hallo,

ich bin neu hier und habe ein problem und hoffe ich erhalte hier hilfe!
hier die erklärung:
ich wollte für meinen arbeitskollegen den bekannten virus "bundeskriminalamt" löschen,
da ich dies bei meinem laptop auch schon erfolgreich und ohne probleme geschafft habe.
leider hat es bei seinem laptop (asus G75V, Windows 8) nicht so gut funktioniert.
als ich den abgesicherten modus starten wollte und bei der msconfig ein häckchen
bei "im abgesicherten modus" starten gemacht habe, hat das übel angefangen.
beim booten stellt er immer wieder von alleine ab und starten dann wieder von alleine.. (endlosschleife). nun komme ich garnicht mehr auf den desktop!

habe soeben etwas bemerkt.
anscheinend habe ich vergessen in der msconfig auch noch ein häckchen bei
"Starteinstellungen sollen immer gelten" zu setzten.
kann es sein das es daran liegt??

brauche hilfe!

Hi und

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by SYSTEM on MININT-L25GM60 on 23-02-2015 14:19:58
Running from g:\
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-25] (Bitdefender)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKU\Media\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKU\Media\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\Media\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BED7C17F3.lnk
ShortcutTarget: BED7C17F3.lnk -> C:\ProgramData\3F71C7DEB.cpp ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-25] (Bitdefender)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-25] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\BED7C17F3.zot [356864 2015-01-24] ()
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-25] (BitDefender)
S3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-25] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-25] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-25] (BitDefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-25] (BitDefender LLC)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
S3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [23552 2011-07-29] ( )
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-25] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 14:19 - 2015-02-23 14:19 - 00000000 ____D () C:\FRST
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 _____ () C:\Recovery.txt
2015-02-22 14:43 - 2015-02-22 14:43 - 00000000 ____D () C:\Windows\pss
2015-01-24 20:01 - 2015-01-24 20:01 - 00356864 ____T () C:\ProgramData\BED7C17F3.zot
2015-01-24 19:58 - 2015-01-24 19:58 - 00208896 _____ () C:\ProgramData\3F71C7DEB.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 14:43 - 2014-11-09 11:36 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2015-02-22 14:43 - 2014-10-29 19:13 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 14:43 - 2013-11-17 10:50 - 00000000 __RDO () C:\Users\Media\SkyDrive
2015-02-22 14:43 - 2013-11-17 10:35 - 00000000 ____D () C:\users\Media
2015-02-22 14:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 14:42 - 2015-01-18 14:23 - 00001616 _____ () C:\Windows\setupact.log
2015-02-22 14:42 - 2013-11-17 10:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-22 14:34 - 2013-08-08 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-22 14:34 - 2013-01-12 09:00 - 00000401 _____ () C:\Users\Media\AppData\Roaming\sp_data.sys
2015-02-22 14:27 - 2013-11-17 10:32 - 01563163 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 14:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2015-02-22 13:41 - 2014-10-29 19:13 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 13:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-02-22 13:41 - 2013-05-04 16:42 - 00257536 ___SH () C:\Users\Media\Desktop\Thumbs.db
2015-02-14 13:12 - 2014-10-29 19:13 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 13:12 - 2014-10-29 19:13 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 20:02 - 2013-09-16 17:56 - 00000501 _____ () C:\Windows\System32\checkdnsid.xml
2015-01-24 19:36 - 2014-11-09 11:36 - 00000288 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2015-01-24 15:29 - 2013-04-22 19:35 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468729109-622446871-3802970351-1002
2015-01-24 14:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-24 14:16 - 2013-09-30 05:14 - 01776918 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-24 14:16 - 2013-09-30 04:56 - 00765582 _____ () C:\Windows\System32\perfh007.dat
2015-01-24 14:16 - 2013-09-30 04:56 - 00159366 _____ () C:\Windows\System32\perfc007.dat

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 12241.2 MB
Available physical RAM: 11155.98 MB
Total Pagefile: 12241.2 MB
Available Pagefile: 11188.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.05 GB) (Free:0.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.78 GB) (Free:43.18 GB) NTFS
Drive e: (Data1) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS
Drive f: (Data2) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS
Drive g: (TOSHIBA) (Removable) (Total:1.92 GB) (Free:0.4 GB) FAT
Drive i: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 8BD9A329)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-01-24 15:29

==================== End Of Log ============================
         

--- --- ---

[/CODE]

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BED7C17F3.lnk
ShortcutTarget: BED7C17F3.lnk -> C:\ProgramData\3F71C7DEB.cpp ()
S2 Winmgmt; C:\ProgramData\BED7C17F3.zot [356864 2015-01-24] 
C:\ProgramData\SetStretch.exe
C:\ProgramData\BED7C17F3.zot
C:\ProgramData\3F71C7DEB.cpp
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by SYSTEM at 2015-02-23 15:17:48 Run:1
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BED7C17F3.lnk
ShortcutTarget: BED7C17F3.lnk -> C:\ProgramData\3F71C7DEB.cpp ()
S2 Winmgmt; C:\ProgramData\BED7C17F3.zot [356864 2015-01-24] 
C:\ProgramData\SetStretch.exe
C:\ProgramData\BED7C17F3.zot
C:\ProgramData\3F71C7DEB.cpp
*****************

C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BED7C17F3.lnk => Moved successfully.
C:\ProgramData\3F71C7DEB.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\BED7C17F3.zot => Moved successfully.
"C:\ProgramData\3F71C7DEB.cpp" => File/Directory not found.

==== End of Fixlog 15:17:48 ====
         

Startet Windows jetzt wieder normal?

ja er startet wieder normal,
halt im abgesicherten modus.
VIELEN DANK!
kannst du mir noch sagen wie ich den trojaner entfernen soll.
es gibt da ja mehrere anleitungen, will aber nicht nochmal was falsch machen.
ihr habt da bestimmt schon anleitungen, einen link würde mir reichen.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ich bin jetzt halt noch im abgesicherten modus,
ich hoffe das ist ok.




FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Media (administrator) on USER on 23-02-2015 16:46:51
Running from C:\Users\Media\Desktop
Loaded Profiles: Media (Available profiles: UpdatusUser & Media)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-25] (Bitdefender)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\MountPoints2: {309feee2-7d3e-11e4-bf13-6c71d91f1ce8} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\MountPoints2: {9fcb657c-7aaa-11e3-beec-6c71d91f1ce8} - "H:\Startme.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-468729109-622446871-3802970351-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
SearchScopes: HKU\S-1-5-21-468729109-622446871-3802970351-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-468729109-622446871-3802970351-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-04-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-25] (Bitdefender)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-09-23] (Valve Corporation) [File not signed]
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-25] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-25] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-25] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-25] (BitDefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-25] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
S3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [23552 2011-07-29] ( )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-25] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:46 - 2015-02-23 16:46 - 00012706 _____ () C:\Users\Media\Desktop\FRST.txt
2015-02-23 16:46 - 2015-02-23 16:44 - 02087424 _____ (Farbar) C:\Users\Media\Desktop\FRST64.exe
2015-02-23 14:19 - 2015-02-23 16:46 - 00000000 ____D () C:\FRST
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 _____ () C:\Recovery.txt
2015-02-22 14:43 - 2015-02-22 14:43 - 00000000 ____D () C:\WINDOWS\pss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:45 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-23 16:45 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-23 16:45 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-22 14:43 - 2014-11-09 11:36 - 00000282 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2015-02-22 14:43 - 2014-10-29 19:13 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 14:43 - 2013-11-17 10:50 - 00000000 __RDO () C:\Users\Media\SkyDrive
2015-02-22 14:43 - 2013-11-17 10:35 - 00000000 ____D () C:\Users\Media
2015-02-22 14:43 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-22 14:42 - 2015-01-18 14:23 - 00001616 _____ () C:\WINDOWS\setupact.log
2015-02-22 14:42 - 2013-11-17 10:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-22 14:34 - 2013-08-08 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-22 14:34 - 2013-01-12 09:00 - 00000401 _____ () C:\Users\Media\AppData\Roaming\sp_data.sys
2015-02-22 14:27 - 2013-11-17 10:32 - 01563163 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 14:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-22 13:41 - 2014-10-29 19:13 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 13:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-22 13:41 - 2013-05-04 16:42 - 00257536 ___SH () C:\Users\Media\Desktop\Thumbs.db
2015-02-14 13:12 - 2014-10-29 19:13 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 13:12 - 2014-10-29 19:13 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 20:02 - 2013-09-16 17:56 - 00000501 _____ () C:\WINDOWS\system32\checkdnsid.xml
2015-01-24 19:36 - 2014-11-09 11:36 - 00000288 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2015-01-24 19:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 15:29 - 2013-04-22 19:35 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468729109-622446871-3802970351-1002

==================== Files in the root of some directories =======

2013-01-12 09:00 - 2015-02-22 14:34 - 0000401 _____ () C:\Users\Media\AppData\Roaming\sp_data.sys
2014-04-13 14:40 - 2014-04-13 14:40 - 0000017 _____ () C:\Users\Media\AppData\Local\resmon.resmoncfg
2013-04-22 20:09 - 2013-04-22 20:09 - 0695504 _____ () C:\ProgramData\1366656573.bdinstall.bin
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-06-21 20:20 - 2013-06-21 20:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-06-21 20:20 - 2013-06-21 20:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 15:29

==================== End Of Log ============================
         

--- --- ---

--- --- ---

[/CODE]

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Media at 2015-02-23 16:47:11
Running from C:\Users\Media\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.019 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.28.0.1789 - Bitdefender)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.7.711 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.7.711 - DVDVideoSoft Ltd.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.4.5 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {52A23CE0-C19E-4A10-B274-F2BCFF4C5EF9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {61072C6B-3B77-4182-9058-D12448521ABF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {6A0A5975-4B1A-4386-9327-0385C7E840C0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-17] (Synaptics Incorporated)
Task: {A10551A7-AF35-4B35-8B16-7B825BBB5D29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AA9A64C7-2B12-4806-9D77-44C8EA4D507A} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {B8D2AC14-A038-4B86-8443-5FE1FAEF633F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {C17E5DC0-9157-400A-AD84-06958225C8BC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {CE1D9BD3-C69C-42FC-91C5-F38B9C1FA0D1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {D4A4F035-B6A7-4A8C-8413-51D284A69C2A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC9C5DF6-0BB0-4022-B798-DB225E884BEE} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender 2013\mtasklaunch.exe [2013-10-25] (Bitdefender)
Task: {F96EB354-3ABC-4DCA-A433-F2DD809D0366} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Media\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-468729109-622446871-3802970351-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-468729109-622446871-3802970351-500 - Administrator - Disabled)
Gast (S-1-5-21-468729109-622446871-3802970351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-468729109-622446871-3802970351-1007 - Limited - Enabled)
Media (S-1-5-21-468729109-622446871-3802970351-1002 - Administrator - Enabled) => C:\Users\Media
UpdatusUser (S-1-5-21-468729109-622446871-3802970351-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 04:28:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:43:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:26:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:25:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 01:42:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 01:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 01:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 03:54:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/24/2015 08:25:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/23/2015 04:47:10 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:47:10 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:46:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/23/2015 04:46:52 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:46:52 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:46:52 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/23/2015 04:46:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/23/2015 04:46:47 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:46:47 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:46:47 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (02/23/2015 04:28:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:43:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:26:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:25:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 01:42:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/14/2015 01:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/14/2015 01:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (01/25/2015 03:54:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (01/24/2015 08:25:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 6%
Total physical RAM: 12241.2 MB
Available physical RAM: 11504.71 MB
Total Pagefile: 14097.2 MB
Available Pagefile: 13413.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.05 GB) (Free:0.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.78 GB) (Free:43.18 GB) NTFS
Drive e: (Data1) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS
Drive f: (Data2) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS
Drive h: (TOSHIBA) (Removable) (Total:1.92 GB) (Free:0.4 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 8BD9A329)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Ich hab doch extra gefragt ob Windows wieder normal bootet, wieso kommste jetzt mitm abgesicherten Modus

sorry, dachte wenn ich normal starte kommt direkt wieder der virus
und ich kann das mit dem FRST nicht machen.
es geht!! bis aufs mousepad geht alles. aber wenn ich eine mouse dran hänge
geht das auch.
hast du den virus schon rausgenommen mit dieser "textdatei"?

Bitte mach neue FRST Logs im normalen Modus!

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Media (administrator) on USER on 23-02-2015 17:05:40
Running from C:\Users\Media\Desktop
Loaded Profiles: Media (Available profiles: UpdatusUser & Media)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-25] (Bitdefender)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\MountPoints2: {309feee2-7d3e-11e4-bf13-6c71d91f1ce8} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-468729109-622446871-3802970351-1002\...\MountPoints2: {9fcb657c-7aaa-11e3-beec-6c71d91f1ce8} - "H:\Startme.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-468729109-622446871-3802970351-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
SearchScopes: HKU\S-1-5-21-468729109-622446871-3802970351-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-468729109-622446871-3802970351-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-04-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-25] (Bitdefender)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-25] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-25] (BitDefender SRL)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-25] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
S3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [23552 2011-07-29] ( )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-25] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:46 - 2015-02-23 17:05 - 00016165 _____ () C:\Users\Media\Desktop\FRST.txt
2015-02-23 16:46 - 2015-02-23 16:44 - 02087424 _____ (Farbar) C:\Users\Media\Desktop\FRST64.exe
2015-02-23 14:19 - 2015-02-23 17:05 - 00000000 ____D () C:\FRST
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 _____ () C:\Recovery.txt
2015-02-22 14:43 - 2015-02-22 14:43 - 00000000 ____D () C:\WINDOWS\pss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 17:05 - 2013-11-17 10:32 - 01802794 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-23 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-23 17:02 - 2013-04-22 19:35 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468729109-622446871-3802970351-1002
2015-02-23 17:01 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-23 17:01 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-23 17:01 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-23 17:00 - 2013-08-08 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-23 16:58 - 2013-01-12 09:00 - 00000401 _____ () C:\Users\Media\AppData\Roaming\sp_data.sys
2015-02-23 16:57 - 2015-01-18 14:23 - 00001693 _____ () C:\WINDOWS\setupact.log
2015-02-23 16:57 - 2014-11-09 11:36 - 00000282 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2015-02-23 16:57 - 2014-10-29 19:13 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 16:57 - 2013-11-17 10:50 - 00000000 __RDO () C:\Users\Media\SkyDrive
2015-02-23 16:57 - 2013-11-17 10:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-23 16:57 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-22 14:43 - 2013-11-17 10:35 - 00000000 ____D () C:\Users\Media
2015-02-22 13:41 - 2014-10-29 19:13 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 13:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-22 13:41 - 2013-05-04 16:42 - 00257536 ___SH () C:\Users\Media\Desktop\Thumbs.db
2015-02-14 13:12 - 2014-10-29 19:13 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 13:12 - 2014-10-29 19:13 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 20:02 - 2013-09-16 17:56 - 00000501 _____ () C:\WINDOWS\system32\checkdnsid.xml
2015-01-24 19:36 - 2014-11-09 11:36 - 00000288 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job

==================== Files in the root of some directories =======

2013-01-12 09:00 - 2015-02-23 16:58 - 0000401 _____ () C:\Users\Media\AppData\Roaming\sp_data.sys
2014-04-13 14:40 - 2014-04-13 14:40 - 0000017 _____ () C:\Users\Media\AppData\Local\resmon.resmoncfg
2013-04-22 20:09 - 2013-04-22 20:09 - 0695504 _____ () C:\ProgramData\1366656573.bdinstall.bin
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-06-21 20:20 - 2013-06-21 20:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-06-21 20:20 - 2013-06-21 20:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 15:29

==================== End Of Log ============================
         

--- --- ---

--- --- ---


FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Media at 2015-02-23 17:06:31
Running from C:\Users\Media\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Virenschutz (Enabled - Out of date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Out of date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.019 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.28.0.1789 - Bitdefender)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.7.711 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.7.711 - DVDVideoSoft Ltd.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.4.5 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {52A23CE0-C19E-4A10-B274-F2BCFF4C5EF9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {61072C6B-3B77-4182-9058-D12448521ABF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {6A0A5975-4B1A-4386-9327-0385C7E840C0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-17] (Synaptics Incorporated)
Task: {A10551A7-AF35-4B35-8B16-7B825BBB5D29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AA9A64C7-2B12-4806-9D77-44C8EA4D507A} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {B8D2AC14-A038-4B86-8443-5FE1FAEF633F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {C17E5DC0-9157-400A-AD84-06958225C8BC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {CE1D9BD3-C69C-42FC-91C5-F38B9C1FA0D1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {D4A4F035-B6A7-4A8C-8413-51D284A69C2A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC9C5DF6-0BB0-4022-B798-DB225E884BEE} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender 2013\mtasklaunch.exe [2013-10-25] (Bitdefender)
Task: {F96EB354-3ABC-4DCA-A433-F2DD809D0366} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-22 20:08 - 2013-10-25 18:59 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-04-22 20:08 - 2013-10-25 19:00 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-04-22 20:08 - 2011-11-14 18:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-10-25 19:00 - 2013-10-25 19:00 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-07-26 12:20 - 2014-07-26 12:20 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_018\ashttpbr.mdl
2014-07-26 12:20 - 2014-07-26 12:20 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_018\ashttpdsp.mdl
2014-07-26 12:20 - 2014-07-26 12:21 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_018\ashttpph.mdl
2014-07-26 12:20 - 2014-07-26 12:21 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_018\ashttprbl.mdl
2012-10-04 15:58 - 2012-10-04 15:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 15:58 - 2012-10-04 15:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2012-09-29 20:02 - 2012-09-29 20:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 19:57 - 2012-09-29 19:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-09-29 19:59 - 2012-09-29 19:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 20:01 - 2012-09-29 20:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-10-17 08:41 - 2012-09-17 04:13 - 01367864 _____ () C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
2014-01-11 15:24 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-12-21 05:49 - 2011-09-19 11:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-01-11 15:24 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-01-11 15:24 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-01-11 15:24 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-01-03 10:38 - 2014-01-03 10:38 - 00571392 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2012-12-21 05:42 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Media\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-468729109-622446871-3802970351-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-468729109-622446871-3802970351-500 - Administrator - Disabled)
Gast (S-1-5-21-468729109-622446871-3802970351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-468729109-622446871-3802970351-1007 - Limited - Enabled)
Media (S-1-5-21-468729109-622446871-3802970351-1002 - Administrator - Enabled) => C:\Users\Media
UpdatusUser (S-1-5-21-468729109-622446871-3802970351-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 04:58:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/23/2015 04:28:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:43:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:26:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 02:25:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2015 01:42:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 01:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 01:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 03:54:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "P2G.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "P2G.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/23/2015 04:59:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (02/23/2015 04:59:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/23/2015 04:57:08 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/23/2015 04:57:02 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (02/23/2015 04:58:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/23/2015 04:28:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:43:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:26:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 02:25:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/22/2015 01:42:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/14/2015 01:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (02/14/2015 01:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

Error: (01/25/2015 03:54:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: P2G.X,type="win32",version="1.0.0.0"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 14%
Total physical RAM: 12241.2 MB
Available physical RAM: 10442.33 MB
Total Pagefile: 14097.2 MB
Available Pagefile: 12110.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.05 GB) (Free:0.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.78 GB) (Free:43.18 GB) NTFS
Drive e: (Data1) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS
Drive f: (Data2) (Fixed) (Total:349.32 GB) (Free:349.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 8BD9A329)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

--- --- ---

Sieht ja schon fast gut aus

Bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.23.04
  rootkit: v2015.02.22.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Media :: USER [administrator]

23.02.2015 17:42:17
mbar-log-2015-02-23 (17-42-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 425907
Time elapsed: 10 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)