Hiho,
meine Nachbarin hat sich den guten alten Interpol Trojaner eingefangen
hier die logs vom frst check
Danke schonmal im vorraus

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by SYSTEM on MINWINPC on 10-04-2014 06:17:19
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\Melzer\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Melzer\...\Policies\system: [DisableLockWorkstation] 0
HKU\Melzer\...\Policies\system: [DisableChangePassword] 0
HKU\Melzer\...\Policies\system: [LogonHoursAction] 2
HKU\Melzer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Melzer\...\Policies\Explorer: [NoLogoff] 0
Startup: C:\Users\Melzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kowodmqlf.lnk
ShortcutTarget: kowodmqlf.lnk -> C:\ProgramData\2992199F9A\flqmdowok.cpp (Grolsch Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1028904 2013-04-05] (iolo technologies, LLC)
S2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S4 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~2\Internet.exe [X]

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-22] (Avira Operations GmbH & Co. KG)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-04-05] (EldoS Corporation)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-04-05] (Raxco Software, Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-22] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S3 NVHDA; system32\drivers\nvhda32v.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 06:17 - 2014-04-10 06:17 - 00000000 ____D () C:\FRST
2014-04-09 13:54 - 2014-04-10 03:49 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 13:54 - 2014-04-09 13:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 13:54 - 2014-04-09 13:54 - 00000986 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk
2014-04-09 13:54 - 2014-04-09 13:54 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-09 13:54 - 2013-03-15 16:01 - 00016384 _____ () C:\Windows\System32\wsusnative32.exe
2014-04-08 18:45 - 2014-04-10 04:52 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-03-15 03:16 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-15 03:16 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-15 03:16 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-15 03:16 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-15 03:16 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-15 03:16 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-15 03:16 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-15 03:16 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-15 03:16 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-15 03:16 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-15 03:16 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-15 03:16 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-15 03:16 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-15 03:16 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-15 03:16 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-15 03:16 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-14 03:38 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-14 03:38 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-14 03:38 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-14 03:37 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

==================== One Month Modified Files and Folders =======

2014-04-10 06:17 - 2014-04-10 06:17 - 00000000 ____D () C:\FRST
2014-04-10 04:57 - 2010-12-25 16:31 - 01532793 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 04:52 - 2014-04-08 18:45 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-10 04:52 - 2006-11-02 13:47 - 00311720 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-04-10 04:51 - 2013-11-28 19:05 - 00048414 _____ () C:\ProgramData\nvModes.dat
2014-04-10 04:51 - 2013-11-28 19:05 - 00048414 _____ () C:\ProgramData\nvModes.001
2014-04-10 04:51 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 04:51 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 03:49 - 2014-04-09 13:54 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-10 03:49 - 2014-04-09 13:54 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 13:54 - 2014-04-09 13:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 13:54 - 2014-04-09 13:54 - 00000986 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk
2014-04-08 22:08 - 2013-10-26 02:24 - 00325308 _____ () C:\Windows\PFRO.log
2014-04-08 22:01 - 2011-01-01 18:31 - 00008268 _____ () C:\Users\Melzer\AppData\Local\d3d9caps.dat
2014-04-08 21:53 - 2012-05-13 15:25 - 00000000 ____D () C:\Users\Melzer\AppData\Roaming\WildTangent
2014-04-08 21:53 - 2008-10-27 08:41 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-19 03:20 - 2013-08-16 02:33 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 03:16 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-15 03:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-15 03:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\de-DE

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8f194bdc553c72887cc7cb497d2048dc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1761348043-3022951597-3060735382-1000\$8f194bdc553c72887cc7cb497d2048dc

