Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 Sicherheits Center nicht unter Dienste auffindbar (https://www.trojaner-board.de/147263-windows-7-sicherheits-center-dienste-auffindbar.html)

padermats 03.01.2014 19:32
Windows 7 Sicherheits Center nicht unter Dienste auffindbar
 
Ich benutze WIN 7 und habe zufällig entdeckt, dass mein Windows Security Center nicht aktiviert ist und er sich leider auch nicht aktivieren läßt ("...kann nicht gestartet werden")
Leider ist unter "Dienste" der Eintrag "Sicherheitsdienst" bzw "Security Center" nicht vorhanden, über den man angeblich den Security Center wieder in die Lage versetzen kann aktiviert zu werden.

Bislang lief mein PC aber störungsfrei (allerdings hatte ich schon zahlreiche malware attacken die ich aber zum Glück mit gratis tools wieder "fixen" konnte) aber ich denke hinter dem geschilderten Zustand steckt nun eine Sicherheitslücke auf meinem PC.

aharonov 04.01.2014 01:38
Hallo,

mach bitte folgende Scans:


Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



padermats 04.01.2014 11:11
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by MK (administrator) on MK-PC on 04-01-2014 11:04:07
Running from C:\Users\MK\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [Windows Time] - rundll32.exe
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB76357F844ACCB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/Magix%20Video/Disc%20Images/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/Magix%20Video/Disc%20Images/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/Magix%20Video/Disc%20Images/components/wmvhdrating.ocx
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://soze69.ddns-instar.de:81/codebase/DVM_IPCam2.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699
FF NewTab: www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\MK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-27] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S4 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 MSKSSRV; C:\Windows\SysWow64\drivers\MSKSSRV.sys [6640 1999-09-25] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\SysWow64\drivers\MSPCLOCK.sys [5008 1999-09-25] (Microsoft Corporation)
R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 NVHDA; system32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 11:04 - 2014-01-04 11:05 - 00013878 _____ C:\Users\MK\Desktop\FRST.txt
2014-01-04 11:04 - 2014-01-04 11:04 - 00000000 ____D C:\FRST
2014-01-04 11:01 - 2014-01-04 11:02 - 01931368 _____ (Farbar) C:\Users\MK\Desktop\FRST64.exe
2014-01-03 19:37 - 2014-01-03 19:37 - 14995648 _____ (Gougelet Pierre-e                                          ) C:\Users\MK\Downloads\XnView-win-full_2.13.exe
2014-01-02 17:19 - 2014-01-02 17:19 - 00285856 _____ C:\Windows\Minidump\010214-51480-01.dmp
2013-12-31 16:51 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-22 23:38 - 2013-12-22 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 19:10 - 2013-12-13 19:14 - 00489137 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien(1).zip
2013-12-13 19:03 - 2013-12-13 19:03 - 11133032 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien.zip
2013-12-13 18:58 - 2013-12-13 19:01 - 00410360 _____ C:\Users\MK\Downloads\Save Your Soul - 4 Dateien.zip
2013-12-13 18:54 - 2013-12-13 18:58 - 00000022 _____ C:\Users\MK\Downloads\OK It's Alright With Me - 5 Dateien.zip
2013-12-13 18:51 - 2013-12-13 18:56 - 00000022 _____ C:\Users\MK\Downloads\It's A Beautiful Day - 5 Dateien.zip
2013-12-12 23:41 - 2013-12-13 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 18:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 18:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 18:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 18:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 18:47 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 18:47 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 18:47 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 18:47 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 18:47 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 18:47 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 18:47 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 18:47 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 18:47 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 18:47 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 18:47 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 18:47 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 18:47 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 18:47 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 18:47 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 18:47 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 18:47 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 18:47 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 18:47 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 18:47 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 18:47 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 18:47 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 18:47 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 18:47 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 18:47 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 18:47 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 18:47 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 18:47 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 18:47 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 18:47 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 18:47 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:42 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 17:42 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 17:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 17:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 17:42 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 17:41 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 17:41 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 17:41 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 17:41 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 17:41 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 17:41 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 17:41 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 17:41 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 17:41 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 17:41 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 17:41 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 17:41 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 17:41 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 17:41 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-05 23:58 - 2013-12-05 23:58 - 00004989 _____ C:\Users\MK\Desktop\JRT.txt
2013-12-05 23:53 - 2013-12-05 23:53 - 00000000 ____D C:\Windows\ERUNT
2013-12-05 23:50 - 2013-12-05 23:50 - 01034531 _____ (Thisisu) C:\Users\MK\Downloads\JRT.exe
2013-12-05 23:49 - 2013-12-05 23:49 - 00001120 _____ C:\Users\MK\Desktop\Continue Zip Opener Installation.lnk

