GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht

sharkymg · 16.05.2014, 10:33

Hallo ,

habe mir einen GVU-Virus eingefangen (Version mit dem Merkel-Bild) und kann meinen Rechner nur noch im abgesicherten Modus hochfahren. Systemwiederherstellung klappt leider nicht. Weiß jemand, wie ich da wieder rauskomme?
LG
Anja

schrauber · 16.05.2014, 11:45

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

sharkymg · 19.05.2014, 09:07

Hallo,

danke für Deine Antwort. Meinst Du diese Dateien::
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Tel 02166-846678 (administrator) on MEDION-PC on 19-05-2014 14:54:51
Running from C:\Users\Tel 02166-846678\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-08] (Synaptics, Inc.)
HKLM\...\Run: [BsMnt] => C:\Program Files\BisonCam\BsMnt.exe [217088 2008-11-03] ()
HKLM\...\Run: [MDS_Menu] => C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2008-11-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-11-21] (NVIDIA Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Bing Bar] => C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-26] (APN)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-05] (Google Inc.)
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [ikmybhl] => regsvr32.exe "C:\ProgramData\ikmybhl.dat"
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {08e7a014-4213-11e3-aaf1-001f1614af91} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {15761ed8-a576-11e1-aeef-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {15761f0d-a576-11e1-aeef-001f1614af91} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {699b8115-d318-11e1-a538-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {699b8173-d318-11e1-a538-001e101f13f6} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {741fdb9b-5e66-11e2-9cc0-001f1614af91} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {8212342c-5e47-11e2-9ca7-001f1614af91} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {92e87f9e-a443-11e1-887e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {96586c85-a35e-11e1-b71e-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {96586cd2-a35e-11e1-b71e-001f1614af91} - H:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\MountPoints2: {cf085b17-a4b0-11e1-bfa2-001f1614af91} - F:\AutoRun.exe
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0o1bjj6.lnk
ShortcutTarget: 0o1bjj6.lnk -> 6jjb1o0.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t8zihv1.lnk
ShortcutTarget: 7t8zihv1.lnk -> 1vhiz8t7.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frjejwev.lnk
ShortcutTarget: frjejwev.lnk -> vewjejrf.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvewlv0.lnk
ShortcutTarget: fvewlv0.lnk -> 0vlwevf.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lf7hloo.lnk
ShortcutTarget: lf7hloo.lnk -> oolh7fl.gsa,MMS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlq3rjt.lnk
ShortcutTarget: rlq3rjt.lnk -> tjr3qlr.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vr8zodkj6.lnk
ShortcutTarget: vr8zodkj6.lnk -> C:\ProgramData\2992199F9A\6jkdoz8rv.cpp ()
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjo1zjv4.lnk
ShortcutTarget: zjo1zjv4.lnk -> 4vjz1ojz.cpp,XXS1 (No File)

==================== Internet (Whitelisted) ====================

ProxyServer: socks=127.0.0.1:36226
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
SearchScopes: HKCU - {E0D3373C-AA5C-49EB-9AED-7CBCE7BEC3CE} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.3.34&apn_uid=AB489237-34C1-4D9B-B258-7B38EECC264E&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_9.0.8112.16464&doi=2014-04-04&trgb=IE&q={searchTerms}&psv=
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tel 02166-846678\AppData\Roaming\Mozilla\Firefox\Profiles\okai56vt.default
FF user.js: detected! => C:\Users\Tel 02166-846678\AppData\Roaming\Mozilla\Firefox\Profiles\okai56vt.default\user.js
FF NetworkProxy: "type", 4
FF NetworkProxy: "type", 4
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: SeoQuake - C:\Users\Tel 02166-846678\AppData\Roaming\Mozilla\Firefox\Profiles\okai56vt.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012-08-01]
FF Extension: Yahoo! Toolbar - C:\Users\Tel 02166-846678\AppData\Roaming\Mozilla\Firefox\Profiles\okai56vt.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-04-29]
FF Extension: IMinent Toolbar - C:\Users\Tel 02166-846678\AppData\Roaming\Mozilla\Firefox\Profiles\okai56vt.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-04-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-04-20]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013-01-14]
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
FF Extension: Java Link Helper - C:\Users\Tel 02166-846678\AppData\Roaming\10001.091 [2012-10-22]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Tel 02166-846678\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
S2 dldo_device; C:\Windows\system32\dldocoms.exe [595184 2007-10-05] ( )
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-01-14] ()
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-07-21] ()
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [241734 2008-06-28] ()
S2 Winmgmt; C:\Users\TEL021~1\Desktop\6jjb1o0.cpp [X]