Files to move or delete:
====================
C:\Users\Melzer\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Melzer\AppData\Local\Temp\avgnt.exe
C:\Users\Melzer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Melzer\AppData\Local\Temp\FileSystemView.dll
C:\Users\Melzer\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Melzer\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Melzer\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Melzer\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Melzer\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melzer\AppData\Local\Temp\HPQSi.exe
C:\Users\Melzer\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Melzer\AppData\Local\Temp\ndyuq_qg.dll
C:\Users\Melzer\AppData\Local\Temp\oi_{DCE5BC09-9F7C-4539-B324-FBB59591C17C}.exe
C:\Users\Melzer\AppData\Local\Temp\setup.exe
C:\Users\Melzer\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Melzer\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Melzer\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Melzer\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Melzer\AppData\Local\Temp\_is63B5.exe
C:\Users\Melzer\AppData\Local\Temp\_is9E52.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-23 14:46:00
Restore point made on: 2014-02-26 03:38:06
Restore point made on: 2014-02-28 03:00:47
Restore point made on: 2014-03-15 03:13:58
Restore point made on: 2014-03-19 03:16:05
Restore point made on: 2014-04-08 22:55:52

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4062.26 MB
Available physical RAM: 3493.7 MB
Total Pagefile: 3746.93 MB
Available Pagefile: 3545.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.55 GB) (Free:197.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (STORE N GO) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7B2D0067)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 983 MB) (Disk ID: A9E1B5E3)

Partition: GPT Partition Type.


LastRegBack: 2014-04-10 04:59

==================== End Of Log ============================
         

zum verständnis ist die skype.ini befallen?

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld

Hallo IIluminat und


Ich werde dir bei der Bereinigung des Computers helfen.

• Arbeite meine Anleitungen nacheinander ab.
• Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
• Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Entfernen wir erstmal den BKA-Trojaner. Danach schauen wir weiter.

Schritt 1

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

Startup: C:\Users\Melzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kowodmqlf.lnk
ShortcutTarget: kowodmqlf.lnk -> C:\ProgramData\2992199F9A\flqmdowok.cpp (Grolsch Corporation)
S2 Winmgmt; C:\PROGRA~2\Internet.exe [X]
2014-04-08 18:45 - 2014-04-10 04:52 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\Users\Melzer\AppData\Roaming\skype.ini
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Wenn der Computer wieder normal startet, mache bitte so weiter:

Schritt 2

Verschiebe FRST vom USB-Stick auf den Desktop.

• Starte dann FRST.
• Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
• Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Soooo hier die beiden Logs ...geht schon alle wieder ! Sehr gut vielen dank für die schnelle und vorallem erfolgreiche Hilfe


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Melzer (administrator) on UWE-PC on 10-04-2014 09:17:20
Running from C:\Users\Melzer\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\MountPoints2: {74104cfd-103f-11e0-bec3-001f1664c161} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
SearchScopes: HKLM - {24A2BADF-9E11-4A1E-84D6-65102D928A70} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm080^YYA^de&si=CLGjlqnAqroCFQhc3godzAUAkg&ptb=ECD46A5E-40DF-4414-91F1-EE7486F00670&ind=2013102209&n=77fd8081&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {028B9A9A-2308-4066-9803-D9780E3724D1} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=&itbv=12.6.0.1898&o=APN11074&tpid=AVIRA-V7&apn_uid=1074AB1F-98FA-4AAF-969E-586063868482&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&apn_dbr=ie_9.0.8112.16520&doi=2013-11-30&trgb=ALL&q={searchTerms}&psv=
SearchScopes: HKCU - {2027DF7D-A592-411F-A181-940FE7C5CBBB} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {24A2BADF-9E11-4A1E-84D6-65102D928A70} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {3D9E0606-4AC9-408E-AD8E-1AEFC7A912C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {47672D10-4B07-4FC9-9D3A-DB38747861D0} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {5BA4C7E2-911A-4D36-A70A-0385E6087D42} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {9637C18C-3F1B-435B-920E-EF08B9460188} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80742&iwk=278&lng=de
SearchScopes: HKCU - {E53CCC09-59A7-4A35-A30C-5DB428C5CCBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [51656 2010-12-26] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 33 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1028904 2013-04-05] (iolo technologies, LLC)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S4 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-22] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-04-05] (EldoS Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-04-05] (Raxco Software, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-22] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S3 NVHDA; system32\drivers\nvhda32v.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 13:00 - 2014-04-10 12:58 - 01145856 _____ (Farbar) C:\Users\Melzer\Desktop\FRST.exe
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 09:00 - 2014-04-10 09:01 - 00024965 _____ () C:\Users\Melzer\Desktop\Addition.txt
2014-04-10 08:58 - 2014-04-10 09:17 - 00014279 _____ () C:\Users\Melzer\Desktop\FRST.txt
2014-04-10 07:17 - 2014-04-10 09:17 - 00000000 ____D () C:\FRST
2014-04-09 14:54 - 2014-04-10 04:49 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-09 14:54 - 2014-04-10 04:49 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 14:54 - 2014-04-09 14:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 14:54 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-03-15 04:16 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 04:16 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 04:16 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 04:16 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 04:16 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 04:16 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 04:16 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-15 04:16 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 04:16 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-15 04:16 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 04:16 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-15 04:16 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 04:38 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 04:38 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 04:38 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 04:37 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