==================== One Month Modified Files and Folders =======

2014-01-04 11:05 - 2014-01-04 11:04 - 00013878 _____ C:\Users\MK\Desktop\FRST.txt
2014-01-04 11:04 - 2014-01-04 11:04 - 00000000 ____D C:\FRST
2014-01-04 11:03 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2014-01-04 11:03 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2014-01-04 11:03 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 11:02 - 2014-01-04 11:01 - 01931368 _____ (Farbar) C:\Users\MK\Desktop\FRST64.exe
2014-01-04 11:01 - 2010-12-22 22:25 - 01886248 _____ C:\Windows\WindowsUpdate.log
2014-01-04 10:58 - 2012-12-30 18:01 - 00000000 ____D C:\Users\MK\AppData\Roaming\FileZilla
2014-01-04 10:57 - 2011-01-27 22:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 10:57 - 2010-12-22 22:35 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-04 10:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 10:57 - 2009-07-14 05:51 - 00103639 _____ C:\Windows\setupact.log
2014-01-04 01:23 - 2011-01-27 22:07 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 01:20 - 2012-04-01 23:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 21:34 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 21:34 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 19:52 - 2012-06-15 15:36 - 00000099 _____ C:\Users\Public\LMDebug.log
2014-01-03 19:38 - 2011-02-14 22:55 - 00000000 ____D C:\Users\MK\AppData\Roaming\XnView
2014-01-03 19:38 - 2011-02-14 22:54 - 00000000 ____D C:\Program Files (x86)\XnView
2014-01-03 19:37 - 2014-01-03 19:37 - 14995648 _____ (Gougelet Pierre-e                                          ) C:\Users\MK\Downloads\XnView-win-full_2.13.exe
2014-01-03 19:00 - 2011-01-08 21:44 - 00000000 ____D C:\Users\MK\AppData\Local\Adobe
2014-01-02 17:19 - 2014-01-02 17:19 - 00285856 _____ C:\Windows\Minidump\010214-51480-01.dmp
2014-01-02 17:19 - 2013-07-10 21:30 - 494382881 _____ C:\Windows\MEMORY.DMP
2014-01-02 17:19 - 2011-06-22 07:30 - 00000000 ____D C:\Windows\Minidump
2014-01-02 00:17 - 2011-01-08 23:10 - 00000000 ____D C:\Users\MK\AppData\Roaming\Skype
2013-12-31 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-30 18:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 11:14 - 2013-11-27 23:27 - 00000000 ____D C:\ProgramData\ProductData
2013-12-23 23:45 - 2012-04-27 22:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 23:38 - 2013-12-22 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 16:28 - 2013-07-28 11:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 16:28 - 2013-07-28 11:06 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 16:28 - 2013-07-28 11:06 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 17:41 - 2013-08-19 12:10 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 17:37 - 2011-01-17 00:01 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 17:24 - 2011-01-27 22:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 16:43 - 2013-11-27 23:27 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:42 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 19:14 - 2013-12-13 19:10 - 00489137 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien(1).zip
2013-12-13 19:03 - 2013-12-13 19:03 - 11133032 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien.zip
2013-12-13 19:01 - 2013-12-13 18:58 - 00410360 _____ C:\Users\MK\Downloads\Save Your Soul - 4 Dateien.zip
2013-12-13 18:58 - 2013-12-13 18:54 - 00000022 _____ C:\Users\MK\Downloads\OK It's Alright With Me - 5 Dateien.zip
2013-12-13 18:56 - 2013-12-13 18:51 - 00000022 _____ C:\Users\MK\Downloads\It's A Beautiful Day - 5 Dateien.zip
2013-12-13 17:32 - 2013-12-12 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 23:20 - 2012-04-01 23:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 23:20 - 2012-04-01 23:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 23:20 - 2011-05-16 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 23:18 - 2011-01-27 22:07 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 23:18 - 2011-01-27 22:07 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 22:31 - 2009-07-14 05:45 - 00323512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 17:33 - 2011-01-08 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-11 17:33 - 2011-01-08 23:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-05 23:58 - 2013-12-05 23:58 - 00004989 _____ C:\Users\MK\Desktop\JRT.txt
2013-12-05 23:53 - 2013-12-05 23:53 - 00000000 ____D C:\Windows\ERUNT
2013-12-05 23:51 - 2013-11-27 23:34 - 00000000 ____D C:\AdwCleaner
2013-12-05 23:50 - 2013-12-05 23:50 - 01034531 _____ (Thisisu) C:\Users\MK\Downloads\JRT.exe
2013-12-05 23:49 - 2013-12-05 23:49 - 00001120 _____ C:\Users\MK\Desktop\Continue Zip Opener Installation.lnk

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\MK\AppData\Local\0f134d2d
C:\Users\MK\AppData\Local\0f134d2d\@

Some content of TEMP:
====================
C:\Users\MK\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 18:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by MK at 2014-01-04 11:05:21
Running from C:\Users\MK\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

AAVUpdateManager (x32 Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (x32 Version: 2.0.2 - Audacity Team)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Classic Link Drivers (x32 Version: 3.2.2.1 - Hercules)
CloneDVD2 (x32 Version: 2.9.2.8 - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkWave Studio 3.2.4 (x32 Version: 3.2.4 - ExperimentalScene)
EasyBits GO (HKCU Version:  - EasyBits Media)
ElsterFormular-Upgrade (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
FoxTab PDF Converter (HKCU Version:  - ) <==== ATTENTION
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hercules Deluxe Webcam Drivers (x32 Version: 1.00.0000 - Hercules)
IObit Uninstaller (x32 Version: 3.0.4.922 - IObit)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (x32 Version:  - )
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MidiSound 1.0 (x32 Version: 1.0 - inoage GbR)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.36.0 - Nokia)
Nokia Ovi Suite (x32 Version: 3.0.0.290 - Nokia)
Nokia Ovi Suite (x32 Version: 3.0.0.290 - Nokia) Hidden
Nokia Ovi Suite Software Updater (x32 Version: 02.06.006.44298 - Nokia Corporation)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Ovi Desktop Sync Engine (x32 Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.7.44.2 - Nokia) Hidden
PC Connectivity Solution (x32 Version: 10.50.2.0 - Nokia)
PDFCreator (x32 Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v4.4 (x32 Version: 4.4 - Spigot, Inc.) <==== ATTENTION
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version:  - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.93 (x32 Version: 1.93 - VS Revo Group)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (x32 Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.1.21 - Safer-Networking Ltd.)
STEUEReasy 2011 (x32 Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
STEUEReasy 2012 (x32 Version: 17.11 - Wolters Kluwer Deutschland GmbH)
STEUEReasy 2013 (x32 Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Synthesia (remove only) (x32 Version:  - )
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Manager B09.1008.1 (x32 Version: 1.00.0000 - GIGABYTE)
Update Manager B09.1008.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
XnView 2.13 (x32 Version: 2.13 - Gougelet Pierre-e)

