Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert (https://www.trojaner-board.de/142846-windows-8-rechner-langsam-cpu-fast-immer-100-laufwerkfehler-lassen-korrigieren-windowsupdates-installiert.html)

Carsten1502 10.10.2013 19:45
Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert
 
Hallo Board,

wie bereits im Titel geschrieben, haben sich nach und nach Probleme in meinen Rechner (aus 2005, ursprünglich XP, seit März 2013 Windows8 Pro) geschlichen, der bislang eigentlich gut lief:

* Rechner langsam => OK...
* CPU fast immer auf 100% => Naja...
* Laufwerkfehler laut Wartungscenter angezeigt und lassen sich nicht beheben => Komisch
* Laufwerk C wird nicht zur Defragmentation angezeigt => Komisch
* Laufwerk D (separate FP) lässt sich nicht formatieren => Komisch
* Updates von Windows werden nicht installiert => Bedenklich!!

Nun hab ich mich bei euch eingelesen und eure Anleitung befolgt:
Hier meine 4 LOG-Files als Anhang, da sie wohl zu groß für die direkte Darstellung sind. Vielleicht kann mir ja jemand helfen.


Danke und Gruß
Carsten

schrauber 10.10.2013 20:00
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Carsten1502 10.10.2013 23:14
Zweiter Versuch:

1.) Defogger disabled:


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:55 on 10/10/2013 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2.) FRST:



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 10-10-2013 18:56:20
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH                                                                                                                              )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc.              )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]
U3 pxaoipog; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pxaoipog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-10 18:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:57 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 17:41 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-10 18:04 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-10 18:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-10-10 17:48 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2013-10-10 18:57 - 2013-03-17 17:46 - 02770524 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:49 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:43 - 2013-10-10 17:57 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 18:43 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:36 - 2013-03-17 09:41 - 01122558 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-10 18:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 18:19 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:04 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 18:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:53 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-10 17:48 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 17:45 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:49 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 20:05 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:43 - 2013-03-17 09:23 - 00030640 _____ C:\WINDOWS\PFRO.log
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 18:06 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:18 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Carsten\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Carsten\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 13:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



3.) Addition Farbar Recovery:


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-10 18:57:30
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.0.8 (Version: 2.0.8)
WinDirStat 1.1.2

==================== Restore Points  =========================

26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 06:43:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0x68
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (10/10/2013 06:40:55 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 698

Startzeit: 01cec5d5570a4da6

Endzeit: 4294967295

Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID: ba3d9622-31ca-11e3-b033-0011d8883bcc

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/10/2013 06:29:27 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/10/2013 06:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/10/2013 06:22:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (10/10/2013 06:22:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/10/2013 06:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/10/2013 06:11:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xc6c
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (10/10/2013 05:50:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xef4
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (10/10/2013 05:42:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5


System errors:
=============
Error: (10/10/2013 05:49:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/10/2013 05:49:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.

Error: (10/10/2013 05:49:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (10/10/2013 05:45:15 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (10/10/2013 05:31:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/10/2013 05:31:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (10/10/2013 05:29:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/10/2013 05:29:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.

Error: (10/10/2013 05:29:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (10/10/2013 05:26:30 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.


Microsoft Office Sessions:
=========================
Error: (10/10/2013 06:43:36 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f00000000000120056801cec5d7db79184cC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll1b55f3ef-31cb-11e3-b033-0011d8883bcc

Error: (10/10/2013 06:40:55 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.069801cec5d5570a4da64294967295C:\Users\Administrator\Desktop\OTL.exeba3d9622-31ca-11e3-b033-0011d8883bcc

Error: (10/10/2013 06:29:27 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/10/2013 06:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149

Error: (10/10/2013 06:22:44 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005ec801cec5d4f26316ecC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll30fe3732-31c8-11e3-b033-0011d8883bcc

Error: (10/10/2013 06:22:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149