2014-04-10 12:58 - 2014-04-10 13:00 - 01145856 _____ (Farbar) C:\Users\Melzer\Desktop\FRST.exe
2014-04-10 09:17 - 2014-04-10 08:58 - 00014279 _____ () C:\Users\Melzer\Desktop\FRST.txt
2014-04-10 09:17 - 2014-04-10 07:17 - 00000000 ____D () C:\FRST
2014-04-10 09:12 - 2008-10-27 17:25 - 00000000 ____D () C:\Windows\panther
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 09:01 - 2014-04-10 09:00 - 00024965 _____ () C:\Users\Melzer\Desktop\Addition.txt
2014-04-10 09:01 - 2010-12-25 17:31 - 01549379 ____N () C:\Windows\WindowsUpdate.log
2014-04-10 08:58 - 2006-11-02 12:33 - 01641918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 08:54 - 2014-02-03 05:56 - 00000680 __RSH () C:\Users\Melzer\ntuser.pol
2014-04-10 08:54 - 2010-12-25 17:58 - 00000000 ____D () C:\Users\Melzer
2014-04-10 08:53 - 2013-11-28 20:05 - 00048414 _____ () C:\ProgramData\nvModes.dat
2014-04-10 08:53 - 2013-11-28 20:05 - 00048414 _____ () C:\ProgramData\nvModes.001
2014-04-10 08:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 08:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 08:52 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 05:52 - 2006-11-02 14:47 - 00311720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 04:49 - 2014-04-09 14:54 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-10 04:49 - 2014-04-09 14:54 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 14:54 - 2014-04-09 14:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 12:23 - 2013-09-25 03:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 22:53 - 2012-05-13 16:25 - 00000000 ____D () C:\Users\Melzer\AppData\Roaming\WildTangent
2014-04-08 22:53 - 2008-10-27 09:41 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-08 19:57 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-19 04:20 - 2013-08-16 03:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 04:16 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-15 04:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-15 04:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1761348043-3022951597-3060735382-1000\$8f194bdc553c72887cc7cb497d2048dc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8f194bdc553c72887cc7cb497d2048dc

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 09:02

==================== End Of Log ============================
         

--- --- ---
FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Melzer at 2014-04-10 09:17:42
Running from C:\Users\Melzer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 9.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.26.0 - Ask.com) <==== ATTENTION
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1898 - APN, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Handbuch (HKLM\...\EPSON SX420W Series Manual) (Version:  - )
EPSON SX420W Series Netzwerk-Handbuch (HKLM\...\EPSON SX420W Series Network Guide) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Gedächtnisrallye (HKLM\...\{2E016D9C-0876-4660-98E0-03BC07B4FFCD}) (Version: 1.00.0000 - Your Company Name)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 11.1.6 - iolo technologies, LLC)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Magic Desktop (HKLM\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.27 - iolo technologies, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.0.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)

==================== Restore Points  =========================

23-02-2014 13:45:49 Geplanter Prüfpunkt
26-02-2014 02:37:13 Windows Update
28-02-2014 02:00:11 Windows Update
15-03-2014 02:13:09 Windows Update
19-03-2014 02:15:13 Windows Update
08-04-2014 21:55:42 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03324A8F-DD21-4A27-B589-46AD5291ABB0} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-01-04] ()
Task: {03E85E83-26A7-4B0B-B636-36BA0BEA43BD} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {489D8619-0B1A-47B4-9FEA-74753F82A981} - System32\Tasks\Microsoft\Windows\RestartManager\{12B9DC2D-D1D2-40ba-833F-ED5D378981E1} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6543BB1D-9237-4C88-9197-5D09B4E7393F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9A0DF427-6CBC-4D8E-B15F-FA7C555CC624} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31] (Adobe Systems Incorporated)
Task: {BABDC2A3-F0A3-442D-8573-DE09E01AAE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {BE9199EB-4B3B-4EA3-883C-D4CF0E693D10} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-30 06:50 - 2013-11-22 13:01 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-27 10:39 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2008-10-27 10:39 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2010-12-25 17:44 - 2008-09-23 18:21 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 08:53:12 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x814, Anwendungsstartzeit avgui.exe0.