==================== Restore Points  =========================

27-11-2013 22:56:27 Removed Nokia Ovi Suite Software Updater.
03-12-2013 22:58:25 Windows Update
11-12-2013 17:46:30 Windows Update
17-12-2013 16:36:41 Windows Update
30-12-2013 17:26:57 Geplanter Prüfpunkt
31-12-2013 17:55:10 Windows Update
02-01-2014 16:41:29 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0EACA5CC-0AE4-4DDB-976E-24C53DB99177} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2EE7D143-F24D-4911-8650-3D6E3927DE7C} - System32\Tasks\{BBAD3994-D690-45D5-A0B8-1DC4FC07C485} => E:\realtek 3\Setup.exe
Task: {3C21BE89-E85B-42BE-B37E-8954B246E0DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {42A7BC80-EF53-4795-B70B-9E00F9D4788E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27] (Google Inc.)
Task: {46498A57-A5C5-48D3-B0AD-4657B2158DE3} - System32\Tasks\{D3396F4F-EF01-4210-AEED-0ABD7286606D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {47E0EEC6-858F-442A-A32A-6D360B6FAECA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5031CFBD-358C-49B4-A100-5C9F43D093BA} - System32\Tasks\{8046DF4D-D17F-450E-BBE4-397FCF70BD01} => E:\Realtek 1\setup.exe
Task: {59D85B53-53FB-4049-9136-BA9678C6F2F5} - System32\Tasks\{B0654B2B-1401-4BAD-BB9D-0A6145B74B1C} => E:\realtek 3\Setup.exe
Task: {61EF0B03-AD36-41C5-BE71-EF3566F8A48A} - System32\Tasks\{40E1F983-D33D-4DF1-A349-43713C005754} => E:\Realtek 1\setup.exe
Task: {6E128B00-95C5-47DF-9116-7485604D3724} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-11928048-3020336464-2142479635-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {735DC132-A9C1-40C8-9544-60BCB2591FC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27] (Google Inc.)
Task: {915833E3-9CC4-43C2-81F6-3F4E32D83492} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A322D29F-CBFE-4C11-8AB5-1190A98861C5} - System32\Tasks\{81BB627F-A4E9-4D1B-AEB7-6BADDC535A1D} => E:\Realtek 1\setup.exe
Task: {B1FA6099-B940-4DEE-9617-A70C8D77E81F} - System32\Tasks\{74ADA1FD-CE51-4B2D-8473-88EDEBB3AC3C} => C:\Users\MK\Downloads\HDELUXE-Vista-x64-V2.4.exe [2011-01-09] (Macrovision Corporation)
Task: {BA41295D-4179-4F42-8B76-6DB387D3C89A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-11928048-3020336464-2142479635-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D3232B65-8364-402A-86A7-1BEE7505E8D0} - \DealPly No Task File
Task: {D625EDC8-8B06-4A03-A6B5-B59E8271D93F} - System32\Tasks\{89FFA6F5-28C3-43AC-A003-B6F38E9BB9A9} => E:\realtek 3\Setup.exe
Task: {D72EED8E-A184-4463-A0BE-E09E58344607} - \DealPlyUpdate No Task File
Task: {D80C01B2-D17D-44FC-85FA-4CCBF8ADB098} - \DigitalSite No Task File
Task: {DE889543-EF82-4A69-8AA4-13F3FC02F7F6} - System32\Tasks\{EC946E08-8C29-40E0-B740-1EA004E582BD} => E:\Realtek 1\setup.exe
Task: {DFE2F94B-A68F-418E-BC12-6A9A93D44FE4} - System32\Tasks\{BD8D1D53-B231-47DD-8490-6B608A1DF46F} => E:\Realtek 1\setup.exe
Task: {E71E7A73-F0F6-4909-BDAC-58F1CC3B6414} - System32\Tasks\{2F69AC53-D4A1-44CB-AFC6-39EB235028B5} => C:\Users\MK\Downloads\HCLASSIC-Vista-x64-V2.4.exe
Task: {FF435E10-7AA9-44F2-AF4F-690EEAE0368A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-28 11:06 - 2013-07-28 01:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-26 21:34 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-26 21:34 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-26 21:34 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-26 21:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-26 21:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00018207 _____ () C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
2013-12-12 23:41 - 2013-12-12 23:41 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-12 23:41 - 2013-12-12 23:41 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-12 23:41 - 2013-12-12 23:41 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-22 23:38 - 2013-12-22 23:38 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-12 23:20 - 2013-12-12 23:20 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 05:24:23 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c8c

Startzeit: 01cf07d6a078d1cf

Endzeit: 57

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 525be37c-73ca-11e3-9082-1c6f658452cf

Error: (01/01/2014 09:45:42 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/30/2013 06:20:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (12/13/2013 07:43:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00033ac3
ID des fehlerhaften Prozesses: 0x1d0
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (12/09/2013 08:15:03 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 680

Startzeit: 01cef5046b81d5a8

Endzeit: 187

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 2f4c2c92-6106-11e3-a72d-1c6f658452cf

Error: (12/09/2013 07:00:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.


