Sticks dran lassen sodass sich die Laufwerksbuchstaben nicht mehr ändern.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-09-22.01 - Johannes 22.09.2013  17:02:39.4.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3854.2363 [GMT 2:00]
ausgeführt von:: c:\users\Johannes_2\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-22 bis 2013-09-22  ))))))))))))))))))))))))))))))
.
.
2013-09-22 15:11 . 2013-09-22 15:11	--------	d-----w-	c:\users\Johannes_2\AppData\Local\temp
2013-09-21 17:55 . 2013-09-21 17:55	--------	d-----w-	C:\games
2013-09-21 05:06 . 2013-09-21 05:06	--------	d-----w-	c:\program files (x86)\ESET
2013-09-20 15:13 . 2013-09-20 15:13	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\Malwarebytes
2013-09-20 14:52 . 2013-09-20 14:52	--------	d-----w-	c:\windows\ERUNT
2013-09-20 14:42 . 2013-09-20 14:43	--------	d-----w-	C:\AdwCleaner
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Malwarebytes
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-20 14:09 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-18 15:16 . 2013-09-21 11:55	--------	d-----w-	C:\FRST
2013-09-16 16:45 . 2013-09-16 16:45	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\dvdcss
2013-09-14 11:26 . 2013-09-18 16:29	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\vlc
2013-09-14 11:11 . 2013-09-14 11:12	--------	d-----w-	c:\users\Johannes\AppData\Roaming\vlc
2013-09-14 11:10 . 2013-09-14 11:10	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-09-12 21:07 . 2013-09-12 21:07	--------	d-----w-	c:\program files\iPod
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\program files\iTunes
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:18 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ARPPRODUCTICON.exe
2013-09-12 20:18 . 2013-09-12 20:18	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Google
2013-09-07 08:50 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\program files (x86)\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\DatacardService
2013-09-04 16:35 . 2013-08-15 15:46	59525	--sha-w-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
2013-09-04 16:35 . 2013-08-15 15:46	59525	----a-w-	c:\users\Johannes_2\angry birds.vbe
2013-09-02 14:36 . 2013-09-02 14:36	--------	d-----w-	c:\users\Johannes\AppData\Local\ElevatedDiagnostics
2013-08-28 18:07 . 2013-09-07 11:38	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Diagnostics
2013-08-23 21:04 . 2004-03-29 13:23	90112	----a-w-	c:\windows\unvise32.exe
2013-08-23 21:04 . 2013-08-23 21:04	--------	d-----w-	C:\Psfonts
2013-08-23 21:04 . 2013-08-23 21:04	--------	d-----w-	c:\program files (x86)\Finale PrintMusic 2006
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2013-05-13 13:40	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-13 13:40	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-13 13:40	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-13 13:40	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-13 13:40	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-13 13:40	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-13 13:40	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-13 13:39	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-13 13:39	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-13 13:39	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-20 17:57 . 2013-05-13 14:04	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-31 23:29 . 2013-06-07 13:21	405360	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13 . 2013-08-18 21:12	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-07-26 05:13 . 2013-08-18 21:12	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-07-26 05:13 . 2013-08-18 21:12	915968	----a-w-	c:\windows\system32\uxtheme.dll
2013-07-26 05:13 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\UXInit.dll
2013-07-26 05:13 . 2013-08-18 21:12	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-07-26 05:12 . 2013-08-18 21:12	19239424	----a-w-	c:\windows\system32\mshtml.dll
2013-07-26 05:12 . 2013-08-18 21:12	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-07-26 05:12 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\jsproxy.dll
2013-07-26 05:12 . 2013-08-18 21:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-07-26 05:12 . 2013-08-18 21:11	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-07-26 05:12 . 2013-08-18 21:12	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-07-26 05:12 . 2013-08-18 21:12	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-07-26 05:12 . 2013-08-18 21:12	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-07-26 05:12 . 2013-08-18 21:12	15405056	----a-w-	c:\windows\system32\ieframe.dll
2013-07-26 05:12 . 2013-08-18 21:11	2647040	----a-w-	c:\windows\system32\iertutil.dll
2013-07-26 03:35 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-26 03:13 . 2013-08-18 21:12	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-07-26 03:13 . 2013-08-18 21:12	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2013-07-26 03:12 . 2013-08-18 21:11	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-07-26 03:12 . 2013-08-18 21:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-07-26 03:12 . 2013-08-18 21:12	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-07-26 00:54 . 2013-08-18 21:12	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
2013-07-15 11:28 . 2013-07-15 11:28	57344	----a-r-	c:\users\Johannes\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2013-07-15 11:26 . 2013-07-15 11:27	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2013-07-13 06:18 . 2013-08-18 21:06	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-18 21:06	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-18 21:06	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-18 21:06	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-18 21:06	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-18 21:06	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-18 21:06	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-18 21:06	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-18 21:06	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-18 21:13	2233168	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-18 21:12	36288	----a-w-	c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-18 21:12	247216	----a-w-	c:\windows\system32\drivers\WdFilter.sys
2013-06-30 20:43 . 2013-06-30 20:43	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-30 20:43 . 2013-06-30 20:43	312232	----a-w-	c:\windows\system32\javaws.exe
2013-06-30 20:43 . 2013-06-30 20:43	189352	----a-w-	c:\windows\system32\javaw.exe
2013-06-30 20:43 . 2013-06-30 20:43	188840	----a-w-	c:\windows\system32\java.exe
2013-06-30 20:43 . 2013-06-07 12:11	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-30 20:43 . 2013-06-07 12:11	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-27 22:04 . 2013-06-07 13:21	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-08-30 548864]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-07-12 55560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2013-08-30 50904]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
angry birds.vbe [2013-8-15 59525]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-8-17 1346936]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
.
R2 Mascom internet. RunOuc;Mascom internet. OUC;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe [x]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 intelsba;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 19:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Johannes_2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-07-20 373760]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-26 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-26 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-26 441152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13-comm.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{17054FAC-C445-4402-B354-5F79FABD29A9}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{357A3CE7-C3E4-4970-8B0D-EF16F5F06EFC}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{3FFBD86D-B874-42E9-A3C5-E8C8E687C481}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{C0328E98-9225-4364-BFC6-1D65CD6D562F}: NameServer = 41.223.73.82 0.0.0.0
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-09-22  17:14:37
ComboFix-quarantined-files.txt  2013-09-22 15:14
.
Vor Suchlauf: 22 Verzeichnis(se), 399.099.232.256 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 399.063.842.816 Bytes frei
.
- - End Of File - - F76FBBD2FD03D4400FC53169315F7D06
         