==================== Drivers (Whitelisted) ====================

S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1461032 2008-12-04] (Bison Electronics. Inc. )
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-07-21] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64384 2012-07-21] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-07-21] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 14:54 - 2014-05-19 14:55 - 00021104 _____ () C:\Users\Tel 02166-846678\Desktop\FRST.txt
2014-05-19 14:54 - 2014-05-19 09:48 - 01056768 _____ (Farbar) C:\Users\Tel 02166-846678\Desktop\FRST.exe
2014-05-19 14:52 - 2014-05-19 14:54 - 00000000 ____D () C:\FRST
2014-05-15 17:49 - 2014-05-15 18:03 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-14 12:00 - 2014-05-15 16:41 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-05 13:40 - 2014-05-05 13:41 - 00256184 _____ () C:\Windows\Minidump\Mini050514-01.dmp
2014-04-23 08:35 - 2014-05-15 13:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 08:35 - 2014-04-23 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 08:35 - 2014-04-23 09:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-23 08:35 - 2014-04-03 10:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-23 08:35 - 2014-04-03 10:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

2014-05-19 14:55 - 2014-05-19 14:54 - 00021104 _____ () C:\Users\Tel 02166-846678\Desktop\FRST.txt
2014-05-19 14:54 - 2014-05-19 14:52 - 00000000 ____D () C:\FRST
2014-05-19 14:50 - 2009-04-21 08:54 - 00203404 _____ () C:\ProgramData\nvModes.001
2014-05-19 14:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 14:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 14:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 09:48 - 2014-05-19 14:54 - 01056768 _____ (Farbar) C:\Users\Tel 02166-846678\Desktop\FRST.exe
2014-05-15 21:02 - 2012-03-14 20:05 - 00008268 _____ () C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
2014-05-15 18:03 - 2014-05-15 17:49 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-15 17:57 - 2012-04-11 13:50 - 00000000 ____D () C:\Program Files\Yontoo
2014-05-15 16:42 - 2011-07-11 15:26 - 00000000 ____D () C:\Users\Tel 02166-846678\Tracing
2014-05-15 16:41 - 2014-05-14 12:00 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 16:41 - 2011-08-05 10:57 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 16:41 - 2011-06-19 18:06 - 00000000 ____D () C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Home Cinema
2014-05-15 16:16 - 2009-04-21 08:54 - 00203404 _____ () C:\ProgramData\nvModes.dat
2014-05-15 16:11 - 2011-08-05 10:57 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 14:36 - 2013-08-17 13:21 - 00049055 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 14:22 - 2013-08-27 11:57 - 00021020 _____ () C:\Windows\PFRO.log
2014-05-15 14:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-15 13:48 - 2014-04-23 08:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 12:05 - 2012-05-03 14:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 11:48 - 2013-09-12 08:48 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 11:48 - 2012-05-03 14:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 11:48 - 2011-06-12 23:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 16:43 - 2012-08-04 16:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-13 16:43 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 17:54 - 2011-06-19 19:24 - 00000000 ____D () C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
2014-05-12 17:51 - 2011-06-19 19:24 - 00000000 ____D () C:\Users\Tel 02166-846678\Documents\UseNeXT
2014-05-09 14:16 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-05 13:41 - 2014-05-05 13:40 - 00256184 _____ () C:\Windows\Minidump\Mini050514-01.dmp
2014-05-05 13:40 - 2013-09-12 12:17 - 196921553 _____ () C:\Windows\MEMORY.DMP
2014-05-05 13:40 - 2012-05-23 13:47 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 14:59 - 2011-06-19 14:20 - 00000000 ____D () C:\Users\Tel 02166-846678\Fairrank aktuell
2014-04-25 13:20 - 2013-08-02 09:05 - 00001927 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 09:20 - 2014-04-23 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 09:20 - 2014-04-23 08:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-23 09:20 - 2012-03-27 12:42 - 00000863 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 08:35 - 2012-03-27 12:42 - 00000000 ____D () C:\Users\Tel 02166-846678\AppData\Roaming\Malwarebytes
2014-04-23 08:35 - 2012-03-27 12:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-560273994-1905325580-2949801912-1002\$31107f57b469907d7361476450cd4e79

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$31107f57b469907d7361476450cd4e79

ZeroAccess:
C:\Users\Tel 02166-846678\AppData\Local\{31107f57-b469-907d-7361-476450cd4e79}
C:\Users\Tel 02166-846678\AppData\Local\{31107f57-b469-907d-7361-476450cd4e79}\@