System errors:
=============
Error: (01/04/2014 11:00:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/04/2014 11:00:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/04/2014 10:57:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (01/04/2014 10:57:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (01/04/2014 10:57:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/04/2014 10:57:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/03/2014 09:29:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/03/2014 09:29:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/03/2014 09:27:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (01/03/2014 09:27:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060


Microsoft Office Sessions:
=========================
Error: (01/02/2014 05:24:23 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087c8c01cf07d6a078d1cf57C:\Program Files (x86)\Mozilla Firefox\firefox.exe525be37c-73ca-11e3-9082-1c6f658452cf

Error: (01/01/2014 09:45:42 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/30/2013 06:20:00 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (12/13/2013 07:43:57 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.18150518c6df8ntdll.dll6.1.7601.18247521ea8e7c000000500033ac31d001cef8333fd11909C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Windows\SysWOW64\ntdll.dll855a470f-6426-11e3-850e-1c6f658452cf

Error: (12/09/2013 08:15:03 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756768001cef5046b81d5a8187C:\Windows\Explorer.EXE2f4c2c92-6106-11e3-a72d-1c6f658452cf

Error: (12/09/2013 07:00:47 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4093.55 MB
Available physical RAM: 2405.54 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 6117.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Win 'N Tools) (Fixed) (Total:465.66 GB) (Free:390.94 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:719.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 04AD4985)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 04AD499A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
Farbar Service Scanner Version: 05-12-2013
Ran by MK (administrator) on 04-01-2014 at 11:09:58
Running from "C:\Users\MK\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
So, Leo, ich hoffe du hast jetzt alles was du für die Analyse benötigst.

Gruß
Matthias

aharonov 04.01.2014 14:17
Hallo Matthias,

ja da wurde was zerschossen.


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von FRST

padermats 06.01.2014 17:41
AdwCleaner[S2]
Code:
# AdwCleaner v3.016 - Bericht erstellt am 06/01/2014 um 16:59:20
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : MK - MK-PC
# Gestartet von : C:\Users\MK\Downloads\adwcleaner_3.016.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\MK\AppData\Local\Temp\Softonic
Ordner Gelöscht : C:\Users\MK\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\MK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\prefs.js ]

Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076");
Zeile gelöscht : user_pref("extensions.Softonic.hpOld0", "hxxps://www.google.de/");
Zeile gelöscht : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076&q=");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");

*************************

AdwCleaner[R0].txt - [10229 octets] - [27/11/2013 23:34:59]
AdwCleaner[R1].txt - [1136 octets] - [05/12/2013 23:48:04]
AdwCleaner[R2].txt - [3209 octets] - [06/01/2014 16:56:43]
AdwCleaner[R3].txt - [3269 octets] - [06/01/2014 16:58:46]
AdwCleaner[S0].txt - [8726 octets] - [27/11/2013 23:37:05]
AdwCleaner[S1].txt - [1202 octets] - [05/12/2013 23:51:33]
AdwCleaner[S2].txt - [3042 octets] - [06/01/2014 16:59:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3102 octets] ##########
AdwCleaner[R3]
Ich hatte diese beiden logfiles auf meinem Rechner
Code:
# AdwCleaner v3.016 - Bericht erstellt am 06/01/2014 um 16:58:46
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : MK - MK-PC
# Gestartet von : C:\Users\MK\Downloads\adwcleaner_3.016.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\searchplugins\softonic.xml
Datei Gefunden : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\user.js
Ordner Gefunden : C:\Users\MK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Ordner Gefunden : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden C:\Users\MK\AppData\Local\Temp\Softonic
Ordner Gefunden C:\Users\MK\AppData\Roaming\Windows Net Data

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\prefs.js ]

Zeile gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gefunden : user_pref("extensions.Softonic.dnsErr", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpg", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076");
Zeile gefunden : user_pref("extensions.Softonic.hpOld0", "hxxps://www.google.de/");
Zeile gefunden : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076&q=");
Zeile gefunden : user_pref("extensions.Softonic.newTab", true);
Zeile gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=8c489f3d0000000000001c6f658452cf&toi=16076");
Zeile gefunden : user_pref("extensions.Softonic.rvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");

*************************

AdwCleaner[R0].txt - [10229 octets] - [27/11/2013 23:34:59]
AdwCleaner[R1].txt - [1136 octets] - [05/12/2013 23:48:04]
AdwCleaner[R2].txt - [3209 octets] - [06/01/2014 16:56:43]
AdwCleaner[R3].txt - [3005 octets] - [06/01/2014 16:58:46]
AdwCleaner[S0].txt - [8726 octets] - [27/11/2013 23:37:05]
AdwCleaner[S1].txt - [1202 octets] - [05/12/2013 23:51:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3185 octets] ##########
Hier das Combofix logfile (Was sind Code Tags ?)
Code:
ComboFix 14-01-04.03 - MK 06.01.2014  17:20:17.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4094.2761 [GMT 1:00]
ausgeführt von:: c:\users\MK\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-12-06 bis 2014-01-06  ))))))))))))))))))))))))))))))
.
.
2014-01-04 10:04 . 2014-01-04 10:04        --------        d-----w-        C:\FRST
2013-12-31 15:51 . 2013-09-04 12:12        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-12-31 15:51 . 2013-09-04 12:11        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-12-31 15:51 . 2013-09-04 12:11        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-12-31 15:51 . 2013-09-04 12:11        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-12-31 15:51 . 2013-09-04 12:11        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-12-31 15:51 . 2013-09-04 12:11        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-12-31 15:51 . 2013-09-04 12:11        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-12-12 22:41 . 2013-12-13 16:32        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-12-11 17:48 . 2013-05-10 05:56        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2013-12-11 17:48 . 2013-05-10 04:30        167424        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 17:48 . 2013-05-10 03:48        164864        ----a-w-        c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 17:48 . 2013-05-10 04:56        12625408        ----a-w-        c:\windows\SysWow64\wmploc.DLL
2013-12-11 17:48 . 2013-05-10 05:56        14631424        ----a-w-        c:\windows\system32\wmp.dll
2013-12-11 16:42 . 2013-10-30 02:32        335360        ----a-w-        c:\windows\system32\msieftp.dll
2013-12-11 16:42 . 2013-10-30 02:19        301568        ----a-w-        c:\windows\SysWow64\msieftp.dll
2013-12-11 16:42 . 2013-10-30 01:24        3155968        ----a-w-        c:\windows\system32\win32k.sys
2013-12-11 16:42 . 2013-11-23 18:26        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-12-11 16:42 . 2013-11-23 17:47        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 15:28 . 2013-07-28 10:07        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-12-18 15:28 . 2013-07-28 10:06        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-12-18 15:28 . 2013-07-28 10:06        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-12-17 16:37 . 2011-01-16 23:01        90708896        ----a-w-        c:\windows\system32\MRT.exe
2013-12-12 22:20 . 2012-04-01 22:23        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 22:20 . 2011-05-16 17:38        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-03 23:00 . 2013-12-03 23:00        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 23:00 . 2013-12-03 23:00        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-12-03 23:00 . 2013-12-03 23:00        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 23:00 . 2013-12-03 23:00        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-12-03 23:00 . 2013-12-03 23:00        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-12-03 23:00 . 2013-12-03 23:00        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 23:00 . 2013-12-03 23:00        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-12-03 23:00 . 2013-12-03 23:00        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-12-03 23:00 . 2013-12-03 23:00        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-12-03 23:00 . 2013-12-03 23:00        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-12-03 23:00 . 2013-12-03 23:00        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 23:00 . 2013-12-03 23:00        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-12-03 23:00 . 2013-12-03 23:00        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 23:00 . 2013-12-03 23:00        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 23:00 . 2013-12-03 23:00        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 23:00 . 2013-12-03 23:00        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-12-03 23:00 . 2013-12-03 23:00        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-12-03 23:00 . 2013-12-03 23:00        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 23:00 . 2013-12-03 23:00        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-12-03 23:00 . 2013-12-03 23:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-12-03 23:00 . 2013-12-03 23:00        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-12-03 23:00 . 2013-12-03 23:00        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-12-03 23:00 . 2013-12-03 23:00        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-12-03 23:00 . 2013-12-03 23:00        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-12-03 23:00 . 2013-12-03 23:00        195584        ----a-w-        c:\windows\system32\msrating.dll
2013-12-03 23:00 . 2013-12-03 23:00        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-12-03 23:00 . 2013-12-03 23:00        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-12-03 23:00 . 2013-12-03 23:00        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-12-03 23:00 . 2013-12-03 23:00        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-12-03 23:00 . 2013-12-03 23:00        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-12-03 23:00 . 2013-12-03 23:00        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-12-03 23:00 . 2013-12-03 23:00        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 23:00 . 2013-12-03 23:00        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-12-03 23:00 . 2013-12-03 23:00        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 23:00 . 2013-12-03 23:00        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-12-03 23:00 . 2013-12-03 23:00        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-12-03 23:00 . 2013-12-03 23:00        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-12-03 23:00 . 2013-12-03 23:00        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-12-03 23:00 . 2013-12-03 23:00        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-12-03 23:00 . 2013-12-03 23:00        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2013-12-03 23:00 . 2013-12-03 23:00        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-12-03 23:00 . 2013-12-03 23:00        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-12-03 23:00 . 2013-12-03 23:00        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-12-03 23:00 . 2013-12-03 23:00        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-12-03 23:00 . 2013-12-03 23:00        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-12-03 23:00 . 2013-12-03 23:00        413696        ----a-w-        c:\windows\system32\html.iec
2013-12-03 23:00 . 2013-12-03 23:00        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 23:00 . 2013-12-03 23:00        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-12-03 23:00 . 2013-12-03 23:00        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-12-03 23:00 . 2013-12-03 23:00        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-12-03 23:00 . 2013-12-03 23:00        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-12-03 23:00 . 2013-12-03 23:00        235520        ----a-w-        c:\windows\system32\url.dll
2013-12-03 23:00 . 2013-12-03 23:00        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-12-03 23:00 . 2013-12-03 23:00        147968        ----a-w-        c:\windows\system32\occache.dll
2013-12-03 23:00 . 2013-12-03 23:00        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-12-03 23:00 . 2013-12-03 23:00        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-12-03 23:00 . 2013-12-03 23:00        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-12-03 23:00 . 2013-12-03 23:00        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-12-03 23:00 . 2013-12-03 23:00        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-25 15:00 . 2013-07-28 10:06        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-10-30 11:13 . 2013-11-13 16:38        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2013-10-30 11:07 . 2013-10-30 11:07        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2013-10-30 11:07 . 2013-10-30 11:07        330240        ----a-w-        c:\windows\MASetupCaller.dll
2013-10-30 11:07 . 2013-10-30 11:07        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2013-10-30 11:06 . 2013-10-30 11:06        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2013-10-30 11:06 . 2013-10-30 11:06        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-10-30 11:06 . 2013-10-30 11:06        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-10-30 11:06 . 2013-10-30 11:06        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2013-10-30 11:06 . 2013-10-30 11:06        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2013-10-30 11:06 . 2013-10-30 11:06        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2013-10-30 11:06 . 2013-10-30 11:06        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2013-10-30 11:06 . 2013-10-30 11:06        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2013-10-30 11:06 . 2013-10-30 11:06        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
2013-10-30 11:06 . 2013-10-30 11:06        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2013-10-30 11:06 . 2013-10-30 11:06        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll
2013-10-30 11:06 . 2013-10-30 11:06        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll
2013-10-30 11:06 . 2013-10-30 11:06        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll
2013-10-30 11:06 . 2013-10-30 11:06        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll
2013-10-30 11:06 . 2013-10-30 11:06        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax
2013-10-30 11:06 . 2013-10-30 11:06        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll
2013-10-30 11:06 . 2013-10-30 11:06        24576        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe
2013-10-30 11:06 . 2013-10-30 11:06        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll
2013-10-30 11:06 . 2013-10-30 11:06        172032        ----a-w-        c:\windows\SysWow64\muzapp.exe
2013-10-30 11:06 . 2013-10-30 11:06        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll
2013-10-30 11:06 . 2013-10-30 11:06        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2013-10-30 11:06 . 2013-10-30 11:06        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll
2013-10-30 11:06 . 2013-10-30 11:06        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax
2013-10-30 11:06 . 2013-10-30 11:06        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax
2013-10-30 11:06 . 2013-10-30 11:06        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll
2013-10-30 11:06 . 2013-10-30 11:06        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax
2013-10-30 11:06 . 2013-11-13 16:37        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll
2013-10-24 20:41 . 2013-10-24 20:41        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-14 17:00 . 2013-12-03 23:03        28368        ----a-w-        c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 15:58        830464        ----a-w-        c:\windows\system32\nshwfp.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-11-06 1564528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 RtlService;RtlService;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys;c:\windows\SYSNATIVE\DRIVERS\camfilt2.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 OM0530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vx.sys;c:\windows\SYSNATIVE\Drivers\ov530vx.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:20]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 21:07]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 21:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-27 22:27        2486592        ----a-w-        c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
Trusted Zone: alice-dsl.de\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://soze69.ddns-instar.de:81/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: 2013-11-27 22:39; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Windows Time - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-VIS - c:\users\MK\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-FoxTab PDF Converter - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-11928048-3020336464-2142479635-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-11928048-3020336464-2142479635-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-11928048-3020336464-2142479635-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-06  17:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-01-06 16:30
.
Vor Suchlauf: 8 Verzeichnis(se), 419.892.678.656 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 420.415.475.712 Bytes frei
.
- - End Of File - - CF072F4F5A316BC327C8CC102023718B
A36C5E4F47E84449FF07ED3517B43A31
und hier das letzte benötigte log file:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by MK (administrator) on MK-PC on 06-01-2014 17:33:50
Running from C:\Users\MK\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB76357F844ACCB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/Magix%20Video/Disc%20Images/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/Magix%20Video/Disc%20Images/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/Magix%20Video/Disc%20Images/components/wmvhdrating.ocx
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://soze69.ddns-instar.de:81/codebase/DVM_IPCam2.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699
FF NewTab: www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\MK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\9b9gn9fc.default-1385587810699\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-27] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S4 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 MSKSSRV; C:\Windows\SysWow64\drivers\MSKSSRV.sys [6640 1999-09-25] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\SysWow64\drivers\MSPCLOCK.sys [5008 1999-09-25] (Microsoft Corporation)
R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 NVHDA; system32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 17:33 - 2014-01-06 17:33 - 00013571 _____ C:\Users\MK\Downloads\FRST.txt
2014-01-06 17:33 - 2014-01-06 17:33 - 00000000 ____D C:\Users\MK\Downloads\FRST-OlderVersion
2014-01-06 17:30 - 2014-01-06 17:30 - 00025768 _____ C:\ComboFix.txt
2014-01-06 17:18 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 17:18 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 17:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 17:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 17:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 17:18 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 17:18 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 17:18 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 16:56 - 2014-01-06 16:56 - 01233962 _____ C:\Users\MK\Downloads\adwcleaner_3.016.exe
2014-01-06 16:44 - 2014-01-06 17:30 - 00000000 ____D C:\Qoobox
2014-01-06 16:44 - 2014-01-06 17:29 - 00000000 ____D C:\Windows\erdnt
2014-01-06 16:43 - 2014-01-06 16:44 - 05160001 ____R (Swearware) C:\Users\MK\Desktop\ComboFix.exe
2014-01-06 16:42 - 2014-01-06 16:42 - 00401744 _____ (Softonic                                        ) C:\Users\MK\Downloads\SoftonicDownloader_fuer_combofix.exe
2014-01-04 11:09 - 2014-01-04 11:10 - 00004348 _____ C:\Users\MK\Desktop\FSS.txt
2014-01-04 11:08 - 2014-01-04 11:08 - 00708597 _____ (Farbar) C:\Users\MK\Downloads\FSS.exe
2014-01-04 11:05 - 2014-01-04 11:05 - 00024481 _____ C:\Users\MK\Desktop\Addition.txt
2014-01-04 11:04 - 2014-01-06 17:33 - 00000000 ____D C:\FRST
2014-01-04 11:04 - 2014-01-04 11:05 - 00029046 _____ C:\Users\MK\Desktop\FRST.txt
2014-01-04 11:01 - 2014-01-06 17:33 - 01931762 _____ (Farbar) C:\Users\MK\Downloads\FRST64.exe
2014-01-03 19:37 - 2014-01-03 19:37 - 14995648 _____ (Gougelet Pierre-e                                          ) C:\Users\MK\Downloads\XnView-win-full_2.13.exe
2014-01-02 17:19 - 2014-01-02 17:19 - 00285856 _____ C:\Windows\Minidump\010214-51480-01.dmp
2013-12-31 16:51 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-31 16:51 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-22 23:38 - 2013-12-22 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 19:10 - 2013-12-13 19:14 - 00489137 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien(1).zip
2013-12-13 19:03 - 2013-12-13 19:03 - 11133032 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien.zip
2013-12-13 18:58 - 2013-12-13 19:01 - 00410360 _____ C:\Users\MK\Downloads\Save Your Soul - 4 Dateien.zip
2013-12-13 18:54 - 2013-12-13 18:58 - 00000022 _____ C:\Users\MK\Downloads\OK It's Alright With Me - 5 Dateien.zip
2013-12-13 18:51 - 2013-12-13 18:56 - 00000022 _____ C:\Users\MK\Downloads\It's A Beautiful Day - 5 Dateien.zip
2013-12-12 23:41 - 2013-12-13 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 18:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 18:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 18:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 18:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 18:47 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 18:47 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 18:47 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 18:47 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 18:47 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 18:47 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 18:47 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 18:47 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 18:47 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 18:47 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 18:47 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 18:47 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 18:47 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 18:47 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 18:47 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 18:47 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 18:47 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 18:47 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 18:47 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 18:47 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 18:47 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 18:47 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 18:47 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 18:47 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 18:47 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 18:47 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 18:47 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 18:47 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 18:47 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 18:47 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 18:47 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:42 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 17:42 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 17:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 17:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 17:42 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 17:41 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 17:41 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 17:41 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 17:41 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 17:41 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 17:41 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 17:41 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 17:41 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 17:41 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 17:41 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 17:41 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 17:41 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 17:41 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 17:41 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-06 17:34 - 2014-01-06 17:33 - 00013571 _____ C:\Users\MK\Downloads\FRST.txt
2014-01-06 17:33 - 2014-01-06 17:33 - 00000000 ____D C:\Users\MK\Downloads\FRST-OlderVersion
2014-01-06 17:33 - 2014-01-04 11:04 - 00000000 ____D C:\FRST
2014-01-06 17:33 - 2014-01-04 11:01 - 01931762 _____ (Farbar) C:\Users\MK\Downloads\FRST64.exe
2014-01-06 17:33 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2014-01-06 17:33 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2014-01-06 17:33 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 17:30 - 2014-01-06 17:30 - 00025768 _____ C:\ComboFix.txt
2014-01-06 17:30 - 2014-01-06 16:44 - 00000000 ____D C:\Qoobox
2014-01-06 17:30 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-06 17:29 - 2014-01-06 16:44 - 00000000 ____D C:\Windows\erdnt
2014-01-06 17:27 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-06 17:26 - 2011-01-27 22:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 17:26 - 2010-12-22 22:37 - 00056432 _____ C:\Windows\PFRO.log
2014-01-06 17:26 - 2010-12-22 22:35 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-06 17:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 17:26 - 2009-07-14 05:51 - 00103919 _____ C:\Windows\setupact.log
2014-01-06 17:25 - 2010-12-22 22:25 - 01926360 _____ C:\Windows\WindowsUpdate.log
2014-01-06 17:23 - 2011-01-27 22:07 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 17:20 - 2012-04-01 23:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 17:14 - 2013-09-26 21:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-06 17:08 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 17:08 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 16:59 - 2013-11-27 23:34 - 00000000 ____D C:\AdwCleaner
2014-01-06 16:56 - 2014-01-06 16:56 - 01233962 _____ C:\Users\MK\Downloads\adwcleaner_3.016.exe
2014-01-06 16:44 - 2014-01-06 16:43 - 05160001 ____R (Swearware) C:\Users\MK\Desktop\ComboFix.exe
2014-01-06 16:44 - 2011-01-27 22:07 - 00000000 ____D C:\Users\MK\AppData\Local\Google
2014-01-06 16:42 - 2014-01-06 16:42 - 00401744 _____ (Softonic                                        ) C:\Users\MK\Downloads\SoftonicDownloader_fuer_combofix.exe
2014-01-06 16:35 - 2011-01-08 23:10 - 00000000 ____D C:\Users\MK\AppData\Roaming\Skype
2014-01-06 16:29 - 2013-11-27 23:27 - 00000000 ____D C:\ProgramData\ProductData
2014-01-04 12:57 - 2012-06-15 15:36 - 00000099 _____ C:\Users\Public\LMDebug.log
2014-01-04 11:28 - 2012-12-30 18:01 - 00000000 ____D C:\Users\MK\AppData\Roaming\FileZilla
2014-01-04 11:17 - 2011-02-14 22:55 - 00000000 ____D C:\Users\MK\AppData\Roaming\XnView
2014-01-04 11:10 - 2014-01-04 11:09 - 00004348 _____ C:\Users\MK\Desktop\FSS.txt
2014-01-04 11:08 - 2014-01-04 11:08 - 00708597 _____ (Farbar) C:\Users\MK\Downloads\FSS.exe
2014-01-04 11:05 - 2014-01-04 11:05 - 00024481 _____ C:\Users\MK\Desktop\Addition.txt
2014-01-04 11:05 - 2014-01-04 11:04 - 00029046 _____ C:\Users\MK\Desktop\FRST.txt
2014-01-03 19:38 - 2011-02-14 22:54 - 00000000 ____D C:\Program Files (x86)\XnView
2014-01-03 19:37 - 2014-01-03 19:37 - 14995648 _____ (Gougelet Pierre-e                                          ) C:\Users\MK\Downloads\XnView-win-full_2.13.exe
2014-01-03 19:00 - 2011-01-08 21:44 - 00000000 ____D C:\Users\MK\AppData\Local\Adobe
2014-01-02 17:19 - 2014-01-02 17:19 - 00285856 _____ C:\Windows\Minidump\010214-51480-01.dmp
2014-01-02 17:19 - 2013-07-10 21:30 - 494382881 _____ C:\Windows\MEMORY.DMP
2014-01-02 17:19 - 2011-06-22 07:30 - 00000000 ____D C:\Windows\Minidump
2013-12-31 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-30 18:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 23:45 - 2012-04-27 22:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 23:38 - 2013-12-22 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 16:28 - 2013-07-28 11:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 16:28 - 2013-07-28 11:06 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 16:28 - 2013-07-28 11:06 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 17:41 - 2013-08-19 12:10 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 17:37 - 2011-01-17 00:01 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 17:24 - 2011-01-27 22:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 16:43 - 2013-11-27 23:27 - 00000000 ____D C:\ProgramData\IObit
2013-12-17 16:42 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 19:14 - 2013-12-13 19:10 - 00489137 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien(1).zip
2013-12-13 19:03 - 2013-12-13 19:03 - 11133032 _____ C:\Users\MK\Downloads\When I Get Famous - 5 Dateien.zip
2013-12-13 19:01 - 2013-12-13 18:58 - 00410360 _____ C:\Users\MK\Downloads\Save Your Soul - 4 Dateien.zip
2013-12-13 18:58 - 2013-12-13 18:54 - 00000022 _____ C:\Users\MK\Downloads\OK It's Alright With Me - 5 Dateien.zip
2013-12-13 18:56 - 2013-12-13 18:51 - 00000022 _____ C:\Users\MK\Downloads\It's A Beautiful Day - 5 Dateien.zip
2013-12-13 17:32 - 2013-12-12 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 23:20 - 2012-04-01 23:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 23:20 - 2012-04-01 23:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 23:20 - 2011-05-16 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 23:18 - 2011-01-27 22:07 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 23:18 - 2011-01-27 22:07 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 22:31 - 2009-07-14 05:45 - 00323512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 17:33 - 2011-01-08 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-11 17:33 - 2011-01-08 23:10 - 00000000 ____D C:\ProgramData\Skype

ZeroAccess:
C:\Users\MK\AppData\Local\0f134d2d
C:\Users\MK\AppData\Local\0f134d2d\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 18:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Nun bin ich gespannt auf deine Antwort.

Gruß
Matthias

aharonov 06.01.2014 20:24
Hallo Matthias,

mach bitte nochmals einen Scan mit FSS (Farbars Service Scanner) und poste das Log.

padermats 06.01.2014 20:33
Hab mal bei den Diensten nachgeschaut. Der WSCVC ist jetzt tatsächlich vorhanden und aktiviert. Allerdings meldet das Wartungscenter das Avira nicht aktiviert ist obwohl ich dieses programm bereits wieder aktiviert habe (sollte ich ja zuvor deaktivieren). Seltsam, oder ? Wenn ich es dann über das Artungscenter (erneut) aktiviere ("jetzt einschalten") wird zwar das Programm aufgerufen aber es passiert danach nichts, und die Meldung im wartungscenter bleit auch auf "nicht eingeschaltet"

Code:
Farbar Service Scanner Version: 05-12-2013
Ran by MK (administrator) on 06-01-2014 at 20:27:04
Running from "C:\Users\MK\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

aharonov 06.01.2014 21:08
Ja was kleines fehlt noch.
Mach bitte folgenden Fix, starte dann den Rechner neu und teste nochmals. Stimmt dann alles im Wartungscenter oder was funktioniert noch nicht?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\MK\AppData\Local\0f134d2d
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart /t REG_SZ /f

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


padermats 06.01.2014 21:37
Das FSS Log sah ja auch schon deutlich aufgeräumter aus als beim ersten scan. Da hat ComboFix ja ganze arbeit geleistet. Und du natürlich. Vermutlich ist jetzt nicht nur der Security service wieder korrekt installiert sondern sonst noch ne menge anderer sachen wieder geradegezogen worden, von denen ich noch gar nichts wußte.
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by MK at 2014-01-06 21:33:01 Run:1
Running from C:\Users\MK\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\MK\AppData\Local\0f134d2d
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart /t REG_SZ /f

*****************

C:\Users\MK\AppData\Local\0f134d2d => Moved successfully.

========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart /t REG_SZ /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


==== End of Fixlog ====
Soll ich den Rechner nun neu starten um die Änderung wirksam werden zu lassen ?

aharonov 06.01.2014 21:40
Zitat:
Soll ich den Rechner nun neu starten um die Änderung wirksam werden zu lassen ?
Ja, jetzt den Rechner neu starten und dann nochmals testen im Wartungscenter.

padermats 06.01.2014 21:46
leider wird nach neustart avira immer noch nicht vom Wartungscenter als aktiviert angezeigt.

aharonov 06.01.2014 21:47
Mach nochmals einen FSS-Scan.

padermats 06.01.2014 21:59
hat leider nix gefruchtet. AVIR wird weiterhin als deaktiv angezeigt. Habe jetzt einfach Meldungen zum Antivirenprogramm abgeschaltet. nun ist ruhe :)

moment

Code:
Farbar Service Scanner Version: 05-12-2013
Ran by MK (administrator) on 06-01-2014 at 21:59:00
Running from "C:\Users\MK\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

aharonov 06.01.2014 21:59
Dann kontrollieren wir noch:


Schritt 1
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

padermats 06.01.2014 22:23
zunächst Ergebnis Malwarebytes: (nachdem ich das Entfernen der ausgewählte Dateien - eine einzige - initiiert habe meldet Avir dass der zugrif auf die registry erkannt wurde und unterdrückt wurde)
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
MK :: MK-PC [Administrator]

06.01.2014 22:03:33
mbam-log-2014-01-06 (22-03-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244025
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MK\Downloads\SoftonicDownloader_fuer_combofix.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Der Online Scan läuft wohl noch ne Weile....
Ist ja auch ne Nummer dass der download von Combofix selbst zu einer infizierten Datei geführt hat durch den softonic Downloader. zezeze...


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:31 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131