Error: (04/10/2014 05:51:48 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xa3c, Anwendungsstartzeit avgui.exe0.

Error: (04/10/2014 04:51:17 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xb14, Anwendungsstartzeit avgui.exe0.

Error: (04/09/2014 02:38:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/09/2014 02:36:18 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x850, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 11:09:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xb1c, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 11:01:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:58:37 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xae4, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 10:51:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:47:55 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x924, Anwendungsstartzeit avgui.exe0.


System errors:
=============
Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker EPSON SX420W Series nicht unter dem Namen EPSON SX420W Series freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker Lexmark Z23/Z33 Color Jetprinter nicht unter dem Namen Lexmark Z23 Z33 Color Jetprinter freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker Lexmark Z23/Z33 Color Jetprinter(2) nicht unter dem Namen Lexmark Z23 Z33 Color Jetprinter(2) freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog%%1053

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: 30000AVG WatchDog

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent%%1053

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: 30000AVGIDSAgent


Microsoft Office Sessions:
=========================
Error: (04/10/2014 08:53:12 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d81401cf54898637f299

Error: (04/10/2014 05:51:48 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5da3c01cf54702d09f53b

Error: (04/10/2014 04:51:17 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5db1401cf5467baa1af0b

Error: (04/09/2014 02:38:41 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/09/2014 02:36:18 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d85001cf53f04695e435

Error: (04/08/2014 11:09:00 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5db1c01cf536ebb9d1960

Error: (04/08/2014 11:01:31 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:58:37 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5dae401cf536d4a0010b2

Error: (04/08/2014 10:51:41 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:47:55 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d92401cf536bc8f9e651


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 09:17:24.019
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.691
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.036
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:31.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:31.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:30.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:29.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 17:36:15.296
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SET2CB.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 17:36:15.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SET2CB.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3038.26 MB
Available physical RAM: 1968.37 MB
Total Pagefile: 6314.79 MB
Available Pagefile: 5125.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.55 GB) (Free:200.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (STORE N GO) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7B2D0067)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 983 MB) (Disk ID: A9E1B5E3)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Mach wie in Schritt 2 beschrieben bitte ein neues Log aus dem normalen Modus.

sorry habe zuerst die falsche log gepostet

Poste das Log als eigene Antwort.