hi,

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

• Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
• Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
• Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
• Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
  
  Code: Alles auswählenAufklappen

  ATTFilter

  File::
  c:\users\Johannes_2\angry birds.vbe
  c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
  d:\angry birds.vbe
  f:\angry birds.vbe
  g:\angry birds.vbe
  j:\angry birds.vbe
           

• Speichere dies als CFScript.txt auf deinem Desktop.
• Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
• Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  
  
• Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
  Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Kam nichts von wegen COLLECT SUSPECT. War alles wie bei den Scans zuvor.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-09-22.01 - Johannes 22.09.2013  21:07:05.5.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3854.2151 [GMT 2:00]
ausgeführt von:: c:\users\Johannes_2\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johannes_2\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Johannes_2\angry birds.vbe"
"c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe"
"d:\angry birds.vbe"
"f:\angry birds.vbe"
"g:\angry birds.vbe"
"j:\angry birds.vbe"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-22 bis 2013-09-22  ))))))))))))))))))))))))))))))
.
.
2013-09-22 19:15 . 2013-09-22 19:15	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2013-09-22 19:15 . 2013-09-22 19:15	--------	d-----w-	c:\users\Johannes_2\AppData\Local\temp
2013-09-22 19:15 . 2013-09-22 19:15	--------	d-----w-	c:\users\Johannes\AppData\Local\temp
2013-09-22 19:15 . 2013-09-22 19:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-21 17:55 . 2013-09-21 17:55	--------	d-----w-	C:\games
2013-09-21 05:06 . 2013-09-21 05:06	--------	d-----w-	c:\program files (x86)\ESET
2013-09-20 15:13 . 2013-09-20 15:13	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\Malwarebytes
2013-09-20 14:52 . 2013-09-20 14:52	--------	d-----w-	c:\windows\ERUNT
2013-09-20 14:42 . 2013-09-20 14:43	--------	d-----w-	C:\AdwCleaner
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Malwarebytes
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-20 14:09 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-18 15:16 . 2013-09-21 11:55	--------	d-----w-	C:\FRST
2013-09-16 16:45 . 2013-09-16 16:45	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\dvdcss
2013-09-14 11:26 . 2013-09-18 16:29	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\vlc
2013-09-14 11:11 . 2013-09-14 11:12	--------	d-----w-	c:\users\Johannes\AppData\Roaming\vlc
2013-09-14 11:10 . 2013-09-14 11:10	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-09-12 21:07 . 2013-09-12 21:07	--------	d-----w-	c:\program files\iPod
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\program files\iTunes
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:18 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ARPPRODUCTICON.exe
2013-09-12 20:18 . 2013-09-12 20:18	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Google
2013-09-07 08:50 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\program files (x86)\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\DatacardService
2013-09-04 16:35 . 2013-08-15 15:46	59525	--sha-w-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
2013-09-04 16:35 . 2013-08-15 15:46	59525	----a-w-	c:\users\Johannes_2\angry birds.vbe
2013-09-02 14:36 . 2013-09-02 14:36	--------	d-----w-	c:\users\Johannes\AppData\Local\ElevatedDiagnostics
2013-08-28 18:07 . 2013-09-07 11:38	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Diagnostics
2013-08-23 21:04 . 2004-03-29 13:23	90112	----a-w-	c:\windows\unvise32.exe
2013-08-23 21:04 . 2013-08-23 21:04	--------	d-----w-	C:\Psfonts
2013-08-23 21:04 . 2013-08-23 21:04	--------	d-----w-	c:\program files (x86)\Finale PrintMusic 2006
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2013-05-13 13:40	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-13 13:40	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-13 13:40	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-13 13:40	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-13 13:40	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-13 13:40	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-13 13:40	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-13 13:39	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-13 13:39	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-13 13:39	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-20 17:57 . 2013-05-13 14:04	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-31 23:29 . 2013-06-07 13:21	405360	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13 . 2013-08-18 21:12	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-07-26 05:13 . 2013-08-18 21:12	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-07-26 05:13 . 2013-08-18 21:12	915968	----a-w-	c:\windows\system32\uxtheme.dll
2013-07-26 05:13 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\UXInit.dll
2013-07-26 05:13 . 2013-08-18 21:12	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-07-26 05:12 . 2013-08-18 21:12	19239424	----a-w-	c:\windows\system32\mshtml.dll
2013-07-26 05:12 . 2013-08-18 21:12	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-07-26 05:12 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\jsproxy.dll
2013-07-26 05:12 . 2013-08-18 21:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-07-26 05:12 . 2013-08-18 21:11	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-07-26 05:12 . 2013-08-18 21:12	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-07-26 05:12 . 2013-08-18 21:12	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-07-26 05:12 . 2013-08-18 21:12	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-07-26 05:12 . 2013-08-18 21:12	15405056	----a-w-	c:\windows\system32\ieframe.dll
2013-07-26 05:12 . 2013-08-18 21:11	2647040	----a-w-	c:\windows\system32\iertutil.dll
2013-07-26 03:35 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-26 03:13 . 2013-08-18 21:12	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-07-26 03:13 . 2013-08-18 21:12	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2013-07-26 03:12 . 2013-08-18 21:11	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-07-26 03:12 . 2013-08-18 21:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-07-26 03:12 . 2013-08-18 21:12	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-07-26 00:54 . 2013-08-18 21:12	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
2013-07-15 11:28 . 2013-07-15 11:28	57344	----a-r-	c:\users\Johannes\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2013-07-15 11:26 . 2013-07-15 11:27	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2013-07-13 06:18 . 2013-08-18 21:06	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-18 21:06	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-18 21:06	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-18 21:06	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-18 21:06	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-18 21:06	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-18 21:06	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-18 21:06	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-18 21:06	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-18 21:13	2233168	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-18 21:12	36288	----a-w-	c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-18 21:12	247216	----a-w-	c:\windows\system32\drivers\WdFilter.sys
2013-06-30 20:43 . 2013-06-30 20:43	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-30 20:43 . 2013-06-30 20:43	312232	----a-w-	c:\windows\system32\javaws.exe
2013-06-30 20:43 . 2013-06-30 20:43	189352	----a-w-	c:\windows\system32\javaw.exe
2013-06-30 20:43 . 2013-06-30 20:43	188840	----a-w-	c:\windows\system32\java.exe
2013-06-30 20:43 . 2013-06-07 12:11	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-30 20:43 . 2013-06-07 12:11	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-27 22:04 . 2013-06-07 13:21	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-08-30 548864]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-07-12 55560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2013-08-30 50904]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
angry birds.vbe [2013-8-15 59525]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-8-17 1346936]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
.
R2 Mascom internet. RunOuc;Mascom internet. OUC;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe [x]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 intelsba;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 19:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Johannes_2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-07-20 373760]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-26 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-26 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-26 441152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13-comm.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{17054FAC-C445-4402-B354-5F79FABD29A9}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{357A3CE7-C3E4-4970-8B0D-EF16F5F06EFC}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{3FFBD86D-B874-42E9-A3C5-E8C8E687C481}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{C0328E98-9225-4364-BFC6-1D65CD6D562F}: NameServer = 41.223.73.82 0.0.0.0
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-09-22  21:18:26
ComboFix-quarantined-files.txt  2013-09-22 19:18
.
Vor Suchlauf: 22 Verzeichnis(se), 396.299.780.096 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 396.230.029.312 Bytes frei
.
- - End Of File - - 869DB273ADD2CFEECC31DCFA85422CB5
         

Hast DU das Script genau so gespeichert wie oben beschrieben? Sieht so aus als wäre da zwischen File und :: ein Leerzeichen bei dir.

Hatte eigentlich nur auf "alles auswählen" und einfügen geklickt. Kann aber sein, dass da ausversehen ein Leerzeichen dazwischen gekommen ist. Die txt Datei ist nicht mehr auf meinem Desktop.
Soll ich das gleiche nochmal machen (mit richtigen txt File). Auch Combofix wieder löschen ? Und neuinstallieren?

Einfach nur neues Script erstellen. Sicher gehen dass die Sachen noch angesteckt sind.

nach dem Lauf checken ob die VBE Files noch auf den Externen sind.

habs noch zwei mal probiert. das eine mal das Skript aufm normalen "Desktop" gespeichert, das andere mal aufm "Admin Desktop". Das Leerzeichen macht er von alleine. Habe es genau so kopiert wie es ist. Im Editor ist auch kein Leerzeichen.
Muss ComboFix aufm Admin Desktop sein ? Habs im Moment aufm normalen Desktop, wird aber als Admin ausgeführt.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-09-22.01 - Johannes 23.09.2013  20:07:49.8.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3854.2341 [GMT 2:00]
ausgeführt von:: c:\users\Johannes_2\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johannes\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Johannes_2\angry birds.vbe"
"c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe"
"d:\angry birds.vbe"
"f:\angry birds.vbe"
"g:\angry birds.vbe"
"j:\angry birds.vbe"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-23 bis 2013-09-23  ))))))))))))))))))))))))))))))
.
.
2013-09-23 18:16 . 2013-09-23 18:16	--------	d-----w-	c:\users\Johannes_2\AppData\Local\temp
2013-09-23 18:16 . 2013-09-23 18:16	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2013-09-23 18:16 . 2013-09-23 18:16	--------	d-----w-	c:\users\Johannes\AppData\Local\temp
2013-09-23 18:16 . 2013-09-23 18:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-21 17:55 . 2013-09-21 17:55	--------	d-----w-	C:\games
2013-09-21 05:06 . 2013-09-21 05:06	--------	d-----w-	c:\program files (x86)\ESET
2013-09-20 15:13 . 2013-09-20 15:13	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\Malwarebytes
2013-09-20 14:52 . 2013-09-20 14:52	--------	d-----w-	c:\windows\ERUNT
2013-09-20 14:42 . 2013-09-20 14:43	--------	d-----w-	C:\AdwCleaner
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Malwarebytes
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-20 14:09 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-20 14:09 . 2013-09-20 14:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-18 15:16 . 2013-09-21 11:55	--------	d-----w-	C:\FRST
2013-09-16 16:45 . 2013-09-16 16:45	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\dvdcss
2013-09-14 11:26 . 2013-09-18 16:29	--------	d-----w-	c:\users\Johannes_2\AppData\Roaming\vlc
2013-09-14 11:11 . 2013-09-14 11:12	--------	d-----w-	c:\users\Johannes\AppData\Roaming\vlc
2013-09-14 11:10 . 2013-09-14 11:10	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-09-12 21:07 . 2013-09-12 21:07	--------	d-----w-	c:\program files\iPod
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-12 21:07 . 2013-09-12 21:08	--------	d-----w-	c:\program files\iTunes
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:19 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
2013-09-12 20:18 . 2013-09-12 20:19	65536	----a-r-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}\ARPPRODUCTICON.exe
2013-09-12 20:18 . 2013-09-12 20:18	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Google
2013-09-07 08:50 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\program files (x86)\Mascom internet
2013-09-07 08:48 . 2013-09-07 08:50	--------	d-----w-	c:\programdata\DatacardService
2013-09-04 16:35 . 2013-08-15 15:46	59525	--sha-w-	c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
2013-09-04 16:35 . 2013-08-15 15:46	59525	----a-w-	c:\users\Johannes_2\angry birds.vbe
2013-09-02 14:36 . 2013-09-02 14:36	--------	d-----w-	c:\users\Johannes\AppData\Local\ElevatedDiagnostics
2013-08-28 18:07 . 2013-09-07 11:38	--------	d-----w-	c:\users\Johannes_2\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2013-05-13 13:40	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-13 13:40	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-13 13:40	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-13 13:40	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-13 13:40	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-13 13:40	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-13 13:40	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-13 13:39	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-13 13:39	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-13 13:39	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-20 17:57 . 2013-05-13 14:04	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-31 23:29 . 2013-06-07 13:21	405360	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13 . 2013-08-18 21:12	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-07-26 05:13 . 2013-08-18 21:12	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-07-26 05:13 . 2013-08-18 21:12	915968	----a-w-	c:\windows\system32\uxtheme.dll
