Win7 friert manchmal ein, oder hat Bluescreen beim Start

Joshau · 15.03.2015, 13:30

Ist der "unknown MBR code" eins der Ergebnisse der bisan erfolgreich duchgeführten Tests? Das "CF Log" hingegen eines, das Combifix hätte liefern sollen, aber eben bisan nicht hat?
Ich vermute, Du meinst beides. Demnach müsste ich jetzt eine neue Platte besorgen, das Backup recovern und Combofix den Test erfolgreich durchführen lassen.

Ich melde mich mit dem CF log sobald er mir vorliegt.

schrauber · 15.03.2015, 20:04

ich hab jetzt zwar nur die Hälfte verstanden, aber der letzte Satz klingt gut

Joshau · 16.03.2015, 16:56

Könnte sein. Vorausgesetzt, dass die mir fremdsprachige Zeichenfolge "CF-log" tatsächlich - wie ich mutmaßte - eine Datei bedeutet, die ich Dir mittels Combofix produzieren lassen soll. Andernfalls hätte ich Dir demnächst nur eine Log-Datei von Combofix zugesendet, aber keinen CF-log.

--- Edit ----

Es ist vollbracht, alles auf neuer Platte und Combofix gemacht!
Hier der Inhalt der txt:

Code:

ATTFilter

ComboFix 15-03-14.03 - Wolf o 16.03.15  16:34:07.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2047.1486 [GMT 1:00]
ausgeführt von:: c:\users\Wolf\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\2009Decoder.exe
c:\program files\procexp1204.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-16 bis 2015-03-16  ))))))))))))))))))))))))))))))
.
.
2015-03-16 15:43 . 2015-03-16 15:43	--------	d-----w-	c:\users\Wolf\AppData\Local\temp
2015-03-14 19:20 . 2015-03-14 19:20	17549488	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2015-03-12 00:34 . 2015-03-12 00:34	--------	d-----w-	c:\program files\Recuva
2015-03-11 21:21 . 2015-03-11 21:21	--------	d-----w-	c:\program files\Tweaking.com
2015-03-11 08:22 . 2015-03-11 08:22	25104	----a-w-	c:\windows\system32\drivers\dtultrascsibus.sys
2015-03-11 08:21 . 2015-03-15 00:22	--------	d-----w-	c:\program files\DAEMON Tools Ultra
2015-03-11 08:16 . 2015-03-14 10:29	--------	d-----w-	c:\windows\system32\catroot2
2015-03-10 17:32 . 2015-03-16 15:22	--------	d-----w-	c:\windows\system32\wbem\repository
2015-03-10 16:31 . 2015-03-10 16:31	--------	d-----w-	c:\users\Wolf\AppData\Local\ElevatedDiagnostics
2015-03-10 14:14 . 2015-03-10 14:14	--------	d-----w-	C:\RegBackup
2015-03-09 18:19 . 2015-03-09 18:19	--------	d-----w-	c:\program files\VirtualCloneDrive
2015-03-09 18:13 . 2015-03-09 18:13	--------	d-----w-	c:\program files\Elaborate Bytes
2015-03-09 18:05 . 2015-03-09 18:05	--------	d-----w-	c:\users\Wolf\AppData\Local\Disc_Soft_Ltd
2015-03-09 17:50 . 2015-03-11 08:24	--------	d-----w-	c:\users\Wolf\AppData\Roaming\DAEMON Tools Ultra
2015-03-09 17:49 . 2015-03-09 17:49	--------	d-----w-	c:\programdata\DAEMON Tools Ultra
2015-03-09 17:20 . 2015-03-09 17:22	140160	----a-w-	c:\windows\system32\drivers\sptddrv1.sys
2015-03-08 12:12 . 2015-03-08 12:12	30246	----a-w-	c:\program files\Kill DropBox.exe
2015-03-08 11:15 . 2015-03-08 11:14	30248	----a-w-	c:\program files\Kill Onedrive.exe
2015-03-07 15:13 . 2015-03-07 15:13	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-03-07 15:13 . 2015-03-07 15:26	--------	d-----w-	c:\programdata\RogueKiller
2015-03-06 21:35 . 2009-10-26 09:43	32800	----a-w-	c:\windows\system32\drivers\RTL2832UUSB.sys
2015-03-06 21:35 . 2009-10-26 09:43	93344	----a-w-	c:\windows\system32\drivers\RTL2832UBDA.sys
2015-03-06 21:35 . 2009-10-05 19:20	31872	----a-w-	c:\windows\system32\drivers\RTL2832U_IRHID.sys
2015-03-06 21:34 . 2009-10-15 10:21	135294	----a-w-	c:\windows\system32\RTKFMSOURCE.dll
2015-03-06 21:34 . 2009-09-11 13:15	114688	----atw-	c:\windows\system32\RTL283XACCESS.dll
2015-03-06 21:34 . 2009-09-11 10:44	73832	----a-w-	c:\windows\system32\SuperFrameSplitter.dll
2015-03-06 21:34 . 2009-10-16 10:36	139356	----a-w-	c:\windows\system32\RTKDABSOURCE.dll
2015-03-06 21:34 . 2009-10-15 15:22	348239	----atw-	c:\windows\system32\RTKFM.dll
2015-03-06 21:34 . 2009-10-15 15:16	4690000	----a-w-	c:\windows\system32\RTKDAB.dll
2015-03-06 21:34 . 2009-10-15 14:03	53248	----a-w-	c:\windows\system32\RTKDABMWare.dll
2015-03-06 21:34 . 2015-03-06 21:34	--------	d-----w-	c:\users\Wolf\AppData\Roaming\InstallShield
2015-03-06 11:20 . 2015-03-06 11:35	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-06 11:20 . 2015-03-06 11:20	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-06 11:19 . 2015-03-06 11:19	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-04 10:59 . 2015-03-04 15:42	--------	d-----w-	c:\programdata\BlueStacksSetup
2015-03-02 13:52 . 2015-03-15 09:00	--------	d-----w-	c:\users\Wolf\AppData\Roaming\vlc
2015-02-25 21:30 . 2015-02-25 21:30	--------	d-----w-	c:\program files\AquaSnap
2015-02-25 08:34 . 2015-03-11 19:45	169584	----a-w-	c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-02-25 08:34 . 2015-02-25 08:34	970912	----a-w-	c:\program files\Mozilla Firefox\msvcr120.dll
2015-02-25 08:34 . 2015-02-25 08:34	455328	----a-w-	c:\program files\Mozilla Firefox\msvcp120.dll
2015-02-25 08:34 . 2015-02-25 08:34	3466856	----a-w-	c:\program files\Mozilla Firefox\d3dcompiler_47.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-14 19:20 . 2012-04-25 09:56	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-03-14 19:20 . 2011-05-16 09:04	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-11 08:11 . 2010-10-15 21:42	329384	----a-w-	c:\windows\system32\drivers\sptd.sys
2014-12-25 23:43 . 2011-12-02 11:12	2392168	----a-w-	c:\windows\system32\auto_reactivate.exe
2014-12-25 23:43 . 2014-08-09 12:01	210752	----a-w-	c:\windows\system32\snapapiar.dll
2014-08-11 19:36 . 2014-08-11 19:25	84	----a-w-	c:\program files\ACRONISDDIENST STARTET.vbs
2014-07-30 13:23 . 2014-08-01 11:57	28	----a-w-	c:\program files\Kill unsecapp.bat
2014-04-17 17:22 . 2014-04-18 01:32	23083	----a-w-	c:\program files\Kill HddGuard.exe
2013-08-01 08:59 . 2013-08-01 08:56	48	----a-w-	c:\program files\Kill DesktopOK.bat
2013-06-07 22:23 . 2013-06-07 22:22	23080	----a-w-	c:\program files\Kill BoxCryptor.exe
2011-11-30 20:06 . 2011-12-05 07:47	33792	----a-w-	c:\program files\OneLoupe.exe
2011-05-10 21:45 . 2011-05-16 09:10	172032	----a-w-	c:\program files\poweroff_deutsch.exe
2010-10-20 16:17 . 2010-10-20 16:17	890208	----a-w-	c:\program files\GPU-Z.0.4.7.exe
2010-10-12 15:46 . 2010-11-06 04:08	364544	----a-w-	c:\program files\Updater.exe
2009-04-02 15:47 . 2011-12-02 22:09	648064	----a-w-	c:\program files\autoruns.exe
2000-02-13 21:41 . 2010-10-27 15:33	1733120	----a-w-	c:\program files\Digibib2.exe
1997-01-04 11:23 . 2011-11-19 00:55	246272	----a-w-	c:\program files\Gmouse.exe
1996-02-07 07:07 . 2010-10-27 15:33	24576	----a-w-	c:\program files\_ISREG32.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-13 06:45	329376	----a-w-	c:\users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-13 06:45	329376	----a-w-	c:\users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-13 06:45	329376	----a-w-	c:\users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 08:32	2634920	----a-w-	c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 08:32	2634920	----a-w-	c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 08:32	2634920	----a-w-	c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-06-07 10:24	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{7036EE8C-E7B0-4C46-96E7-08B06DC6E484}"
[HKEY_CLASSES_ROOT\CLSID\{7036EE8C-E7B0-4C46-96E7-08B06DC6E484}]
2013-11-15 13:43	156456	----a-w-	c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17	683200	----a-w-	c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\program files\NirSoft\Volumouse\volumouse.exe" [2009-08-05 33280]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2014-06-26 94416]
"Granola"="c:\program files\MiserWare\Granola Personal\granola.exe" [2012-02-21 887016]
"StrokeIt"="c:\users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe" [2010-01-03 26248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 150208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 5 (0x5)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotificatio"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{E36EB56C-F497-4482-B6E7-BCB93F2B6FDA}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-11-15 156456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - c:\windows\system32\cbfsMntNtf4.dll [2013-11-15 156456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin\0auto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2013-03-10 17:08	88984	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe"
.
R1 MpKsl2b051bfa;MpKsl2b051bfa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [x]
R1 MpKsl71523a7c;MpKsl71523a7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [x]
R1 MpKslc317aad9;MpKslc317aad9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [x]
R1 MpKslec0276e2;MpKslec0276e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2014-08-08 234752]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-06-23 23456]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-09-09 117272]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2014-08-08 3906552]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7152200]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2014-08-08 86304]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys [2014-08-08 736192]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2014-08-08 143648]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2014-08-08 116000]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2014-08-08 85280]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-06-07 299408]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [2013-11-15 323392]
S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 Granola PM Manager;Granola PM Manager;c:\program files\MiserWare\Granola Personal\GranolaManager.exe [2012-02-21 449264]
S3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtultrascsibus.sys [2015-03-11 25104]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-10 651848]
S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys [2013-11-15 15936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ighome.com/
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools ALT\daemon.exe
MSConfigStartUp-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
AddRemove-Digitale Bibliothek - c:\windows\unin0407.exe
.
.
.
Zeit der Fertigstellung: 2015-03-16  16:46:44
ComboFix-quarantined-files.txt  2015-03-16 15:46
.
Vor Suchlauf: 9.494.773.760 Bytes frei
Nach Suchlauf: 9.382.551.552 Bytes frei
.
- - End Of File - - ADDE5801C2678F0C15D54B7E906097E7
A0DC28A9F0CA16B30373955D99189D2F

