Hallo erstmal!

Ich bin leider in den Geschmack des GVU-Virus gekommen und würde ihn wieder zu gerne weg bekommen!

Bei jedem Start bekomme ich anstatt den üblichen Bildschirm meines Desktops eine "Zahlungsaufforderung der Polizei".

Beim Versuch im abgesichertem Modus zu starten, startet der Computer Windows einfach neu.

Ich habe mich nun etwas durch das Forum gelesen und das Farbar Recovery Scan Tool laut Anleitung ausgeführt mit folgendem Ergebnis:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by SYSTEM on MININT-OJPVD6I on 29-12-2014 09:45:27
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => "H:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\Run: [AvastUI.exe] => "H:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\...\Run: [UpdateP2GoShortCut] => "H:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\...\Run: [UpdatePDRShortCut] => "H:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
HKLM\...\Run: [UpdatePPShortCut] => "H:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
HKLM\...\Run: [UpdatePSTShortCut] => "H:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Winlogon: [Userinit] H:\Windows\system32\userinit.exe,
Winlogon\Notify\LBTWlgn: h:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
BootExecute: BootManautocheck autochk * 

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; "H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 AdobeFlashPlayerUpdateSvc; H:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 avast! Antivirus; "H:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 IePluginService; H:\ProgramData\IePluginService\PluginService.exe -service [X]
S3 LBTServ; H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [X]
S3 Microsoft Office Groove Audit Service; "H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 nvsvc; "H:\Windows\system32\nvvsvc.exe" [X]
S2 nvUpdatusService; "H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S3 odserv; "H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 RichVideo; "H:\Program Files\CyberLink\Shared Files\RichVideo.exe" [X]
S2 TuneUp.UtilitiesSvc; "H:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [X]
S2 Wpm; H:\ProgramData\WPM\wprotectmanager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2324480 2005-06-20] (Realtek Semiconductor Corp.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-09] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-05-09] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-05-09] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180632 2014-05-09] ()
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
S3 iaStorA; C:\Windows\system32\drivers\iaStorA.sys [489968 2013-07-02] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24048 2013-07-02] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [583664 2013-07-02] (Intel Corporation)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.)
S3 epmntdrv; \??\H:\Windows\system32\epmntdrv.sys [X]
S3 EuGdiDrv; \??\H:\Windows\system32\EuGdiDrv.sys [X]
S3 TuneUpUtilitiesDrv; \??\H:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\System32\drivers\ALCXWDM.SYS 35045A23957A71BA649740741E69408C
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 4D6C6E0505A8E5A0656DCB223497D37C
C:\Windows\system32\drivers\aswMonFlt.sys 1A2CC93BBD77C2D95A7567938D7D7239
C:\Windows\system32\drivers\aswRdr2.sys 9A646294396BBCDF29CF1CB4B1B0D68B
C:\Windows\System32\Drivers\aswRvrt.sys 24B3BDA01DB3A704E33A5266C7B52DAF
C:\Windows\system32\drivers\aswSnx.sys A148A36F871BFDBF80654D28D6B59FAE
C:\Windows\system32\drivers\aswSP.sys EBD3B15E2E01EE94BA5262FAFC691A8E
C:\Windows\system32\drivers\aswStm.sys E458D8D20AF6FE3F4784C18E8A1F02C3
C:\Windows\System32\Drivers\aswVmm.sys B2D7EE52633CA8831DDAFCA81C2D46C3
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys 178CC9403816C082D22A1D47FA1F9C85
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HCWBT8XX.sys E4AEF0DAACBE59B048BE0224A6D0E601
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorA.sys 95E0895DC40A6DAA8D0A92D12993DE79
C:\Windows\System32\drivers\iaStorF.sys C10DFBB841657DE0032B0CA29AC2A041
C:\Windows\system32\drivers\iaStorS.sys 64EC5FC35D38F1EE71650E8384ECCA44
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\LHidFilt.Sys B68309F25C5787385DA842EB5B496958
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 63D3B1D3CD267FCC186A0146B80D453B
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 0C62957912D4DF1E4BA9795E6BE3ED38
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 7E6E0797EB91F1D63641058416044313
C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\DRIVERS\VClone.sys 2CC2660B3EC3434C88D2C808DD7937D4
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys CF68C54937BACCC0DA9A056FFA2A3988
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 09:44 - 2014-12-29 09:45 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {e346e32c-de6b-11e3-83d8-eec9f4527804}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=E:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=E:
systemroot              \Windows
resumeobject            {e346e32c-de6b-11e3-83d8-eec9f4527804}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[E:]\Recovery\e346e32e-de6b-11e3-83d8-eec9f4527804\Winre.wim,{e346e32f-de6b-11e3-83d8-eec9f4527804}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\e346e32e-de6b-11e3-83d8-eec9f4527804\Winre.wim,{e346e32f-de6b-11e3-83d8-eec9f4527804}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {e346e32c-de6b-11e3-83d8-eec9f4527804}
device                  partition=E:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=E:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {e346e32f-de6b-11e3-83d8-eec9f4527804}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\e346e32e-de6b-11e3-83d8-eec9f4527804\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 1023.55 MB
Available physical RAM: 646.72 MB
Total Pagefile: 1023.55 MB
Available Pagefile: 640.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.39 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:232.87 GB) (Free:158.9 GB) NTFS
Drive e: () (Fixed) (Total:148.95 GB) (Free:78.25 GB) NTFS
Drive g: () (Removable) (Total:29.8 GB) (Free:1.22 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 172CEB02)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00910090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-05-09 10:12

==================== End Of Log ============================
         

Ich bedanke mich schon mal im Voraus!

hi,

sind da mehrere Windows Installationen auf dem Rechner? Was ist Laufwerk H?

Laufwerk H ist ein von Deamon-Tools erstelltes Laufwerk. Von mehreren Windows Installationen weiß ich allerdings nichts...obwohl ich es selbst eigenartig gefunden habe das Farbar das auch erwähnt hat. Hab auch bereits meinen Freund gefragt der mir den Pc aufgesetzt hat - allerdings hat der auch keine Ahnung was damit gemeint ist. Win7 ist zumindest auf Festplatte "C".

Zitat:

obwohl ich es selbst eigenartig gefunden habe das Farbar das auch erwähnt hat

wie erwähnt?

Ich hab das Farbar Recovery Scan Tool wie laut eurer Anleitung ausgeführt - als ich über das Eingabefenster den USB-Stick ausgewählt habe und mit dem Befehl frst.exe das Tool gestartet habe, wurde ich darauf hingewiesen das ich anscheinend mehrere Windows Installationen hätte und ich mich nun entscheiden müsste, welche ich nun scannen möchte. Die erste Option die er mir angeboten hatte, war jene Festplatte und Windowsversion die mein Freund mir beim Aufsetzen installiert hat (in meinem Fall Festplatte "C").

*mir ist gerade eingefallen das sich vll noch meine Win7 Cd im Laufwerk befunden haben könnte (ich weiß es leider nicht mehr mit Bestimmtheit da ich etwas in Hektik geraten war wegen dem Virus). Wäre das ein Grund wieso das Scan Tool glaubt ich hätte WIndows mehrmals installiert?

Mit freunlichen Grüßen, Kaesbrot

Kanste den Scan bitte wiederholen? Und sicherstellen dass C angewählt ist.

Hab nochmal den Scan durchgeführt - habe C angewählt und hatte keine Cd im Laufwerk.


FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by SYSTEM on MININT-JTF2VND on 30-12-2014 23:51:44
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => "H:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\Run: [AvastUI.exe] => "H:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\...\Run: [UpdateP2GoShortCut] => "H:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\...\Run: [UpdatePDRShortCut] => "H:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
HKLM\...\Run: [UpdatePPShortCut] => "H:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
HKLM\...\Run: [UpdatePSTShortCut] => "H:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "H:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Winlogon: [Userinit] H:\Windows\system32\userinit.exe,
Winlogon\Notify\LBTWlgn: h:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
BootExecute: BootManautocheck autochk * 

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; "H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 AdobeFlashPlayerUpdateSvc; H:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 avast! Antivirus; "H:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 IePluginService; H:\ProgramData\IePluginService\PluginService.exe -service [X]
S3 LBTServ; H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [X]
S3 Microsoft Office Groove Audit Service; "H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 nvsvc; "H:\Windows\system32\nvvsvc.exe" [X]
S2 nvUpdatusService; "H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S3 odserv; "H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 RichVideo; "H:\Program Files\CyberLink\Shared Files\RichVideo.exe" [X]
S2 TuneUp.UtilitiesSvc; "H:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [X]
S2 Wpm; H:\ProgramData\WPM\wprotectmanager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2324480 2005-06-20] (Realtek Semiconductor Corp.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-09] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-05-09] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-05-09] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180632 2014-05-09] ()
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
S3 iaStorA; C:\Windows\system32\drivers\iaStorA.sys [489968 2013-07-02] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24048 2013-07-02] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [583664 2013-07-02] (Intel Corporation)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.)
S3 epmntdrv; \??\H:\Windows\system32\epmntdrv.sys [X]
S3 EuGdiDrv; \??\H:\Windows\system32\EuGdiDrv.sys [X]
S3 TuneUpUtilitiesDrv; \??\H:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 09:44 - 2014-12-30 23:51 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 1023.55 MB
Available physical RAM: 646.88 MB
Total Pagefile: 1023.55 MB
Available Pagefile: 646.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.29 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:232.87 GB) (Free:158.9 GB) NTFS
Drive e: () (Fixed) (Total:148.95 GB) (Free:78.25 GB) NTFS
Drive g: () (Removable) (Total:29.8 GB) (Free:1.22 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 172CEB02)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00910090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-05-09 10:12

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---


Ich habe meinen Freund der mir den Pc aufgesetzt auch einmal das Ergebnis des Scans anschauen lassen, da (so glaube ich) wiedermal zu sehen ist, dass noch eine WIndows Installation existiert. Er sagte, dass das "zweite" Windows "Überreste" auf der Festplatte sind, die er mir zusätzlich in den Pc eingebaut hat. Auf dieser hatte er vor dem Einbau Windows installiert. Es tut mir leid, dass das alles etwas verworren ist, aber ich kenn mich mit Pcs nicht sonderlich gut aus und lasse daher auch jenen Freund an dem Gerät basteln wenn ich etwas brauche.

Und nur das keine Missverständnisse entstehen: ich habe 2 Festplatten. Auf der "alten" (die ich gescannt habe) ist das Windows7 oben das ich nutze, auf der anderen die zusätzlich eingebaut wurde "Überreste" des Windows, dass darauf installiert war.

Ich hoffe es sind dadurch keine Fragen offen geblieben und bedanke mich für deine Geduld schrauber!

Bau die andere bitte aus. weil:

wie man sieht werden teilweise infos aus Laufwerk H gelesen, wie zb die Autostartpunkte.
So sehe ich nicht die aktive Malware auf C, und kann nichts entfernen.

So, habe nun die andere Festplatte abgesteckt und nochmals einen Scan durchgeführt - ich glaube das es nun passt.


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by SYSTEM on MININT-S7T6SQN on 01-01-2015 17:35:03
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52392 2009-01-29] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\Administrator\...\Run: [DriverMax] => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [9621368 2014-05-08] (Innovative Solutions)
HKU\Administrator\...\Run: [DriverMax_RESTART] => [X]
HKU\Büro\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\Büro\...\Winlogon: [Shell] C:\Users\Büro\AppData\Roaming\Other.res [400896 2014-05-19] (Codmaster) <==== ATTENTION 
IFEO\eraser.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\helplauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcd-uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcdmount.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcdprefs.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-27] (AVAST Software)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [247152 2009-01-21] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware)
S2 UserAccess7; C:\Windows\system32\UAService7.exe [143360 2014-10-08] (Sony DADC Austria AG.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2000-01-01] (Realtek Semiconductor Corp.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-27] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-10-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-10-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [206248 2014-10-27] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-16] (Disc Soft Ltd)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [11376 2003-09-09] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-18] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 17:34 - 2015-01-01 17:35 - 00000000 ____D () C:\FRST
2014-12-29 01:44 - 2014-12-29 01:44 - 00003224 ____N () C:\bootsqm.dat
2014-12-22 11:25 - 2014-12-22 11:25 - 00223711 _____ () C:\Users\Büro\Documents\comic.pptx
2014-12-18 19:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-14 13:06 - 2014-12-25 13:11 - 00000000 ____D () C:\Users\Büro\Desktop\eli
2014-12-14 03:21 - 2014-12-14 03:34 - 39687370 _____ () C:\Users\Büro\Downloads\AY_fshujhg7).rar
2014-12-14 03:16 - 2014-12-14 03:26 - 31170116 _____ () C:\Users\Büro\Downloads\A Mgfjhgyjuhgio.rar
2014-12-10 22:37 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-12-10 22:37 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-12-10 22:37 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-12-10 22:37 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 22:37 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-10 22:37 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-12-10 22:36 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-12-10 22:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-12-10 22:36 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-12-10 22:36 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-12-10 22:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-12-10 22:36 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-12-10 22:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-12-10 22:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-12-10 22:36 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-12-10 22:36 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-12-10 22:36 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-12-10 22:36 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-12-10 22:36 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-12-10 22:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-12-10 22:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-12-10 22:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-12-10 22:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-12-10 22:36 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-12-10 22:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-12-10 22:36 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-12-10 22:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-12-10 22:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-12-10 22:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-12-10 22:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 00001584 _____ () C:\Users\Public\Desktop\Terraria.lnk
2014-12-09 20:22 - 2014-12-09 20:22 - 00000000 ____D () C:\Program Files\Microsoft XNA
2014-12-09 20:22 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2014-12-09 20:22 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2014-12-09 17:33 - 2014-12-09 17:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 16:28 - 2014-12-09 16:28 - 109190808 _____ (GOG.com ) C:\Users\Büro\Downloads\setup_terraria_2.0.0.1.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 09:21 - 2014-10-10 23:02 - 00009650 _____ () C:\Windows\setupact.log
2014-12-29 08:43 - 2010-11-20 22:01 - 01507106 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-29 08:32 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 08:32 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 08:28 - 2014-05-18 09:11 - 01116725 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 08:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-12-29 01:35 - 2014-08-26 11:41 - 00000000 ____D () C:\Users\Büro\Desktop\Japan 2
2014-12-26 22:17 - 2014-10-28 10:58 - 00000000 ____D () C:\Program Files\Steam
2014-12-26 00:30 - 2014-11-06 19:13 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\TS3Client
2014-12-23 21:36 - 2014-05-18 11:54 - 00024815 _____ () C:\hph7345.log
2014-12-23 21:36 - 2014-05-18 11:54 - 00000000 _____ () C:\hpfr5550.xml
2014-12-22 12:42 - 2014-05-20 21:59 - 00000000 ____D () C:\Users\Büro\AppData\Local\Battle.net
2014-12-22 11:25 - 2014-05-18 09:30 - 00000000 ____D () C:\users\Büro
2014-12-16 01:05 - 2014-05-20 21:58 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-13 17:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:09 - 2014-05-18 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-12-13 13:09 - 2014-05-18 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-12-13 13:09 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Büro\AppData\Local\Adobe
2014-12-12 21:04 - 2014-07-26 20:32 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 20:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-12-11 01:52 - 2014-05-19 14:46 - 00000000 ____D () C:\Windows\System32\MRT
2014-12-11 01:47 - 2014-05-19 14:46 - 109818608 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-12-10 22:23 - 2014-05-18 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 20:25 - 2014-10-02 18:47 - 00000000 ____D () C:\Users\Büro\Documents\My Games
2014-12-09 20:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-09 20:21 - 2014-05-18 23:22 - 00000000 ____D () C:\Games
2014-12-09 19:21 - 2014-11-10 00:34 - 00000000 ____D () C:\Windows\pss
2014-12-07 23:55 - 2014-05-19 16:38 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Skype
2014-12-05 20:02 - 2014-05-21 10:11 - 00000000 ____D () C:\Program Files\Hearthstone

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\oi_{27AFDF3D-62C3-4E16-94BA-E24521B52999}.exe
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkt4ir.dll
C:\Users\Büro\AppData\Local\Temp\install_flashplayer16x32au_mssd_aaa_aih.exe
C:\Users\Büro\AppData\Local\Temp\SRLDetectionLibrary8322397628942996893.dll
C:\Users\Büro\AppData\Local\Temp\stuprt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-15 10:06] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-16 22:56:00
Restore point made on: 2014-12-19 02:17:04
Restore point made on: 2014-12-23 11:36:52
Restore point made on: 2014-12-26 20:46:04

==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 1023.55 MB
Available physical RAM: 641.48 MB
Total Pagefile: 1023.55 MB
Available Pagefile: 638.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:78.1 GB) NTFS
Drive f: () (Removable) (Total:29.8 GB) (Free:1.22 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00910090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-12-25 02:01

==================== End Of Log ============================
         

--- --- ---


Grüße, Kaesbrot

Guck an, und schon kann ich was machen


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKU\Büro\...\Winlogon: [Shell] C:\Users\Büro\AppData\Roaming\Other.res [400896 2014-05-19] (Codmaster) <==== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by SYSTEM at 2015-01-01 22:06:30 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Büro\...\Winlogon: [Shell] C:\Users\Büro\AppData\Roaming\Other.res [400896 2014-05-19] (Codmaster) <==== ATTENTION
*****************

HKU\Büro\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

==== End of Fixlog 22:06:30 ====
         

Bitte - Danke!

Bootet der Rechner normal? Wenn ja dann ab jetzt alles im normalen Modus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Der Computer startet soweit normal - mir kommt nur vor als ob die Ladezeiten länger wären, eben als ich Firefox gestartet habe um hier ins Forum zu schreiben...vll nur Einbildung? Aber sonst alles ok!

Hier ist der Scan durch FRST:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by Büro (administrator) on BÜRO-PC on 02-01-2015 23:13:31
Running from C:\Users\Büro\Desktop
Loaded Profile: Büro (Available profiles: Büro & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony DADC Austria AG.) C:\Windows\System32\UAService7.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52392 2009-01-29] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\MountPoints2: {3a5c7258-2776-11e4-ab3e-0015f240d7e4} - H:\iLinker.exe
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\MountPoints2: {52af4c5f-de64-11e3-a9d8-0015f240d7e4} - G:\SETUP.EXE
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\MountPoints2: {8caba61a-e976-11e3-b1b6-0015f240d7e4} - F:\LGAutoRun.exe
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\MountPoints2: {e8a82972-f533-11e3-818f-0015f240d7e4} - F:\setup.exe
IFEO\eraser.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\helplauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcd-uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcdmount.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\vcdprefs.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-33330606-2639672753-3976457375-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-33330606-2639672753-3976457375-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-33330606-2639672753-3976457375-1000 -> {A4B718F2-F1BF-42D7-9ABC-90394A84EBC5} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-33330606-2639672753-3976457375-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\2tn0p2pf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-33330606-2639672753-3976457375-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Büro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-33330606-2639672753-3976457375-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-18]

Chrome: 
=======
CHR Profile: C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2002-12-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-27] (AVAST Software)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [247152 2009-01-21] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [File not signed]
R2 UserAccess7; C:\Windows\system32\UAService7.exe [143360 2014-10-08] (Sony DADC Austria AG.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2000-01-01] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-16] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [11376 2003-09-09] () [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-18] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 23:13 - 2015-01-02 23:15 - 00013925 _____ () C:\Users\Büro\Desktop\FRST.txt
2015-01-02 23:11 - 2015-01-02 23:11 - 01115136 _____ (Farbar) C:\Users\Büro\Desktop\FRST.exe
2015-01-01 17:34 - 2015-01-02 23:13 - 00000000 ____D () C:\FRST
2014-12-29 01:44 - 2014-12-29 01:44 - 00003224 ____N () C:\bootsqm.dat
2014-12-22 11:25 - 2014-12-22 11:25 - 00223711 _____ () C:\Users\Büro\Documents\comic.pptx
2014-12-18 19:48 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 13:06 - 2014-12-25 13:11 - 00000000 ____D () C:\Users\Büro\Desktop\eli
2014-12-10 22:37 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:37 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:37 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:37 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:37 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:37 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:36 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:36 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:36 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:36 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:36 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:36 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:36 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:36 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:36 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:36 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:36 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 00001584 _____ () C:\Users\Public\Desktop\Terraria.lnk
2014-12-09 20:22 - 2014-12-09 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-09 20:22 - 2014-12-09 20:22 - 00000000 ____D () C:\Program Files\Microsoft XNA
2014-12-09 20:22 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-09 20:22 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-09 20:22 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-09 17:33 - 2014-12-09 17:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 16:28 - 2014-12-09 16:28 - 109190808 _____ (GOG.com ) C:\Users\Büro\Downloads\setup_terraria_2.0.0.1.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 23:14 - 2014-05-18 09:11 - 01158118 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 23:10 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 23:10 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 23:01 - 2014-07-26 20:31 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 23:00 - 2014-10-10 23:02 - 00009818 _____ () C:\Windows\setupact.log
2015-01-02 23:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 08:43 - 2010-11-20 22:01 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 08:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-29 01:35 - 2014-08-26 11:41 - 00000000 ____D () C:\Users\Büro\Desktop\Japan 2
2014-12-29 00:58 - 2014-07-26 20:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 22:17 - 2014-10-28 10:58 - 00000000 ____D () C:\Program Files\Steam
2014-12-26 00:30 - 2014-11-06 19:13 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\TS3Client
2014-12-23 21:36 - 2014-05-18 11:54 - 00024815 _____ () C:\hph7345.log
2014-12-23 21:36 - 2014-05-18 11:54 - 00000000 _____ () C:\hpfr5550.xml
2014-12-22 12:42 - 2014-05-20 21:59 - 00000000 ____D () C:\Users\Büro\AppData\Local\Battle.net
2014-12-22 11:25 - 2014-05-18 09:30 - 00000000 ____D () C:\Users\Büro
2014-12-16 01:05 - 2014-05-20 21:58 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-13 17:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:09 - 2014-05-18 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 13:09 - 2014-05-18 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 13:09 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Büro\AppData\Local\Adobe
2014-12-12 21:04 - 2014-07-26 20:32 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 20:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-11 01:52 - 2014-05-19 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 01:47 - 2014-05-19 14:46 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 22:26 - 2014-05-18 12:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:23 - 2014-05-18 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 20:25 - 2014-10-02 18:47 - 00000000 ____D () C:\Users\Büro\Documents\My Games
2014-12-09 20:23 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-09 20:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-09 20:21 - 2014-05-18 23:22 - 00000000 ____D () C:\Games
2014-12-09 19:21 - 2014-11-10 00:34 - 00000000 ____D () C:\Windows\pss
2014-12-07 23:55 - 2014-05-19 16:38 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Skype
2014-12-05 20:02 - 2014-05-21 10:11 - 00000000 ____D () C:\Program Files\Hearthstone

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\oi_{27AFDF3D-62C3-4E16-94BA-E24521B52999}.exe
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkt4ir.dll
C:\Users\Büro\AppData\Local\Temp\install_flashplayer16x32au_mssd_aaa_aih.exe
C:\Users\Büro\AppData\Local\Temp\SRLDetectionLibrary8322397628942996893.dll
C:\Users\Büro\AppData\Local\Temp\stuprt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 02:01

==================== End Of Log ============================
         

--- --- ---


Und hier die Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2015
Ran by Büro at 2015-01-02 23:16:45
Running from C:\Users\Büro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)
Baldur's Gate II: Enhanced Edition (HKLM\...\QmFsZHVyc0dhdGVJSUVuaGFuY2VkRWRpdGlvbg==_is1) (Version: 1 - )
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands GOTY (HKLM\...\Borderlands GOTY_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.1526 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3018 - CyberLink Corp.)
CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2921 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.5611 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.1815 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.30.0.392 - Innovative Solutions)
Dropbox (HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hauppauge German Help Files and Resources (HKLM\...\Hauppauge German Help Files and Resources) (Version:  - )
Hauppauge WinTV Scheduler (HKLM\...\Hauppauge WinTV Scheduler) (Version:  - )
Hauppauge WinTV Soft PVR (HKLM\...\Hauppauge WinTV Soft PVR) (Version:  - )
Hauppauge WinTV Source Selector (HKLM\...\Hauppauge WinTV Source Selector) (Version:  - )
Hauppauge WinTV2000 (HKLM\...\Hauppauge WinTV2000) (Version:  - )
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
hp photosmart 7345 series (HKLM\...\hp photosmart 7345 series_Driver) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LG United Mobile Drivers (HKLM\...\{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}) (Version: 3.6.0.0 - LG Electronics)
MediaShow (HKLM\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.5907 - CyberLink Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Halo (HKLM\...\Halo) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Self-Service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
SiSoftware Sandra Lite 2014.SP3e (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 20.50.2014.10 - SiSoftware)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SPSS 20 (HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\wwwts-2fa61ac5@@Farm4:SPSS 20) (Version: 1.0 - Delivered by Citrix)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM\...\{2DF5765E-5386-4540-9383-DBC9A0A596F9}) (Version: 6.0.15.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{5D309527-CE0C-4CC2-83DA-1BB5B4BDA301}) (Version: 2.1.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-33330606-2639672753-3976457375-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
VTPlus32 für WinTV (German) (HKLM\...\VTPlus32 für WinTV (German)) (Version:  - )
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Büro\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33330606-2639672753-3976457375-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-12-2014 22:55:23 Windows Update
19-12-2014 02:16:45 Windows Update
23-12-2014 11:36:14 Windows Update
26-12-2014 20:45:12 Windows Update
02-01-2015 23:14:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5292FC02-6925-4EF1-B2B8-DA90762AB5E9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-27] (AVAST Software)
Task: {55DDAA35-F0E1-4353-8521-F28823704016} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {6860E307-D65F-4B2A-A071-70411F78CF49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {A6DFEE7D-B447-44A6-A863-E9D902CA6A00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AFC27743-06F5-4AFE-88B2-F11929A668A9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {C58FA69B-6F9A-43D4-966C-F3E77FB9DCDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-18 09:39 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-28 21:49 - 2014-12-28 21:49 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122801\algo.dll
2015-01-02 23:08 - 2015-01-02 23:08 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
2014-05-18 09:39 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-27 18:51 - 2014-10-27 18:51 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-18 09:46 - 2009-01-21 03:44 - 00247152 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-12-09 17:33 - 2014-12-09 17:34 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinFehler.lnk => C:\Windows\pss\WinFehler.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

========================= Accounts: ==========================

Administrator (S-1-5-21-33330606-2639672753-3976457375-500 - Administrator - Disabled) => C:\Users\Administrator
Büro (S-1-5-21-33330606-2639672753-3976457375-1000 - Administrator - Enabled) => C:\Users\Büro
Gast (S-1-5-21-33330606-2639672753-3976457375-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-33330606-2639672753-3976457375-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-33330606-2639672753-3976457375-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 11:01:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:00:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 09:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:55:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (12/29/2014 08:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:42:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:25:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:17:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 01:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (12/28/2014 09:48:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/02/2015 11:03:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/02/2015 11:03:11 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/01/2015 09:38:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/01/2015 09:38:35 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
CSC
DfsC
discache
ElbyCDIO
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (12/30/2014 11:30:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 Processor 3200+
Percentage of memory in use: 63%
Total physical RAM: 1023.55 MB
Available physical RAM: 376.29 MB
Total Pagefile: 2047.55 MB
Available Pagefile: 912.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:77.81 GB) NTFS
Drive d: (SYSTEM) (Fixed) (Total:232.87 GB) (Free:158.9 GB) NTFS
Drive f: (Borderlands GOTY) (CDROM) (Total:2.95 GB) (Free:0 GB) CDFS
Drive h: (Borderlands GOTY) (CDROM) (Total:3.21 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 172CEB02)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00910090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hat alles ohne Probleme geklappt! Hier ist das Logfile -

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 15-01-04.01 - Büro 04.01.2015  18:02:45.1.1 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.1024.295 [GMT 1:00]
ausgeführt von:: c:\users\B³ro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-04 bis 2015-01-04  ))))))))))))))))))))))))))))))
.
.
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-01-02 22:15 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B37CC0C4-BB17-4373-8F1D-A67C1CD7B452}\mpengine.dll
2015-01-01 16:34 . 2015-01-02 22:17	--------	d-----w-	C:\FRST
2014-12-18 18:48 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-10 21:36 . 2014-11-22 01:31	1075200	----a-w-	c:\program files\Internet Explorer\networkinspection.dll
2014-12-09 19:22 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2014-12-09 19:22 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2014-12-09 19:22 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2014-12-09 19:22 . 2010-02-04 09:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2014-12-09 19:22 . 2007-04-04 17:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2014-12-09 19:22 . 2014-12-09 19:22	--------	d-----w-	c:\program files\Microsoft XNA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 12:09 . 2014-05-18 11:00	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 12:09 . 2014-05-18 11:00	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-24 13:04 . 2014-05-18 08:47	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-11-21 23:22 . 2014-05-18 09:37	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-11-21 23:22 . 2014-05-18 09:37	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-11-11 02:44 . 2014-11-18 21:44	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:44	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-10-31 22:33 . 2014-05-18 09:37	70384	----a-w-	c:\windows\system32\drivers\aswmonflt.sys
2014-10-27 17:51 . 2014-05-18 09:37	91496	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-10-27 17:51 . 2014-05-18 09:37	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-10-27 17:51 . 2014-05-18 09:37	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-10-27 17:51 . 2014-05-18 09:37	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-10-27 17:51 . 2014-05-18 09:37	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-10-27 17:51 . 2014-10-27 17:51	291352	----a-w-	c:\windows\system32\aswBoot.exe
2014-10-27 17:51 . 2014-10-27 17:51	43152	----a-w-	c:\windows\avastSS.scr
2014-10-25 01:32 . 2014-11-13 00:28	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 00:44	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-13 00:28	136632	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-13 00:28	523776	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-13 00:28	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-13 00:28	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-13 00:28	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-13 00:32	2379264	----a-w-	c:\windows\system32\win32k.sys
2014-10-08 15:51 . 2014-10-08 15:51	143360	----a-w-	c:\windows\system32\UAService7.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-27 17:51	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk]
path=c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
backup=c:\windows\pss\Citrix Receiver.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinFehler.lnk]
path=c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinFehler.lnk
backup=c:\windows\pss\WinFehler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48	1022152	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 18:59	103720	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 15:50	50472	------w-	c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-27 18:41	87336	------w-	c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2000-01-01 00:00	604704	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 20:16	222504	------w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 09:02	222504	------w-	c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2009-05-19 20:16	222504	------w-	c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2009-06-19 15:15	210216	------w-	c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-27 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [2014-10-06 73200]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-05-18 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-19 1343400]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-16 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-27 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-31 70384]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 19:58	1087816	----a-w-	c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-26 19:31]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-26 19:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\2tn0p2pf.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2788)
c:\windows\System32\netprofm.dll
.
Zeit der Fertigstellung: 2015-01-04  18:23:28
ComboFix-quarantined-files.txt  2015-01-04 17:23
.
Vor Suchlauf: 9 Verzeichnis(se), 83.084.918.784 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 82.957.922.304 Bytes frei
.
- - End Of File - - 9CC5A3DA99636FCB3F1B78237D012F24
A36C5E4F47E84449FF07ED3517B43A31