2013-07-26 05:13 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\UXInit.dll
2013-07-26 05:13 . 2013-08-18 21:12	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-07-26 05:12 . 2013-08-18 21:12	19239424	----a-w-	c:\windows\system32\mshtml.dll
2013-07-26 05:12 . 2013-08-18 21:12	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-07-26 05:12 . 2013-08-18 21:12	53760	----a-w-	c:\windows\system32\jsproxy.dll
2013-07-26 05:12 . 2013-08-18 21:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-07-26 05:12 . 2013-08-18 21:11	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-07-26 05:12 . 2013-08-18 21:12	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-07-26 05:12 . 2013-08-18 21:12	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-07-26 05:12 . 2013-08-18 21:12	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-07-26 05:12 . 2013-08-18 21:12	15405056	----a-w-	c:\windows\system32\ieframe.dll
2013-07-26 05:12 . 2013-08-18 21:11	2647040	----a-w-	c:\windows\system32\iertutil.dll
2013-07-26 03:35 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-26 03:13 . 2013-08-18 21:12	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-07-26 03:13 . 2013-08-18 21:12	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2013-07-26 03:12 . 2013-08-18 21:11	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-07-26 03:12 . 2013-08-18 21:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-07-26 03:12 . 2013-08-18 21:12	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49 . 2013-08-18 21:12	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-07-26 00:54 . 2013-08-18 21:12	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
2013-07-15 11:28 . 2013-07-15 11:28	57344	----a-r-	c:\users\Johannes\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2013-07-15 11:26 . 2013-07-15 11:27	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2013-07-13 06:18 . 2013-08-18 21:06	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-18 21:06	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-18 21:06	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-18 21:06	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-18 21:06	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-18 21:06	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-18 21:06	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-18 21:06	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-18 21:06	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-18 21:13	2233168	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-18 21:12	36288	----a-w-	c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-18 21:12	247216	----a-w-	c:\windows\system32\drivers\WdFilter.sys
2013-06-30 20:43 . 2013-06-30 20:43	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-30 20:43 . 2013-06-30 20:43	312232	----a-w-	c:\windows\system32\javaws.exe
2013-06-30 20:43 . 2013-06-30 20:43	189352	----a-w-	c:\windows\system32\javaw.exe
2013-06-30 20:43 . 2013-06-30 20:43	188840	----a-w-	c:\windows\system32\java.exe
2013-06-30 20:43 . 2013-06-07 12:11	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-30 20:43 . 2013-06-07 12:11	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-27 22:04 . 2013-06-07 13:21	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-08-30 548864]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-07-12 55560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-08-30 51880]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2013-08-30 50904]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
angry birds.vbe [2013-8-15 59525]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-8-17 1346936]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
.
R2 Mascom internet. RunOuc;Mascom internet. OUC;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe;c:\program files (x86)\Mascom internet\UpdateDog\ouc.exe [x]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 intelsba;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 19:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Johannes_2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-07-20 373760]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-26 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-26 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-26 441152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13-comm.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{17054FAC-C445-4402-B354-5F79FABD29A9}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{357A3CE7-C3E4-4970-8B0D-EF16F5F06EFC}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{3FFBD86D-B874-42E9-A3C5-E8C8E687C481}: NameServer = 41.223.73.82 0.0.0.0
TCP: Interfaces\{C0328E98-9225-4364-BFC6-1D65CD6D562F}: NameServer = 41.223.73.82 0.0.0.0
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-09-23  20:19:30
ComboFix-quarantined-files.txt  2013-09-23 18:19
ComboFix2.txt  2013-09-23 17:50
ComboFix3.txt  2013-09-22 19:18
.
Vor Suchlauf: 22 Verzeichnis(se), 396.551.757.824 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 396.486.238.208 Bytes frei
.
- - End Of File - - FD7C8294D1642F5C21B387320FF5287C
         

sollte passen. Sind die vbs und vbe Dateien noch da?

Leider ja. Es wurde wurde auch nicht angezeigt, dass was gelöscht wurde.

Passen die Pfade zu den Laufwerken noch?

Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.

• Starte die BlitzBlank.exe und bestätige die Warnung mit OK.
• Wechsle in den Reiter Script.
• Kopiere nun folgenden Inhalt aus der Codebox und füge ihn ins Textfeld von BlitzBlank ein:
  (Wichtig: Falls du deinen Benutzernamen unkenntlich gemacht hast (z.B. durch ***), dann mach das hier im Skript wieder rückgängig.)
  
  Code: Alles auswählenAufklappen

  ATTFilter

  DeleteFile:
  c:\users\Johannes_2\angry birds.vbe
  c:\users\Johannes_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
  d:\angry birds.vbe
  f:\angry birds.vbe
  g:\angry birds.vbe
  j:\angry birds.vbe
           

• Schließe jetzt alle anderen laufenden Programme und Anwendungen.
• Drücke dann auf Jetzt ausführen.
• Bestätige die Warnung und den Neustart jeweils mit OK. Der Rechner wird neu gestartet.
• Nach dem Neustart findest du ein Logfile unter C:\blitzblank.log. Poste dessen Inhalt bitte hier in deinen Thread.

Laufwerke stimmen noch. Mir wird aber gesagt "Syntax Fehler in Zeile 2, Ungültiger Dateipfad". Müssen die Ordnernamen vielleicht auf deutsch sein ?

schau dir mal den Screenshot an. Ich glaube es liegt doch eher am Leerzeichen zwischen "angry birds" ?!

Setz alle Pfade mal in "" und versuch nochmal.

hat geklappt, allerdings sind die Dateien noch auf den externen!

Code: Alles auswählenAufklappen

ATTFilter

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\users\johannes_2\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\johannes_2\appdata\roaming\microsoft\windows\start menu\programs\startup\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\d:\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
RemoveFile: ZwDeleteFile failed: status = c000003a
MoveFileOnReboot: sourceFile = "\??\f:\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
RemoveFile: ZwDeleteFile failed: status = c000003a
MoveFileOnReboot: sourceFile = "\??\g:\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
RemoveFile: ZwDeleteFile failed: status = c000003a
MoveFileOnReboot: sourceFile = "\??\j:\angry birds.vbe", destinationFile = "(null)", replaceWithDummy = 0
RemoveFile: ZwDeleteFile failed: status = c000003a