Error: (10/10/2013 06:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149

Error: (10/10/2013 06:11:44 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005c6c01cec5d3683ff21fC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dlla75bacef-31c6-11e3-b033-0011d8883bcc

Error: (10/10/2013 05:50:49 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005ef401cec5d07d186541C:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dllbbb8243a-31c3-11e3-b033-0011d8883bcc

Error: (10/10/2013 05:42:33 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005cdc01cec5cf555c2d8bC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll93f98a17-31c2-11e3-b032-0011d8883bcc


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 1534.8 MB
Available physical RAM: 463.15 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1880.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.76 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:149.05 GB) (Free:46.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive g: (STICK 1 GB) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT32
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (Size: 1000 MB) (Disk ID: 0DFF7265)
No partition Table on disk 8.

==================== End Of Log ============================

4.) GMER:


Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-11 00:07:31
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SP1604N rev.TM100-24 149,05GB
Running: 3. gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxaoipog.sys


---- System - GMER 2.1 ----

SSDT            8D53EEBF                                                                                                                                ZwTerminateProcess
SSDT            8D53EF32                                                                                                                                ZwSystemDebugControl
SSDT            8D53EF2D                                                                                                                                ZwSetSecurityObject
SSDT            8D53EF23                                                                                                                                ZwSetContextThread
SSDT            8D53EF28                                                                                                                                ZwRequestWaitReplyPort
SSDT            8D53EF1E                                                                                                                                ZwCreateSection

---- Kernel code sections - GMER 2.1 ----

.text          ntoskrnl.exe!ZwReplacePartitionUnit + 26B1                                                                                              8155CAB5 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                  8156139A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              C:\WINDOWS\system32\TrueSight.sys                                                                                                      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

Device                                                                                                                                                  Ntfs.sys

AttachedDevice                                                                                                                                          tdrpm273.sys

Device                                                                                                                                                  fastfat.SYS

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                NEOFLTR_730_22751.SYS

Device                                                                                                                                                  pci.sys
Device                                                                                                                                                  volmgr.sys

AttachedDevice                                                                                                                                          fltmgr.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                NEOFLTR_730_22751.SYS
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                tdrpm273.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                      -376613297
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Bayer Vital GmbH\Aspirin\xae Complex Screenmate\icebear.exe  1
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9118CCF8-299A-11DA-9AB4-806D6172696F}                  9451316696

---- EOF - GMER 2.1 ----

schrauber 11.10.2013 08:55
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Carsten1502 11.10.2013 10:10
Hi, hier das ComboFix Logfile:

Code:
ComboFix 13-10-09.01 - Administrator 11.10.2013  10:43:41.1.1 - x86
Microsoft Windows 8 Pro  6.2.9200.0.1252.49.1031.18.1535.549 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-11 bis 2013-10-11  ))))))))))))))))))))))))))))))
.
.
2013-10-11 09:02 . 2013-10-11 09:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-10-10 16:54 . 2013-10-10 16:54        --------        d-----w-        C:\FRST
2013-10-10 16:18 . 2013-10-11 07:07        --------        d-----w-        c:\users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 15:41 . 2013-10-10 17:58        --------        d-----w-        c:\users\Administrator\AppData\Local\CrashDumps
2013-10-10 15:41 . 2013-10-10 15:41        --------        d-----w-        c:\users\Administrator\AppData\Roaming\OpenOffice
2013-10-09 17:19 . 2013-10-09 17:19        --------        d-----w-        c:\users\Administrator\AppData\Local\Programs
2013-10-09 16:10 . 2013-07-09 02:50        85760        ----a-w-        c:\windows\system32\drivers\USBAUDIO.sys
2013-10-09 16:09 . 2013-07-01 22:15        36864        ----a-w-        c:\windows\system32\drivers\usbscan.sys
2013-10-09 16:09 . 2013-07-01 22:15        18944        ----a-w-        c:\windows\system32\drivers\usbprint.sys
2013-10-09 16:09 . 2013-06-29 02:32        26496        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-10-09 16:09 . 2013-06-29 02:31        61440        ----a-w-        c:\windows\system32\drivers\hidclass.sys
2013-10-09 16:09 . 2013-07-19 22:13        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-05 11:50 . 2013-10-05 11:50        --------        d-----w-        c:\users\Carsten\AppData\Roaming\AVG
2013-10-05 11:42 . 2013-10-05 11:42        --------        d-----w-        c:\users\Administrator\AppData\Roaming\AVG
2013-10-05 11:41 . 2013-10-05 11:43        --------        d-----w-        c:\programdata\AVG
2013-10-05 11:41 . 2013-10-05 11:41        --------        d-sh--w-        c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-05 09:22 . 2013-10-05 09:22        --------        d-----w-        c:\windows\ServiceProfiles\LocalService\winhttp
2013-10-03 21:01 . 2013-10-03 21:01        --------        d-----w-        c:\users\Carsten\AppData\Local\Clipboarder
2013-10-03 20:59 . 2013-10-03 21:02        --------        d-----w-        c:\users\Carsten\AppData\Local\Sidebar7
2013-10-03 20:57 . 2012-05-19 04:43        1144832        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
2013-10-03 20:57 . 2012-05-19 04:41        77824        ----a-w-        c:\program files\Windows Sidebar\sbdrop.dll
2013-10-03 20:57 . 2006-11-02 15:03        63488        ----a-w-        c:\program files\Windows Sidebar\wlsrvc.dll
2013-10-03 20:57 . 2013-05-04 10:18        46080        ----a-w-        c:\program files\Windows Sidebar\dwmapi.dll
2013-10-03 07:54 . 2013-10-03 07:54        --------        d-----w-        c:\programdata\Malwarebytes
2013-10-03 07:53 . 2013-10-03 09:06        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 07:43 . 2013-10-10 16:04        --------        d-----w-        C:\AdwCleaner
2013-09-25 07:30 . 2013-09-25 07:30        --------        d-----w-        c:\users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 06:56 . 2013-09-25 21:27        --------        d-----w-        c:\users\Carsten\AppData\Local\CrashDumps
2013-09-25 06:55 . 2013-09-25 06:55        --------        d-----w-        c:\users\Carsten\AppData\Roaming\DivX
2013-09-24 19:32 . 2013-09-25 08:26        --------        d-----w-        c:\program files\Common Files\DivX Shared
2013-09-21 10:24 . 2013-09-21 10:25        --------        d-----w-        c:\program files\Google
2013-09-19 08:10 . 2013-09-18 23:26        78296        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 08:10 . 2013-09-18 23:26        694232        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-09-19 07:37 . 2013-08-03 04:17        3390464        ----a-w-        c:\windows\system32\win32k.sys
2013-09-19 07:37 . 2013-08-21 02:05        2876928        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-19 07:37 . 2013-08-21 02:36        770648        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2013-09-19 07:37 . 2013-08-21 02:06        1767936        ----a-w-        c:\windows\system32\wininet.dll
2013-09-19 07:37 . 2013-08-21 02:06        817664        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-19 07:37 . 2013-08-21 02:06        661504        ----a-w-        c:\windows\system32\uxtheme.dll
2013-09-19 07:37 . 2013-08-21 02:05        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2013-09-19 07:36 . 2013-08-21 02:06        44032        ----a-w-        c:\windows\system32\UXInit.dll
2013-09-19 07:36 . 2013-08-21 02:05        108032        ----a-w-        c:\program files\Internet Explorer\jsdebuggeride.dll
2013-09-19 07:36 . 2013-08-21 02:05        61440        ----a-w-        c:\windows\system32\iesetup.dll
2013-09-19 07:36 . 2013-08-21 02:05        257536        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2013-09-19 07:36 . 2013-08-21 02:05        236032        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2013-09-19 07:36 . 2013-08-21 01:43        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 08:16 . 2013-05-06 11:41        65632        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-09-19 08:16 . 2013-03-17 09:29        88840        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-09-19 08:16 . 2013-03-17 09:29        136672        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-07-18 10:14 . 2013-07-18 10:14        74703        ----a-w-        c:\windows\system32\mfc45.dat