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Melzer (administrator) on UWE-PC on 10-04-2014 09:17:20
Running from C:\Users\Melzer\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1761348043-3022951597-3060735382-1000\...\MountPoints2: {74104cfd-103f-11e0-bec3-001f1664c161} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
SearchScopes: HKLM - {24A2BADF-9E11-4A1E-84D6-65102D928A70} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm080^YYA^de&si=CLGjlqnAqroCFQhc3godzAUAkg&ptb=ECD46A5E-40DF-4414-91F1-EE7486F00670&ind=2013102209&n=77fd8081&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {028B9A9A-2308-4066-9803-D9780E3724D1} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=&itbv=12.6.0.1898&o=APN11074&tpid=AVIRA-V7&apn_uid=1074AB1F-98FA-4AAF-969E-586063868482&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&apn_dbr=ie_9.0.8112.16520&doi=2013-11-30&trgb=ALL&q={searchTerms}&psv=
SearchScopes: HKCU - {2027DF7D-A592-411F-A181-940FE7C5CBBB} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {24A2BADF-9E11-4A1E-84D6-65102D928A70} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {3D9E0606-4AC9-408E-AD8E-1AEFC7A912C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {47672D10-4B07-4FC9-9D3A-DB38747861D0} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {5BA4C7E2-911A-4D36-A70A-0385E6087D42} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {9637C18C-3F1B-435B-920E-EF08B9460188} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80742&iwk=278&lng=de
SearchScopes: HKCU - {E53CCC09-59A7-4A35-A30C-5DB428C5CCBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [51656 2010-12-26] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 33 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1028904 2013-04-05] (iolo technologies, LLC)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S4 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-22] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-04-05] (EldoS Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-04-05] (Raxco Software, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-22] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S3 NVHDA; system32\drivers\nvhda32v.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 13:00 - 2014-04-10 12:58 - 01145856 _____ (Farbar) C:\Users\Melzer\Desktop\FRST.exe
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 09:00 - 2014-04-10 09:01 - 00024965 _____ () C:\Users\Melzer\Desktop\Addition.txt
2014-04-10 08:58 - 2014-04-10 09:17 - 00014279 _____ () C:\Users\Melzer\Desktop\FRST.txt
2014-04-10 07:17 - 2014-04-10 09:17 - 00000000 ____D () C:\FRST
2014-04-09 14:54 - 2014-04-10 04:49 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-09 14:54 - 2014-04-10 04:49 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 14:54 - 2014-04-09 14:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 14:54 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-03-15 04:16 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 04:16 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 04:16 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 04:16 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 04:16 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 04:16 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 04:16 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-15 04:16 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 04:16 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 04:16 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-15 04:16 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 04:16 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-15 04:16 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 04:38 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 04:38 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 04:38 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 04:37 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

2014-04-10 12:58 - 2014-04-10 13:00 - 01145856 _____ (Farbar) C:\Users\Melzer\Desktop\FRST.exe
2014-04-10 09:17 - 2014-04-10 08:58 - 00014279 _____ () C:\Users\Melzer\Desktop\FRST.txt
2014-04-10 09:17 - 2014-04-10 07:17 - 00000000 ____D () C:\FRST
2014-04-10 09:12 - 2008-10-27 17:25 - 00000000 ____D () C:\Windows\panther
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 09:01 - 2014-04-10 09:00 - 00024965 _____ () C:\Users\Melzer\Desktop\Addition.txt
2014-04-10 09:01 - 2010-12-25 17:31 - 01549379 ____N () C:\Windows\WindowsUpdate.log
2014-04-10 08:58 - 2006-11-02 12:33 - 01641918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 08:54 - 2014-02-03 05:56 - 00000680 __RSH () C:\Users\Melzer\ntuser.pol
2014-04-10 08:54 - 2010-12-25 17:58 - 00000000 ____D () C:\Users\Melzer
2014-04-10 08:53 - 2013-11-28 20:05 - 00048414 _____ () C:\ProgramData\nvModes.dat
2014-04-10 08:53 - 2013-11-28 20:05 - 00048414 _____ () C:\ProgramData\nvModes.001
2014-04-10 08:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 08:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 08:52 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 05:52 - 2006-11-02 14:47 - 00311720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 04:49 - 2014-04-09 14:54 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-10 04:49 - 2014-04-09 14:54 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-09 14:54 - 2014-04-09 14:54 - 00000986 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-09 12:23 - 2013-09-25 03:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 22:53 - 2012-05-13 16:25 - 00000000 ____D () C:\Users\Melzer\AppData\Roaming\WildTangent
2014-04-08 22:53 - 2008-10-27 09:41 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-08 19:57 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-19 04:20 - 2013-08-16 03:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 04:16 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-15 04:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-15 04:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1761348043-3022951597-3060735382-1000\$8f194bdc553c72887cc7cb497d2048dc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8f194bdc553c72887cc7cb497d2048dc

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 09:02

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Melzer at 2014-04-10 09:17:42
Running from C:\Users\Melzer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 9.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.26.0 - Ask.com) <==== ATTENTION
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1898 - APN, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Handbuch (HKLM\...\EPSON SX420W Series Manual) (Version:  - )
EPSON SX420W Series Netzwerk-Handbuch (HKLM\...\EPSON SX420W Series Network Guide) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Gedächtnisrallye (HKLM\...\{2E016D9C-0876-4660-98E0-03BC07B4FFCD}) (Version: 1.00.0000 - Your Company Name)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 11.1.6 - iolo technologies, LLC)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Magic Desktop (HKLM\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.27 - iolo technologies, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.0.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)