Files to move or delete:
====================
C:\Users\Tel 02166-846678\AppData\Roaming\desktop.ini
C:\Users\Tel 02166-846678\AppData\Roaming\settings.ini


Some content of TEMP:
====================
C:\Users\Medion\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tel 02166-846678\AppData\Local\Temp\APNSetup.exe
C:\Users\Tel 02166-846678\AppData\Local\Temp\install_flashplayer11x32axau_chra_awa_aih.exe
C:\Users\Tel 02166-846678\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tel 02166-846678\AppData\Local\Temp\wcojp.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-15 17:05

==================== End Of Log ============================

--- --- ---

und:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by Tel 02166-846678 at 2014-05-19 14:55:54
Running from C:\Users\Tel 02166-846678\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.48 - APN, LLC) <==== ATTENTION
Azurewave Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Bison Webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.12a - Bison Webcam)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.100.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version: - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2318 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2318 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5615 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2209b - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2209b - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2217 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2217 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.1111 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.1111 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2305 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2305 - CyberLink Corp.) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
Dell 968 AIO Printer (HKLM\...\Dell 968 AIO Printer) (Version: - Dell, Inc.)
DriverTuner 3.1.0.0 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
FLAC To MP3 V4.0.5 (HKLM\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Free Audio Converter version 5.0.37.327 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{A818DAE1-EBBE-4438-B557-8115955D88E4}) (Version: 14.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBP & ARELIS 9.7.1 (HKLM\...\IBP9_is1) (Version: 9.7.1 - Axandra GmbH)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JPEG Resampler Vs 4.7 (HKLM\...\JPEG Resampler_is1) (Version: - David Macek)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
L7000_Basic (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 10.0.1 (x86 de) (HKLM\...\Mozilla Firefox 10.0.1 (x86 de)) (Version: 10.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20111 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4033E880-B959-49E7-A1B0-BF2E81BBC2AA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.7.0 - Synaptics)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
UMTS USB Modem Manager (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - BASE&E-PLUS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4FB6D8D7-0FD3-4D3F-BBFC-8CB62226BA4E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
Video DVD Maker v3.32.0.80 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - )
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {202BA798-988F-49A4-A92C-5416A2254FBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {577777D5-5D94-440F-8D1F-50189A9EA3C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {606369F9-861C-47B0-AA4E-61EE3EA27FE6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {64677B04-DC23-4B30-80DC-8E9D39E7E363} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B91BEC2E-5B4C-4AA7-A5CE-FA3C9238C41B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D4EA4411-8808-4691-B1DE-9B805D3FFDB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05] (Google Inc.)
Task: {DD94D78B-0209-495A-B8B5-D42ED3568B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F8BC6188-9B75-492A-8150-68F307C7C90F} - System32\Tasks\DriverTuner Startup => C:\Program Files\DriverTuner\DriverTuner.exe [2013-01-11] (LionSea)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 02:51:42 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/19/2014 02:44:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2014 04:51:31 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2014 04:08:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\CYBERLINK POWERDVD 8.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\CYBERLINK POWERDVD 8.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (05/15/2014 04:08:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\TEL 02166-846678\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD 8\POWERDVD 8-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

System errors:
=============
Error: (05/19/2014 02:56:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/19/2014 02:52:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/19/2014 02:51:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/19/2014 02:51:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (05/19/2014 02:51:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/19/2014 02:51:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/19/2014 02:51:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/19/2014 02:45:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/19/2014 02:45:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/19/2014 02:44:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Microsoft Office Sessions:
=========================
Error: (03/13/2012 03:57:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/10/2012 04:39:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2042.14 MB
Available physical RAM: 1630.01 MB
Total Pagefile: 4319.56 MB
Available Pagefile: 4088.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.66 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.08 GB) (Free:148.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:5.51 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=0C)

