InterpoolVirus

asoka90 · 21.11.2013, 02:17

Hihi,
bin neu hier und hoffe habe alles richtig gepostet. Bitte um Help.
Lg

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-9K447DJ on 21-11-2013 02:10:35
Running from E:\
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKU\ErnstFriedlinde\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-03] ()
HKU\ErnstFriedlinde\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgdjw9d.lnk
ShortcutTarget: tgdjw9d.lnk -> C:\PROGRA~3\d9wjdgt.dss (Корпорация Майкрософт)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2jw2bmq.lnk
ShortcutTarget: w2jw2bmq.lnk -> C:\PROGRA~3\qmb2wj2w.dss (Корпорация Майкрософт)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\w2jw2bmq.pss [61028 2013-11-20] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-07-28] (DT Soft Ltd)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\FRST
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss
2013-11-16 11:08 - 2013-11-16 11:08 - 00303464 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-15 19:02 - 2013-11-05 22:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 19:02 - 2013-11-05 22:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 18:03 - 2013-10-10 11:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2013-11-14 18:03 - 2013-10-10 09:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 18:03 - 2013-10-10 09:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-11-14 18:03 - 2013-10-02 23:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 18:03 - 2013-10-01 23:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:03 - 2013-10-01 23:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 18:03 - 2013-10-01 22:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:03 - 2013-09-14 01:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-11-14 18:03 - 2013-09-13 22:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 18:03 - 2013-09-13 22:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-11-14 18:03 - 2013-09-13 22:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-11-14 18:03 - 2013-09-04 03:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-14 18:03 - 2013-08-30 05:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-11-14 18:03 - 2013-08-30 05:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2013-11-14 18:03 - 2013-08-29 23:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 18:03 - 2013-08-21 06:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-11-14 18:03 - 2013-08-10 06:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-11-14 18:03 - 2013-08-10 05:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-11-14 18:03 - 2013-08-10 03:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 18:03 - 2013-07-24 23:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 18:03 - 2013-07-24 23:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-11-14 18:03 - 2013-07-12 01:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-11-14 18:03 - 2013-07-12 01:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 18:02 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 18:02 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 18:02 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 18:02 - 2013-09-23 22:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 18:02 - 2013-09-23 22:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:02 - 2013-08-23 07:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-11-14 18:02 - 2013-08-23 01:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 18:02 - 2013-08-02 06:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-11-14 18:02 - 2013-08-02 05:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-14 18:01 - 2013-10-01 23:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:01 - 2013-10-01 23:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 15:44 - 2013-11-14 15:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 15:43 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 18:13 - 2013-11-10 18:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-19 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-11-21 00:58 - 2013-11-20 15:05 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-21 00:58 - 2013-11-20 15:05 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-21 00:58 - 2013-11-20 15:05 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-21 00:58 - 2013-11-20 15:05 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-21 00:58 - 2013-03-03 23:40 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\PMB Files
2013-11-21 00:57 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\FRST
2013-11-20 22:20 - 2013-02-15 14:59 - 00000000 ____D C:\Users\ErnstFriedlinde\Documents\Youcam
2013-11-20 22:18 - 2013-02-15 14:55 - 00000000 ____D C:\users\ErnstFriedlinde
2013-11-20 15:12 - 2013-02-15 14:55 - 01868433 _____ C:\Windows\WindowsUpdate.log
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss
2013-11-20 15:02 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
2013-11-20 14:37 - 2013-02-15 20:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 14:15 - 2013-02-16 23:55 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\LogMeIn Hamachi
2013-11-19 15:58 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-11-19 15:43 - 2013-02-15 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 15:25 - 2013-05-16 13:29 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-11-19 15:18 - 2013-11-06 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 17:10 - 2012-11-08 00:01 - 00754172 _____ C:\Windows\System32\perfh007.dat
2013-11-16 17:10 - 2012-11-08 00:01 - 00156362 _____ C:\Windows\System32\perfc007.dat
2013-11-16 17:10 - 2012-07-26 07:28 - 01748838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-16 16:19 - 2013-04-21 08:19 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\Windows Live
2013-11-16 11:08 - 2013-11-16 11:08 - 00303464 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-14 20:08 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 20:08 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 18:31 - 2013-09-12 15:19 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 18:27 - 2012-11-08 19:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-14 18:17 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-14 15:44 - 2013-11-14 15:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 15:43 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 19:24 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2013-11-10 18:13 - 2013-11-10 18:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-05 22:58 - 2013-11-15 19:02 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 22:58 - 2013-11-15 19:02 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-25 16:28 - 2013-02-15 15:03 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-274362674-807838015-508655223-1002

Files to move or delete:
====================
C:\ProgramData\d9wjdgt.dss
C:\ProgramData\qmb2wj2w.dss
C:\ProgramData\tgdjw9d.bxx
C:\ProgramData\tgdjw9d.fvv
C:\ProgramData\tgdjw9d.pss
C:\ProgramData\w2jw2bmq.bxx
C:\ProgramData\w2jw2bmq.fvv
C:\ProgramData\w2jw2bmq.pss
C:\ProgramData\w2jw2bmq.reg


Some content of TEMP:
====================
C:\Users\ErnstFriedlinde\AppData\Local\Temp\0733.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\0882.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

26
Restore point made on: 2013-11-06 16:38:30
Restore point made on: 2013-11-06 16:38:33
Restore point made on: 2013-11-06 16:38:34
Restore point made on: 2013-11-06 16:38:35
Restore point made on: 2013-11-06 16:38:43
Restore point made on: 2013-11-06 16:38:44
Restore point made on: 2013-11-06 16:38:45
Restore point made on: 2013-11-14 18:19:02
Restore point made on: 2013-11-14 18:23:19
Restore point made on: 2013-11-14 18:23:30
Restore point made on: 2013-11-14 18:23:47
Restore point made on: 2013-11-14 18:29:38
Restore point made on: 2013-11-14 18:29:48
Restore point made on: 2013-11-14 18:30:00
Restore point made on: 2013-11-14 18:30:10
Restore point made on: 2013-11-14 18:31:35
Restore point made on: 2013-11-14 18:36:11
Restore point made on: 2013-11-14 18:36:26
Restore point made on: 2013-11-14 18:36:35
Restore point made on: 2013-11-14 18:36:47
Restore point made on: 2013-11-14 18:36:53
Restore point made on: 2013-11-14 18:37:09
Restore point made on: 2013-11-14 18:37:22
Restore point made on: 2013-11-14 18:37:29
Restore point made on: 2013-11-14 18:37:47
Restore point made on: 2013-11-14 18:42:09

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3977.02 MB
Available physical RAM: 3211.52 MB
Total Pagefile: 3977.02 MB
Available Pagefile: 3219.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:765.36 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
Drive e: () (Removable) (Total:58.34 GB) (Free:58.34 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 58 GB) (Disk ID: 001E8693)
Partition 1: (Active) - (Size=58 GB) - (Type=07 NTFS)


LastRegBack: 2013-11-07 16:26

==================== End Of Log ============================

aharonov · 21.11.2013, 02:34

Hi,

startet der Rechner nach diesem Fix wieder normal?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgdjw9d.lnk
ShortcutTarget: tgdjw9d.lnk -> C:\PROGRA~3\d9wjdgt.dss (Корпорация Майкрософт)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2jw2bmq.lnk
ShortcutTarget: w2jw2bmq.lnk -> C:\PROGRA~3\qmb2wj2w.dss (Корпорация Майкрософт)
S2 Winmgmt; C:\ProgramData\w2jw2bmq.pss [61028 2013-11-20] (Microsoft Corporation)
C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.exe
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

asoka90 · 21.11.2013, 03:07

hi, danke für die schnelle antwort, wollte den Text gerade als Textdatei speichern, doch diese "russischen"buschstaben werden bei mir nach speicherung als ???? angezeigt, trotzdem auf dem USB stick speichern??

aharonov · 21.11.2013, 15:08

Ja das sollte trotzdem funktionieren. Versuch den Fix einfach.

asoka90 · 21.11.2013, 22:18

Ok, habs einfach so gemacht.
Hier mein Fixlog.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by SYSTEM at 2013-11-21 22:16:52 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgdjw9d.lnk
ShortcutTarget: tgdjw9d.lnk -> C:\PROGRA~3\d9wjdgt.dss (?????????? ??????????)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2jw2bmq.lnk
ShortcutTarget: w2jw2bmq.lnk -> C:\PROGRA~3\qmb2wj2w.dss (?????????? ??????????)
S2 Winmgmt; C:\ProgramData\w2jw2bmq.pss [61028 2013-11-20] (Microsoft Corporation)
C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.exe
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (?????????? ??????????) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (?????????? ??????????) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss
*****************

C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgdjw9d.lnk => Moved successfully.
C:\PROGRA~3\d9wjdgt.dss => Moved successfully.
C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2jw2bmq.lnk => Moved successfully.
C:\PROGRA~3\qmb2wj2w.dss => Moved successfully.
Winmgmt => Service restored successfully.
C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.dll => Moved successfully.
"C:\Users\ErnstFriedlinde\AppData\Local\Temp\*.exe" => Could not move.
C:\ProgramData\w2jw2bmq.reg => Moved successfully.
C:\ProgramData\w2jw2bmq.bxx => Moved successfully.
C:\ProgramData\tgdjw9d.bxx => Moved successfully.
C:\ProgramData\w2jw2bmq.fvv => Moved successfully.
C:\ProgramData\tgdjw9d.fvv => Moved successfully.
"C:\ProgramData\qmb2wj2w.dss" => File/Directory not found.
"C:\ProgramData\d9wjdgt.dss" => File/Directory not found.
C:\ProgramData\w2jw2bmq.pss => Moved successfully.
C:\ProgramData\tgdjw9d.pss => Moved successfully.

==== End of Fixlog ====

aharonov · 21.11.2013, 23:35

Hat funktioniert. Kannst du den Rechner jetzt wieder normal starten, ohne dass der Sperrbildschirm erscheint?

asoka90 · 21.11.2013, 23:49

Danke, der Sperrbildschirm ist weg. An dieser stelle, kannst du mir ein Virenprogramm empfehlen? Avira ist schrott!!!!

aharonov · 22.11.2013, 00:01

Dann kontrollieren wir noch. (Tipps dann am Schluss)

Verschiebe die frst64.exe vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

asoka90 · 22.11.2013, 01:56

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by ErnstFriedlinde (administrator) on ERNST on 22-11-2013 01:49:46
Running from C:\Users\ErnstFriedlinde\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-04] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
MountPoints2: {a8b44038-f73e-11e2-bef1-84a6c8f78e69} - "F:\autorun.exe" 
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKCU - DefaultScope {351278DB-9F46-4631-9377-746D1EFBEA78} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {351278DB-9F46-4631-9377-746D1EFBEA78} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\ich@maltegoetz.de
FF Extension: YouTube Unblocker - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: gmailnoads - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\gmailnoads@mywebber.com.xpi
FF Extension: prefs - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\{39ed60d6-a455-4101-b5e8-75f3d790d275}.xpi
FF Extension: No Name - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\{718fb611-085f-4fc6-9c59-de1d32beda42}.xpi
FF Extension: Adblock Plus - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\ErnstFriedlinde\AppData\Roaming\Mozilla\Firefox\Profiles\9d159cmd.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-07-28] (DT Soft Ltd)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-22 01:49 - 2013-11-22 01:50 - 00013329 _____ C:\Users\ErnstFriedlinde\Desktop\FRST.txt
2013-11-22 01:49 - 2013-11-21 01:11 - 01957964 _____ (Farbar) C:\Users\ErnstFriedlinde\Desktop\FRST64.exe
2013-11-21 01:32 - 2013-11-21 01:32 - 00000000 ____D C:\FRST
2013-11-16 12:08 - 2013-11-16 12:08 - 00303464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 20:02 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 20:02 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 19:03 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-14 19:03 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 19:03 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-14 19:03 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 19:03 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 19:03 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 19:03 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 19:03 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 19:03 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 19:03 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 19:03 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 19:03 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 19:03 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 19:03 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 19:03 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 19:03 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 19:03 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 19:03 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-14 19:03 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-14 19:03 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 19:03 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-14 19:03 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-14 19:03 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-14 19:03 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 19:03 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 19:03 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-14 19:03 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-14 19:03 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 19:02 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 19:02 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 19:02 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 19:02 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 19:02 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 19:02 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 19:02 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 19:02 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 19:02 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 19:02 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 19:02 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 19:02 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 19:02 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 19:02 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 19:02 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:02 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 19:02 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-11-14 19:02 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-14 19:01 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:01 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 16:44 - 2013-11-14 16:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 16:43 - 2013-11-14 16:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 19:13 - 2013-11-10 19:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-06 17:51 - 2013-11-19 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-11-22 01:50 - 2013-11-22 01:49 - 00013329 _____ C:\Users\ErnstFriedlinde\Desktop\FRST.txt
2013-11-22 01:50 - 2013-03-04 00:40 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\PMB Files
2013-11-22 01:48 - 2013-02-15 15:59 - 00000000 ____D C:\Users\ErnstFriedlinde\Documents\Youcam
2013-11-22 01:47 - 2013-03-21 07:47 - 00003903 _____ C:\Windows\setupact.log
2013-11-22 01:44 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 01:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-22 00:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-22 00:38 - 2013-02-15 21:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 00:35 - 2013-02-15 15:55 - 01197412 _____ C:\Windows\WindowsUpdate.log
2013-11-22 00:21 - 2013-02-15 15:56 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\Packages
2013-11-21 23:51 - 2013-02-17 00:55 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\LogMeIn Hamachi
2013-11-21 23:16 - 2013-02-15 15:57 - 00000000 ___RD C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 22:51 - 2012-11-08 01:01 - 00754172 _____ C:\Windows\system32\perfh007.dat
2013-11-21 22:51 - 2012-11-08 01:01 - 00156362 _____ C:\Windows\system32\perfc007.dat
2013-11-21 22:51 - 2012-07-26 08:28 - 01748838 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 01:32 - 2013-11-21 01:32 - 00000000 ____D C:\FRST
2013-11-21 01:11 - 2013-11-22 01:49 - 01957964 _____ (Farbar) C:\Users\ErnstFriedlinde\Desktop\FRST64.exe
2013-11-20 23:18 - 2013-02-15 15:55 - 00000000 ____D C:\Users\ErnstFriedlinde
2013-11-19 16:58 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-19 16:43 - 2013-02-15 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 16:25 - 2013-05-16 14:29 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 16:25 - 2013-05-15 22:22 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 16:25 - 2013-05-15 22:22 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-19 16:25 - 2013-05-15 22:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-19 16:18 - 2013-11-06 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 17:19 - 2013-04-21 09:19 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\Windows Live
2013-11-16 12:08 - 2013-11-16 12:08 - 00303464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-14 21:08 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 21:08 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 19:31 - 2013-09-12 16:19 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:27 - 2012-11-08 20:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 16:44 - 2013-11-14 16:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 16:43 - 2013-11-14 16:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 20:24 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-10 19:13 - 2013-11-10 19:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-05 23:58 - 2013-11-15 20:02 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 20:02 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-25 17:28 - 2013-02-15 16:03 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-274362674-807838015-508655223-1002

Some content of TEMP:
====================
C:\Users\ErnstFriedlinde\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-07 17:26

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by ErnstFriedlinde at 2013-11-22 01:50:39
Running from C:\Users\ErnstFriedlinde\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AION Free-To-Play (x32 Version: 2.70.0000)
Ashampoo AppLauncher (Medion) v.1.0.0 (x32 Version: 1.0.0)
Avira Free Antivirus (x32 Version: 14.0.1.719)
CHIP System-Check-Tool 1.1.9.15 (x32)
Cross Fire En (x32)
Crossfire Europe (x32 Version: 1.144)
Cube World version 0.0.1 (x32 Version: 0.0.1)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3124)
CyberLink PhotoNow (x32 Version: 1.1.7717)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920)
CyberLink PowerDirector (Version: 9.0.0.3815c)
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02)
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b)
CyberLink PowerRecover (Version: 5.7.0.0913)
CyberLink PowerRecover (x32 Version: 5.7.0.0913)
CyberLink YouCam 5 (x32 Version: 5.0.1930)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Diablo III (x32 Version: 1.0.8.16603)
Die Siedler IV (x32)
Dolby Home Theater v4 (x32 Version: 7.2.8000.17)
Fotogalerie (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gameforge Live 1.5.0 "Legend" (x32 Version: 1.5.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.5.4.0423)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1210.0278)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel(R) WiDi (Version: 3.5.40.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.6000.1620)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Just Aion Launcher (x32 Version: 1.00.0000)
League of Legends (x32 Version: 1.3)
LogMeIn Hamachi (x32 Version: 2.2.0.105)
Mediathek (x32 Version: 1.4.0)
Medion Home Cinema 10 (x32 Version: 10.0)
Medion Home Cinema 10 (x32 Version: 10.1924)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 19.0.2 (x86 de) (x32 Version: 19.0.2)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NC Launcher (GameForge) (x32)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
NVIDIA Control Panel 307.17 (Version: 307.17)
NVIDIA Graphics Driver 307.17 (Version: 307.17)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Pando Media Booster (x32 Version: 2.6.0.8)
PHotkey (x32 Version: 1.00.0081)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Project 64 version 2.0.0.14 (x32 Version: 2.0.0.14)
QuickLaunch (x32 Version: 1.00.0019)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6722)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136)
Speedport W 102 Stick (x32 Version: 1.0.0.22)
Synaptics Pointing Device Driver (Version: 16.3.15.1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

14-11-2013 18:16:20 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {447220DD-F693-4FEC-BA70-E8D15485DBE0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7C3DA546-2867-478B-BEE4-5F8A279E6816} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {B0046999-4DFA-462F-A1AB-7AEA81EEF780} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-08 23:28 - 2012-10-22 18:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-15 22:22 - 2013-05-15 22:19 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-29 14:30 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 14:30 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-11-08 22:05 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-10 20:16 - 2013-11-10 20:16 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll
2012-11-15 12:13 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Intel(R) Centrino(R) Wireless-N 2230
Description: Intel(R) Centrino(R) Wireless-N 2230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNe64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2013 01:48:31 AM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b40

Startzeit: 01cee71c5ceee582

Endzeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: ca913ddb-530f-11e3-bf75-84a6c8f78e69

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/22/2013 01:47:04 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8d8

Startzeit: 01cee71c299af7b1

Endzeit: 16

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 8fc67656-530f-11e3-bf75-84a6c8f78e69

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/22/2013 00:03:46 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ae4

Startzeit: 01cee70b7d1573fb

Endzeit: 110

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1bb92995-5301-11e3-bf74-84a6c8f78e69

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/21/2013 11:47:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.5.5.0, Zeitstempel: 0x5060e311
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.5.5.0, Zeitstempel: 0x5060e22c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000265e0
ID des fehlerhaften Prozesses: 0x86c
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (11/20/2013 11:19:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50109e4e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x033a2230
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe5

Error: (11/20/2013 03:44:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/19/2013 04:17:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xe9c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Vollständiger Name des fehlerhaften Pakets: avnotify.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avnotify.exe5

Error: (11/17/2013 02:32:34 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e44

Startzeit: 01cee3993bf55f7a

Endzeit: 0

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: b4857e69-4f8c-11e3-bf6b-84a6c8f78e69

Vollständiger Name des fehlerhaften Pakets: Microsoft.Bing_1.5.1.259_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Bing

Error: (11/15/2013 08:11:57 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/14/2013 05:24:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.5.5.0, Zeitstempel: 0x5060e311
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.5.5.0, Zeitstempel: 0x5060e22c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000265e0
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5


System errors:
=============
Error: (11/22/2013 01:45:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/22/2013 01:45:15 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/22/2013 01:43:52 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎22.‎11.‎2013 um 01:03:52 unerwartet heruntergefahren.

Error: (11/22/2013 00:23:16 AM) (Source: DCOM) (User: Ernst)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ErnstErnstFriedlindeS-1-5-21-274362674-807838015-508655223-1002LocalHost (unter Verwendung von LRPC)6918E89D.TheChessLv.100_1.0.0.3_x64__66n08swfvvka0S-1-15-2-4259136006-3170953809-3289057995-246771207-3702300730-2363294343-855716246

Error: (11/21/2013 11:48:20 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/21/2013 11:46:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/21/2013 11:46:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/21/2013 11:45:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎21.‎11.‎2013 um 22:45:58 unerwartet heruntergefahren.

Error: (11/21/2013 10:46:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/21/2013 10:46:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.


Microsoft Office Sessions:
=========================
Error: (11/22/2013 01:48:31 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16628b4001cee71c5ceee5820C:\Windows\explorer.execa913ddb-530f-11e3-bf75-84a6c8f78e69

Error: (11/22/2013 01:47:04 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.166288d801cee71c299af7b116C:\Windows\Explorer.EXE8fc67656-530f-11e3-bf75-84a6c8f78e69

Error: (11/22/2013 00:03:46 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628ae401cee70b7d1573fb110C:\Windows\Explorer.EXE1bb92995-5301-11e3-bf74-84a6c8f78e69

Error: (11/21/2013 11:47:52 PM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe15.5.5.05060e311MurocApi.dll15.5.5.05060e22cc000000500000000000265e086c01cee70b6f9b5ae1C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllf3924a37-52fe-11e3-bf74-84a6c8f78e69

Error: (11/20/2013 11:19:52 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eunknown0.0.0.000000000c0000005033a2230f7801cee63e93627f51C:\Windows\SysWOW64\rundll32.exeunknowne0154e25-5231-11e3-bf6f-84a6c8f78e69

Error: (11/20/2013 03:44:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/19/2013 04:17:38 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e9c01cee53a736be8b0C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb94f6e1c-512d-11e3-bf6c-84a6c8f78e69

Error: (11/17/2013 02:32:34 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420e4401cee3993bf55f7a0C:\Windows\system32\wwahost.exeb4857e69-4f8c-11e3-bf6b-84a6c8f78e69Microsoft.Bing_1.5.1.259_x64__8wekyb3d8bbweMicrosoft.Bing

Error: (11/15/2013 08:11:57 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/14/2013 05:24:50 PM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe15.5.5.05060e311MurocApi.dll15.5.5.05060e22cc000000500000000000265e092801cee155de00d02dC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll483e4e74-4d49-11e3-bf65-84a6c8f78e69


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3977.02 MB
Available physical RAM: 2643.25 MB
Total Pagefile: 4681.02 MB
Available Pagefile: 3160.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:763.55 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
Drive f: (SIV_Gold+_GER) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:58.34 GB) (Free:58.34 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 58 GB) (Disk ID: 001E8693)
Partition 1: (Active) - (Size=58 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Lg

aharonov · 22.11.2013, 02:55

Ok, noch eine Kontrolle. Wie läuft der Rechner?

Schritt 1

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

asoka90 · 22.11.2013, 06:17

Der Pc läuft aufeinmal sehr langsam.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.22.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
ErnstFriedlinde :: ERNST [Administrator]

22.11.2013 03:07:30
mbam-log-2013-11-22 (03-07-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP
Deaktivierte Suchlaufeinstellungen: PUM | P2P
Durchsuchte Objekte: 250978
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\ErnstFriedlinde\AppData\Local\Temp\d9wjdgt.dss (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ErnstFriedlinde\AppData\Local\Temp\qmb2wj2w.dss (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ErnstFriedlinde\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bc35d316314f29438b22978305033ff7
# engine=15982
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-22 05:11:52
# local_time=2013-11-22 06:11:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 26316 16444436 19088 0
# compatibility_mode=5893 16776574 100 94 6097477 16702440 0 0
# scanned=540789
# found=6
# cleaned=0
# scan_time=9731
sh=6FF015757F6B97A2434402A1E9DDEAED2D1D24C7 ft=1 fh=6932dc6229afb7b1 vn="a variant of Win32/Kryptik.BPIB trojan" ac=I fn="C:\FRST\Quarantine\0733.dll"
sh=820DB904F1DBE0E82C3E92FD3ECA0D21A1BA962E ft=1 fh=fc8e112e2b958b75 vn="a variant of Win32/Kryptik.BPIB trojan" ac=I fn="C:\FRST\Quarantine\0882.dll"
sh=820DB904F1DBE0E82C3E92FD3ECA0D21A1BA962E ft=1 fh=fc8e112e2b958b75 vn="a variant of Win32/Kryptik.BPIB trojan" ac=I fn="C:\FRST\Quarantine\d9wjdgt.dss"
sh=6FF015757F6B97A2434402A1E9DDEAED2D1D24C7 ft=1 fh=6932dc6229afb7b1 vn="a variant of Win32/Kryptik.BPIB trojan" ac=I fn="C:\FRST\Quarantine\qmb2wj2w.dss"
sh=3E4446CF9B267B4F9614698DE712FCBA398EBC46 ft=1 fh=a5005f58a63c1062 vn="Win64/Disabler.A trojan" ac=I fn="C:\FRST\Quarantine\tgdjw9d.pss"
sh=3E4446CF9B267B4F9614698DE712FCBA398EBC46 ft=1 fh=a5005f58a63c1062 vn="Win64/Disabler.A trojan" ac=I fn="C:\FRST\Quarantine\w2jw2bmq.pss"

Lg

21.11.2013, 15:08	#4
aharonov /// TB-Ausbilder	InterpoolVirus Ja das sollte trotzdem funktionieren. Versuch den Fix einfach. __________________ cheers, Leo

21.11.2013, 23:35	#6
aharonov /// TB-Ausbilder	InterpoolVirus Hat funktioniert. Kannst du den Rechner jetzt wieder normal starten, ohne dass der Sperrbildschirm erscheint? __________________ --> InterpoolVirus

21.11.2013, 03:07	#3
asoka90	InterpoolVirus hi, danke für die schnelle antwort, wollte den Text gerade als Textdatei speichern, doch diese "russischen"buschstaben werden bei mir nach speicherung als ???? angezeigt, trotzdem auf dem USB stick speichern?? __________________

21.11.2013, 23:49	#7
asoka90	InterpoolVirus Danke, der Sperrbildschirm ist weg. An dieser stelle, kannst du mir ein Virenprogramm empfehlen? Avira ist schrott!!!!

InterpoolVirus

Plagegeister aller Art und deren Bekämpfung: InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus

InterpoolVirus