==================== Restore Points  =========================

23-02-2014 13:45:49 Geplanter Prüfpunkt
26-02-2014 02:37:13 Windows Update
28-02-2014 02:00:11 Windows Update
15-03-2014 02:13:09 Windows Update
19-03-2014 02:15:13 Windows Update
08-04-2014 21:55:42 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03324A8F-DD21-4A27-B589-46AD5291ABB0} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-01-04] ()
Task: {03E85E83-26A7-4B0B-B636-36BA0BEA43BD} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {489D8619-0B1A-47B4-9FEA-74753F82A981} - System32\Tasks\Microsoft\Windows\RestartManager\{12B9DC2D-D1D2-40ba-833F-ED5D378981E1} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6543BB1D-9237-4C88-9197-5D09B4E7393F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9A0DF427-6CBC-4D8E-B15F-FA7C555CC624} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31] (Adobe Systems Incorporated)
Task: {BABDC2A3-F0A3-442D-8573-DE09E01AAE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {BE9199EB-4B3B-4EA3-883C-D4CF0E693D10} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-30 06:50 - 2013-11-22 13:01 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-27 10:39 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2008-10-27 10:39 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2010-12-25 17:44 - 2008-09-23 18:21 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 08:53:12 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x814, Anwendungsstartzeit avgui.exe0.

Error: (04/10/2014 05:51:48 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xa3c, Anwendungsstartzeit avgui.exe0.

Error: (04/10/2014 04:51:17 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xb14, Anwendungsstartzeit avgui.exe0.

Error: (04/09/2014 02:38:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/09/2014 02:36:18 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x850, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 11:09:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xb1c, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 11:01:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:58:37 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xae4, Anwendungsstartzeit avgui.exe0.

Error: (04/08/2014 10:51:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:47:55 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung avgui.exe, Version 14.0.0.4253, Zeitstempel 0x527c002e, fehlerhaftes Modul mfc110u.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x924, Anwendungsstartzeit avgui.exe0.


System errors:
=============
Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker EPSON SX420W Series nicht unter dem Namen EPSON SX420W Series freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker Lexmark Z23/Z33 Color Jetprinter nicht unter dem Namen Lexmark Z23 Z33 Color Jetprinter freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:55:00 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker Lexmark Z23/Z33 Color Jetprinter(2) nicht unter dem Namen Lexmark Z23 Z33 Color Jetprinter(2) freigeben. Fehler: 1753. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog%%1053

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: 30000AVG WatchDog

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent%%1053

Error: (04/10/2014 08:54:03 AM) (Source: Service Control Manager) (User: )
Description: 30000AVGIDSAgent


Microsoft Office Sessions:
=========================
Error: (04/10/2014 08:53:12 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d81401cf54898637f299

Error: (04/10/2014 05:51:48 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5da3c01cf54702d09f53b

Error: (04/10/2014 04:51:17 AM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5db1401cf5467baa1af0b

Error: (04/09/2014 02:38:41 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/09/2014 02:36:18 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d85001cf53f04695e435

Error: (04/08/2014 11:09:00 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5db1c01cf536ebb9d1960

Error: (04/08/2014 11:01:31 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:58:37 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5dae401cf536d4a0010b2

Error: (04/08/2014 10:51:41 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/08/2014 10:47:55 PM) (Source: Application Error)(User: )
Description: avgui.exe14.0.0.4253527c002emfc110u.dll6.0.6002.1888151da3e27c000013500009f5d92401cf536bc8f9e651


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 09:17:24.019
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.691
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 09:17:23.036
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:31.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:31.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:30.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 08:59:29.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 17:36:15.296
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SET2CB.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 17:36:15.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SET2CB.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3038.26 MB
Available physical RAM: 1968.37 MB
Total Pagefile: 6314.79 MB
Available Pagefile: 5125.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.55 GB) (Free:200.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (STORE N GO) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7B2D0067)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 983 MB) (Disk ID: A9E1B5E3)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Löschen wir erstmal Reste. Danach werden wir uns um dir Adware kümern.

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
benötigst Du noch weiterhin Hilfe?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist