 19:06 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 11:23 - 2014-04-06 11:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 11:09 - 2014-04-06 11:23 - 00000000 ____D () C:\Qoobox
2014-04-06 11:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 11:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 11:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 11:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 11:08 - 2014-04-06 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 11:08 - 2014-04-06 10:22 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 16:49 - 2014-04-05 16:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 22:35 - 2014-04-09 15:27 - 00019170 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-04 22:35 - 2014-04-09 15:27 - 00000000 ____D () C:\FRST
2014-04-04 22:35 - 2014-04-06 20:09 - 00034600 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-04 22:35 - 2014-04-04 22:24 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 22:57 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:43 - 2014-04-02 22:57 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:36 - 2014-04-02 22:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2014-04-09 15:28 - 2014-04-04 22:35 - 00019170 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-04-09 15:28 - 2011-11-30 12:15 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000UA.job
2014-04-09 15:28 - 2011-11-30 12:15 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927348920-2460297857-693750464-1000Core.job
2014-04-09 15:27 - 2014-04-04 22:35 - 00000000 ____D () C:\FRST
2014-04-09 15:27 - 2011-11-25 17:26 - 00698124 _____ () C:\Windows\system32\perfh007.dat
2014-04-09 15:27 - 2011-11-25 17:26 - 00148820 _____ () C:\Windows\system32\perfc007.dat
2014-04-09 15:27 - 2009-07-14 07:13 - 01616954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 15:26 - 2011-11-30 12:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-09 15:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 15:19 - 2009-07-14 06:51 - 00102884 _____ () C:\Windows\setupact.log
2014-04-07 19:35 - 2014-04-07 19:34 - 00021038 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.zip
2014-04-07 19:35 - 2014-04-07 19:34 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193404.3364.log
2014-04-07 19:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 19:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 19:33 - 2014-04-07 19:33 - 00021036 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193347.3492.zip
2014-04-07 19:33 - 2014-04-07 19:32 - 00021039 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.zip
2014-04-07 19:33 - 2014-04-07 19:32 - 00003950 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193219.4388.log
2014-04-07 19:32 - 2014-04-07 19:31 - 00021052 _____ () C:\Users\Florian\Desktop\ESETNecursCleaner.exe_20140407.193157.4348.zip
2014-04-07 14:27 - 2014-04-07 19:31 - 00251584 _____ (ESET) C:\Users\Florian\Desktop\ESETNecursCleaner.exe
2014-04-06 20:09 - 2014-04-04 22:35 - 00034600 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-04-06 19:47 - 2014-04-06 19:47 - 00002833 _____ () C:\Users\Florian\Desktop\FSS.txt
2014-04-06 19:47 - 2014-04-06 19:47 - 00000623 _____ () C:\Users\Florian\Desktop\ComboFix - Verknüpfung.lnk
2014-04-06 19:06 - 2014-04-06 19:47 - 00409600 _____ (Farbar) C:\Users\Florian\Desktop\FSS.exe
2014-04-06 11:23 - 2014-04-06 11:23 - 00021147 _____ () C:\ComboFix.txt
2014-04-06 11:23 - 2014-04-06 11:09 - 00000000 ____D () C:\Qoobox
2014-04-06 11:22 - 2014-04-06 11:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 11:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-06 11:16 - 2009-11-26 19:58 - 01318090 _____ () C:\Windows\PFRO.log
2014-04-06 10:43 - 2012-04-01 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 10:22 - 2014-04-06 11:08 - 05193579 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-04-05 16:49 - 2014-04-05 16:49 - 00000210 _____ () C:\Users\Florian\Desktop\Search.txt
2014-04-04 22:24 - 2014-04-04 22:35 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-04-03 11:39 - 2014-04-03 11:39 - 00004434 _____ () C:\Users\Florian\Desktop\ReportZero.txt
2014-04-02 23:03 - 2011-11-30 18:40 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\ICQ
2014-04-02 22:58 - 2014-04-02 22:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-04-02 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:57 - 2013-08-15 11:04 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 22:49 - 2014-04-02 22:49 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 22:49 - 2014-04-02 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 22:43 - 2014-04-02 22:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-02 22:43 - 2013-12-06 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 22:43 - 2011-11-25 08:35 - 01461797 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 22:37 - 2012-03-28 11:34 - 00000000 ____D () C:\Users\Florian\Desktop\Tools
2014-04-02 10:40 - 2014-04-02 10:40 - 00002193 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-04-02 10:40 - 2014-04-02 10:40 - 00000000 ____D () C:\Users\Florian\AppData\Local\WinZip
2014-04-02 10:40 - 2011-12-25 12:56 - 00000000 ____D () C:\ProgramData\WinZip
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Program Files\WinZip
2014-04-02 09:51 - 2012-04-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-02 09:51 - 2012-04-01 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-02 09:51 - 2011-12-01 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-02 09:41 - 2012-02-16 13:22 - 00000000 ____D () C:\Users\Florian\Desktop\Musicloaded
2014-03-17 18:32 - 2011-11-30 12:17 - 00002372 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 18:20 - 2014-03-17 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-09-14 10:43

==================== End Of Log ============================

--- --- ---