==================== End Of Log ============================

Danke im voraus für Deine Hilfe1
LG

schrauber · 20.05.2014, 08:24

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-560273994-1905325580-2949801912-1002\...\Run: [ikmybhl] => regsvr32.exe "C:\ProgramData\ikmybhl.dat"
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0o1bjj6.lnk
ShortcutTarget: 0o1bjj6.lnk -> 6jjb1o0.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t8zihv1.lnk
ShortcutTarget: 7t8zihv1.lnk -> 1vhiz8t7.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frjejwev.lnk
ShortcutTarget: frjejwev.lnk -> vewjejrf.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvewlv0.lnk
ShortcutTarget: fvewlv0.lnk -> 0vlwevf.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lf7hloo.lnk
ShortcutTarget: lf7hloo.lnk -> oolh7fl.gsa,MMS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlq3rjt.lnk
ShortcutTarget: rlq3rjt.lnk -> tjr3qlr.cpp,XXS1 (No File)
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vr8zodkj6.lnk
ShortcutTarget: vr8zodkj6.lnk -> C:\ProgramData\2992199F9A\6jkdoz8rv.cpp ()
Startup: C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjo1zjv4.lnk
ShortcutTarget: zjo1zjv4.lnk -> 4vjz1ojz.cpp,XXS1 (No File)
S2 Winmgmt; C:\Users\TEL021~1\Desktop\6jjb1o0.cpp [X]
2014-05-14 12:00 - 2014-05-15 16:41 - 00000000 ____D () C:\ProgramData\2992199F9A

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Rechner normal starten.

sharkymg · 20.05.2014, 12:26

Hallo Schrauber,

hebe seit dem Scan nichts am Laptop gemacht. Allerdings ist er jetzt in so einer Bootschleife. Auch wenn ich "Abgesicherter Modus" eingebe, landet er wieder in diesem Startmodus, wo ich auswählen kann, Windows normal zu starten oder im abgesicherten Modus etc. ;-(
LG

schrauber · 21.05.2014, 07:51

Fix hast Du noch nicht gemacht?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Den Fix dann in der Recovery machen.

sharkymg · 21.05.2014, 13:15

hallo Schrauber,
in die System Reparatur Option komme ich gar nicht. Der faährt immer wieder in die Auswahl mit:

Abgesicherter Modus
Abgesicherter Modus mit Netzwerktreibern
Abgesicherter Modus mit Eingabeaufforderung
letzte als funktionierend bekannte Konfiguration (erweitert)
Windows normal starten

zurück.

Auch wenn ich F12 drücke, passiert das, wenn ich im Boot Menu

USB Key: SigmaTel MSCN-(USB 2.) (R/F)F auswähle...;-(

LG

schrauber · 22.05.2014, 08:51

Zitat:

Abgesicherter Modus
Abgesicherter Modus mit Netzwerktreibern
Abgesicherter Modus mit Eingabeaufforderung
letzte als funktionierend bekannte Konfiguration (erweitert)
Windows normal starten

Wenn Du bei F8 nur diese Auswahl hast, und keine Option Computer reparieren, musst du wie oben angegeben den Weg über DVD gehen.

sharkymg · 22.05.2014, 15:17

hab die Windows DVD nicht, Vista war vorinstalliert...;_(...sieht final aus, was?

schrauber · 23.05.2014, 16:02

Kannste eine leihen? Bei nem Bekannten? Legale Iso Files gibt es meines Wissens nach nur für Win7.

sharkymg · 27.05.2014, 09:14

Hmm frage mal, aber wer hat noch Vista? Oder kann ich auch jedes andere System nehmen?

schrauber · 28.05.2014, 09:25

Du kannst auch gleich auf Win 7 upgrade, mit legaler scheibe und key. Deine Daten bleiben erhalten.

sharkymg · 11.07.2014, 13:14

Habe jetzt gerade ein VIStA mit Code bestellt, melde mich, wenn das installiert ist, danke!

schrauber · 12.07.2014, 07:42

warum vista?

sharkymg · 25.07.2014, 11:34

Hallo Schrauber,

habe jetzt eine Vista DVD gekauft, allerdings lässt sich das Note book nicht von der CD booten bzw. ich komme immer wieder in diese Auswahl zurück:
Abgesicherter Modus
Abgesicherter Modus mit Netzwerktreibern
Abgesicherter Modus mit Eingabeaufforderung
letzte als funktionierend bekannte Konfiguration (erweitert)
Windows normal starten

zurück.

...;-(..

LG

23.05.2014, 16:02	#10
schrauber /// the machine /// TB-Ausbilder	GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht Kannste eine leihen? Bei nem Bekannten? Legale Iso Files gibt es meines Wissens nach nur für Win7. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

28.05.2014, 09:25	#12
schrauber /// the machine /// TB-Ausbilder	GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht Du kannst auch gleich auf Win 7 upgrade, mit legaler scheibe und key. Deine Daten bleiben erhalten. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

12.07.2014, 07:42	#14
schrauber /// the machine /// TB-Ausbilder	GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht warum vista? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht

Plagegeister aller Art und deren Bekämpfung: GVU Virus (mit Merkel-Bild)bei Windows Vista, Sytemwiederherstellung funktioniert nicht