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49        594432        ----a-w-        c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-19 347192]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Internet.lnk - c:\program files\FRITZ!DSL\FritzDsl.exe [2009-7-27 987960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HotSync Manager.lnk - c:\programs~1\Palm\hotsync.exe [2013-4-21 263680]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /m /P \Device\HarddiskVolume8\0autocheck autochk *
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2013-04-21 752128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 37352]
S1 NEOFLTR_730_22751;Juniper Networks TDI Filter Driver (NEOFLTR_730_22751);c:\windows\system32\Drivers\NEOFLTR_730_22751.SYS [2012-11-23 91824]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-04-21 3246040]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-19 84024]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2013-03-27 167464]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-07-03 1228504]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-07-03 660184]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-04-21 167968]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-07-03 16024]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 18:49]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 10:24]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 10:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://microsoft.com/update
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
HKU-Default-Run-FRITZ!protect - FwebProt.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{553891B7-A0D5-4526-BE18-D3CE461D6310}"=hex:51,66,7a,6c,4c,1d,3b,1b,a7,8e,2b,
  4a,e3,f1,4a,08,a1,14,96,8e,4e,5d,2f,0e
"{449D0D6E-2412-4E61-B68F-1CB625CD9E52}"=hex:51,66,7a,6c,4c,1d,3b,1b,7e,12,8e,
  5b,24,75,0d,03,a9,83,59,f6,2d,8d,d2,4c
"{EA801577-E6AD-4BD5-8F71-4BE0154331A4}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,0a,93,
  f5,9b,b7,b9,06,90,7d,0e,a0,1d,03,7d,ba
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,07,
  69,c6,87,40,0b,a9,e7,91,9a,f9,99,61,5d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db,
  c4,73,f5,37,0e,a3,78,d9,65,c9,85,c4,b7
"{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}"=hex:51,66,7a,6c,4c,1d,3b,1b,65,f2,5b,
  b1,60,0b,33,01,a4,c2,2a,5a,cb,c7,13,78
"{C728ECCB-7A57-4AFF-AB17-6434AFF18F49}"=hex:51,66,7a,6c,4c,1d,3b,1b,db,f3,3b,
  d8,61,2b,93,07,b4,1b,21,74,a7,b1,c3,57
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:39,25,67,d4,aa,a4,ce,01
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,76,96,85,6e,34,d1,41,91,9c,50,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,76,96,85,6e,34,d1,41,91,9c,50,\
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6toF4FqZ9CI="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="PENBi4/633I="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Gbx0bTR0BVs="
"ProgId"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="GYrmpQMOP+Y="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="sNfaFMPswMg="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lOS1kV0iZc8="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tWuP4W8cuzA="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Y+GYvvzmVtg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3zw++lE9gfk="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nNB/hESlJqA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Mjd93FQyJuE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Qsqw9+lB7+c="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="XimINgjzheE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="jVkV5N4flkc="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Q43d//z4GJE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="T4kVKaqD2TY="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="zFTOpjCdRe0="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ygc12GkfUyM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="BoCc9hSnf6g="
"ProgId"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tIs40EPTE/E="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SAuo/NMMfkE="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="E8Xf3VahEQg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="y3Xlbm4G4A0="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Z9Pg95vE0+4="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ZsBXokkrRz4="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="aGYz+ivP88g="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WtXPuo2Uo8g="
"ProgId"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="t7DSZYJcJ0g="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9ee2/uL+6GA="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="EKznZ39alrU="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="xh0oADlMDRk="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="K3TC5Hcup7g="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Vnjwt420kPE="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="PR1n3VYLG3U="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FEGYwgFYcwA="
"ProgId"="txtfile"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bal60haK06g="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="5LWAzGMYi50="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="t+tPu5hmIvM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WbCGh8AwleU="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="fc7eDj1nWBM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SLtgDthwfK0="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="aw3DZsPuq5Y="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-10-11  11:05:24
ComboFix-quarantined-files.txt  2013-10-11 09:05
.
Vor Suchlauf: 15 Verzeichnis(se), 49.872.261.120 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 49.847.197.696 Bytes frei
.
- - End Of File - - 2EC61E2F5F652385E37C255637136B07
72B8CE41AF0DE751C946802B3ED844B4

Gruß
Carsten

schrauber 12.10.2013 14:24
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Carsten1502 12.10.2013 20:00
Malwarebytes lief laut Anleitung (Quick-Scan) bereits ohne Befund (Scan anbei). Der ausführliche Scan läuft noch (bereits ein Fund).
Restliche Logs folgen.

Gruß
Carsten

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.12.03

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16688
Administrator :: CARSTEN_SIEMENS [Administrator]

12.10.2013 13:58:06
mbam-log-2013-10-12 (13-58-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 271583
Laufzeit: 16 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier die Logfiles:
1.) mbam

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.12.03

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16688
Administrator :: CARSTEN_SIEMENS [Administrator]

12.10.2013 13:58:06
mbam-log-2013-10-12 (13-58-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 271583
Laufzeit: 16 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2.) AdwCleaner:

Code:
# AdwCleaner v3.007 - Bericht erstellt am 12/10/2013 um 20:02:04
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzername : Administrator - CARSTEN_SIEMENS
# Gestartet von : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16688


*************************

AdwCleaner[R0].txt - [3857 octets] - [03/10/2013 09:43:17]
AdwCleaner[R1].txt - [766 octets] - [03/10/2013 09:49:40]
AdwCleaner[R2].txt - [1286 octets] - [10/10/2013 17:19:19]
AdwCleaner[R3].txt - [1010 octets] - [10/10/2013 18:02:57]
AdwCleaner[R4].txt - [1024 octets] - [12/10/2013 19:51:05]
AdwCleaner[R5].txt - [826 octets] - [12/10/2013 20:02:04]
AdwCleaner[S0].txt - [4048 octets] - [03/10/2013 09:44:42]
AdwCleaner[S1].txt - [1347 octets] - [10/10/2013 17:24:45]
AdwCleaner[S2].txt - [1086 octets] - [12/10/2013 19:57:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1065 octets] ##########

3.) JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x86
Ran by Administrator on 12.10.2013 at 20:10:37,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 20:16:55,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4.) FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 12-10-2013 20:18:15
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH                                                                                                                              )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc.              )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-12] (Malwarebytes Corporation)
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:04 - 2013-10-12 20:10 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware.lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 10:38 - 2013-10-11 11:05 - 00000000 ____D C:\Qoobox
2013-10-11 10:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-11 10:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-11 10:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-11 10:37 - 2013-10-11 11:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-12 20:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:57 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 17:41 - 2013-10-11 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-12 20:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-12 20:00 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-10-12 19:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2013-10-12 20:20 - 2013-03-17 17:46 - 05486456 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:10 - 2013-10-12 20:04 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 20:09 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-12 20:07 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-12 20:04 - 2013-03-17 09:41 - 02080749 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-12 20:03 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-12 20:00 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 19:59 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 19:50 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 19:44 - 2013-03-17 09:23 - 00031638 _____ C:\WINDOWS\PFRO.log
2013-10-12 19:44 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 19:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware.lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:36 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-12 10:56 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 15:14 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 11:05 - 2013-10-11 10:38 - 00000000 ____D C:\Qoobox
2013-10-11 11:05 - 2013-03-17 09:31 - 00000000 ____D C:\Users\Admin
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 __RHD C:\Users\Default
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2013-10-11 11:03 - 2013-10-11 10:37 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 11:02 - 2012-07-26 06:17 - 00000215 _____ C:\WINDOWS\system.ini
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 09:01 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 19:11 - 2013-07-27 09:37 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:43 - 2013-10-10 17:57 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 21:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



5.) FRST Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-12 20:21:07
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.1.0 (Version: 2.1.0)
WinDirStat 1.1.2

==================== Restore Points  =========================

26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt
11-10-2013 08:38:57 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:17 - 2013-10-11 11:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 1534.8 MB
Available physical RAM: 644.8 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1915.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.76 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:149.05 GB) (Free:45.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Das Problem, dass die MS-Updates nicht konfiguriert werden, bestehen leider weiterhin...

Gruß
Carsten

schrauber 13.10.2013 14:01

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Carsten1502 13.10.2013 23:15
Eset-Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91274f7c18963946bf4f5d7027ce3b7d
# engine=15467
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-13 09:09:37
# local_time=2013-10-13 11:09:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 97 115199 18189947 107928 0
# compatibility_mode=5893 16776574 100 94 5210092 41204682 0 0
# scanned=237187
# found=0
# cleaned=0
# scan_time=10797

SecurityCheck Log:

Code:
Results of screen317's Security Check version 0.99.74 
  x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
Avira Desktop     
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7011) 
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 40 
 Adobe Flash Player        11.9.900.117 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````

FRST-LOG:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 14-10-2013 00:20:08
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\system32\srtasks.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH                                                                                                                              )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 127.0.0.1        localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc.              )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-12] (Malwarebytes Corporation)
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 00:17 - 2013-10-14 00:17 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Java
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-13 23:59 - 2013-10-14 00:20 - 00000760 _____ C:\Users\Administrator\Desktop\SecurityCheck.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00891167 _____ C:\Users\Administrator\Desktop\9. SecurityCheck.exe
2013-10-13 23:13 - 2013-10-13 23:14 - 00000708 _____ C:\Users\Administrator\Desktop\ESET.txt
2013-10-13 19:56 - 2013-10-13 19:57 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\8. esetsmartinstaller_enu.exe
2013-10-12 21:41 - 2013-10-12 21:41 - 00060225 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_214114.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00060153 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_214101.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00001066 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_214107.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00000969 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_214110.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060501 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_213737.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060456 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_213723.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000978 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_213743.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000899 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_213747.txt
2013-10-12 21:32 - 2013-10-12 21:41 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-12 21:32 - 2013-10-12 21:39 - 00000000 ____D C:\Users\Administrator\Desktop\RogueKiller_8.7.2
2013-10-12 20:21 - 2013-10-14 00:11 - 00015575 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:04 - 2013-10-12 20:10 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware.lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 10:38 - 2013-10-11 11:05 - 00000000 ____D C:\Qoobox
2013-10-11 10:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-11 10:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-11 10:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-11 10:37 - 2013-10-11 11:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-13 23:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 17:41 - 2013-10-11 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-12 20:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-13 23:41 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-10-13 23:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2013-10-14 00:22 - 2013-03-17 17:46 - 06811296 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-14 00:20 - 2013-10-13 23:59 - 00000760 _____ C:\Users\Administrator\Desktop\SecurityCheck.txt
2013-10-14 00:20 - 2013-03-17 09:41 - 01366241 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-14 00:17 - 2013-10-14 00:17 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Java
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-14 00:17 - 2013-03-18 15:31 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-10-14 00:17 - 2013-03-18 15:31 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-10-14 00:11 - 2013-10-12 20:21 - 00015575 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-10-14 00:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-13 23:50 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-13 23:45 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-13 23:41 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-13 23:41 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 23:36 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-13 23:31 - 2013-03-17 09:23 - 00032436 _____ C:\WINDOWS\PFRO.log
2013-10-13 23:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 23:19 - 2013-10-13 23:19 - 00891167 _____ C:\Users\Administrator\Desktop\9. SecurityCheck.exe
2013-10-13 23:14 - 2013-10-13 23:13 - 00000708 _____ C:\Users\Administrator\Desktop\ESET.txt
2013-10-13 19:57 - 2013-10-13 19:56 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\8. esetsmartinstaller_enu.exe
2013-10-13 09:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-12 21:41 - 2013-10-12 21:41 - 00060225 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_214114.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00060153 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_214101.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00001066 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_214107.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00000969 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_214110.txt
2013-10-12 21:41 - 2013-10-12 21:32 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-12 21:39 - 2013-10-12 21:32 - 00000000 ____D C:\Users\Administrator\Desktop\RogueKiller_8.7.2
2013-10-12 21:37 - 2013-10-12 21:37 - 00060501 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_213737.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060456 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_213723.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000978 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_213743.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000899 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_213747.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:10 - 2013-10-12 20:04 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 20:09 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-12 19:44 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware.lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 10:56 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 15:14 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 11:05 - 2013-10-11 10:38 - 00000000 ____D C:\Qoobox
2013-10-11 11:05 - 2013-03-17 09:31 - 00000000 ____D C:\Users\Admin
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 __RHD C:\Users\Default
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2013-10-11 11:03 - 2013-10-11 10:37 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 11:02 - 2012-07-26 06:17 - 00000215 _____ C:\WINDOWS\system.ini
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 09:01 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 19:11 - 2013-07-27 09:37 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 21:09

==================== End Of Log ============================
--- --- ---



FRST Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-14 00:22:32
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.1.0 (Version: 2.1.0)
WinDirStat 1.1.2

==================== Restore Points  =========================

26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt
11-10-2013 08:38:57 ComboFix created restore point
13-10-2013 21:54:52 Installed Java 7 Update 40

==================== Hosts content: ==========================

2012-07-26 06:17 - 2013-10-12 21:41 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1        localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2013 11:35:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018138
ID des fehlerhaften Prozesses: 0x714
Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
Berichtskennung: IGDCTRL.EXE3
Vollständiger Name des fehlerhaften Pakets: IGDCTRL.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IGDCTRL.EXE5

Error: (10/13/2013 11:29:19 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/13/2013 10:29:41 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/13/2013 09:30:01 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/13/2013 08:30:02 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/13/2013 07:58:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: afcdpsrv.exe, Version: 1.0.0.3582, Zeitstempel: 0x4ce554b7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002d0064
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xafcdpsrv.exe0
Pfad der fehlerhaften Anwendung: afcdpsrv.exe1
Pfad des fehlerhaften Moduls: afcdpsrv.exe2
Berichtskennung: afcdpsrv.exe3
Vollständiger Name des fehlerhaften Pakets: afcdpsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: afcdpsrv.exe5

Error: (10/12/2013 11:29:02 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/12/2013 10:29:15 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/12/2013 09:29:09 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi

Error: (10/12/2013 08:29:55 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi


System errors:
=============
Error: (10/13/2013 11:51:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xe0000100 fehlgeschlagen: Sicherheitsupdate für Windows 8 (KB2862330)

Error: (10/13/2013 11:40:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/13/2013 11:40:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.

Error: (10/13/2013 11:39:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (10/13/2013 11:39:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (10/13/2013 11:36:42 PM) (Source: Microsoft-Windows-Ntfs) (User: NT-AUTORITÄT)
Description: G:\Device\HarddiskVolume43

Error: (10/13/2013 11:36:33 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (10/13/2013 11:34:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/13/2013 11:34:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.

Error: (10/13/2013 11:34:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (10/13/2013 11:35:12 PM) (Source: Application Error)(User: )
Description: IGDCTRL.EXE3.9.11.20014a6f013dupnpapicli.dll4.0.104.20014a6f0122c00000050001813871401cec85b939fa72eC:\Program Files\FRITZ!DSL\IGDCTRL.EXEC:\Program Files\FRITZ!DSL\upnpapicli.dll5706008c-344f-11e3-b03e-0011d8883bcc

Error: (10/13/2013 11:29:19 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/13/2013 10:29:41 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/13/2013 09:30:01 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/13/2013 08:30:02 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/13/2013 07:58:53 PM) (Source: Application Error)(User: )
Description: afcdpsrv.exe1.0.0.35824ce554b7unknown0.0.0.000000000c0000005002d006440c01cec7dea144e0fdC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeunknown1e7339d8-3431-11e3-b03d-0011d8883bcc

Error: (10/12/2013 11:29:02 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2013 10:29:15 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2013 09:29:09 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2013 08:29:55 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1534.8 MB
Available physical RAM: 600.34 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1809.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.76 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:149.05 GB) (Free:45.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Probleme:
1.) MS-Updates werden nicht konfiguriert.
2.) Im Wartungscenter werden Laufwerksfehler angegeben, die nicht behoben werden können.
3.) Lw C kann nicht zur Fehlerüberprüfung oder Defragmentierung angezeigt werden.


Gruß
Carsten

schrauber 14.10.2013 13:52
Downloade dir bitte Windows Repair (All In One) von hier.

Carsten1502 16.10.2013 17:20
So, hab, das Tool zweimal laufen lassen, die Logdatei soll unter windir\logs\CBS\CBS.log zu finden sein - kann den Pfad aber nicht finden :-/

Windowsupdates werden noch immer nicht konfiguriert... :-/

Gruß
Carsten

schrauber 17.10.2013 08:45
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




gibt es ne Fehlermeldung mit Code?

Carsten1502 18.10.2013 14:04
Hier der FFS Scan-Log:

Code:
Farbar Service Scanner Version: 13-09-2013
Ran by Administrator (administrator) on 18-10-2013 at 15:01:20
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 8 Pro  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\nsisvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\dhcpcore.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2013-10-09 17:37] - [2013-08-01 10:45] - 1800536 ____A (Microsoft Corporation) 215C4A9488DD9828891B4E61BD5EC247

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\mpssvc.dll => MD5 is legit
C:\WINDOWS\system32\bfe.dll
[2013-08-22 21:44] - [2013-06-10 21:10] - 0473600 ____A (Microsoft Corporation) 477B2727053EBB09082445AC53E59630

C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\SDRSVC.dll => MD5 is legit
C:\WINDOWS\system32\vssvc.exe => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuaueng.dll
[2013-10-09 18:59] - [2013-09-14 00:36] - 2600448 ____A (Microsoft Corporation) 573BD441AEC2E65AED26D4F2F54DEB92

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\iphlpsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit


**** End of log ****

Eine Fehlermeldung wird nicht angezeigt.

schrauber 18.10.2013 18:28
http://download.bleepingcomputer.com...8/wuauserv.reg
laden und auf dem Desktop speichern. Rechtsklick als Admin laufen lassen, erlauben.

Frisches FSS log bitte.

Carsten1502 19.10.2013 10:08
OK...

FFS-Log:

Code:
Farbar Service Scanner Version: 13-09-2013
Ran by Administrator (administrator) on 19-10-2013 at 11:06:21
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 8 Pro  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\nsisvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\dhcpcore.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2013-10-09 17:37] - [2013-08-01 10:45] - 1800536 ____A (Microsoft Corporation) 215C4A9488DD9828891B4E61BD5EC247

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\mpssvc.dll => MD5 is legit
C:\WINDOWS\system32\bfe.dll
[2013-08-22 21:44] - [2013-06-10 21:10] - 0473600 ____A (Microsoft Corporation) 477B2727053EBB09082445AC53E59630

C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\SDRSVC.dll => MD5 is legit
C:\WINDOWS\system32\vssvc.exe => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuaueng.dll
[2013-10-09 18:59] - [2013-09-14 00:36] - 2600448 ____A (Microsoft Corporation) 573BD441AEC2E65AED26D4F2F54DEB92

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\iphlpsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit


**** End of log ****

Gruß
Carsten


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131