schrauber · 17.03.2015, 07:28

Schau im im Ordner C:\Qoobox, bitte den Inhalt dieser Datei posten:

ComboFix-quarantined-files.txt

Joshau · 17.03.2015, 10:29

Code:

ATTFilter

2015-03-16 15:45:29 . 2015-03-16 15:45:29              644 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Digitale Bibliothek.reg.dat
2015-03-16 15:45:17 . 2015-03-16 15:45:17              882 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-IR_SERVER.reg.dat
2015-03-16 15:45:17 . 2015-03-16 15:45:17              926 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DAEMON Tools.reg.dat
2015-03-16 15:45:13 . 2015-03-16 15:45:13              166 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB}.reg.dat
2015-03-16 15:45:05 . 2015-03-16 15:45:05              155 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24}.reg.dat
2015-03-16 15:40:01 . 2015-03-16 15:40:01            5,052 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-03-16 15:34:06 . 2015-03-16 15:34:06              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2015-03-09 15:40:13 . 2015-03-16 15:34:07              133 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-11-06 04:08:01 . 2011-07-09 15:29:00        6,619,136 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\2009Decoder.exe.vir
2010-10-20 12:25:12 . 2010-10-20 12:25:12        3,887,480 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\procexp1204.exe.vir
2010-10-16 05:09:50 . 1998-02-06 21:35:22          304,128 ----a-w-  C:\Qoobox\Quarantine\C\Windows\unin0407.exe.vir

schrauber · 17.03.2015, 15:49

Ok, der MBR ist drin.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Joshau · 17.03.2015, 22:20

Hallo Schrauber!

MBR drin heisst, dass da was in den Masterbootrecord geschrieben wurde, was nicht rein gehört? Die anderen von Dir genannten Programme scheinen jedenfalls einiges gefunden zu haben, hier also die logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.03.15
Suchlauf-Zeit: 21:27:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.17.07
Rootkit Datenbank: v2015.02.25.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Wolf

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309069
Verstrichene Zeit: 7 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
Trojan.Packed, C:\Program Files\Kill DropBox.exe, In Quarantäne, [3079a1819af01a1ca3883da8c23fba46], 
Trojan.Packed, C:\Program Files\Kill Onedrive.exe, In Quarantäne, [d8d1061c0585999d49e25d8888796799], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 17/03/2015 um 21:46:48
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Wolf - WOLF-PC
# Gestarted von : C:\Users\Wolf\Desktop\AdwCleaner_4.112.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js
Datei Gefunden : C:\Windows\system32\RegistryHelperLM.ocx
Ordner Gefunden : C:\ProgramData\Registry Helper

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\eSupport.com
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\hdcode
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : HKLM\SOFTWARE\Registry Helper
Schlüssel Gefunden : HKLM\SOFTWARE\Solvusoft
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : HKLM\SOFTWARE\winzipersvc

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v36.0.1 (x86 de)

[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", -25);
[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", -10);
[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.smarterwiki.search_surfcanyon", false);
*************************

AdwCleaner[R3].txt - [3275 Bytes] - [17/03/2015 21:46:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3334 Bytes] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 17/03/2015 um 21:50:40
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Wolf - WOLF-PC
# Gestarted von : C:\Users\Wolf\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Registry Helper
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\Solvusoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v36.0.1 (x86 de)

[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", -25);
[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", -10);
[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.smarterwiki.search_surfcanyon", false);

*************************

AdwCleaner[R3].txt - [3413 Bytes] - [17/03/2015 21:46:48]
AdwCleaner[S2].txt - [3362 Bytes] - [17/03/2015 21:50:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3421  Bytes] ##########

[/CODE]
--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x86
Ran by Wolf on Di 17.03.15 at 21:54:41,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Wolf\AppData\Roaming\mozilla\firefox\profiles\pzx2deug.default\prefs.js

user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
Emptied folder: C:\Users\Wolf\AppData\Roaming\mozilla\firefox\profiles\pzx2deug.default\minidumps [208 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Di 17.03.15 at 21:56:09,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Wolf (administrator) on WOLF-PC on 17-03-2015 22:36:25
Running from C:\Users\Wolf\Desktop
Loaded Profiles: Wolf (Available profiles: Wolf)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Allway Sync\Bin\SyncService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe
() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [OneDrive] => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-13] (Microsoft Corporation)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: {69c69ae8-c7c7-11e4-ab6a-00218503c947} - H:\setup.exe
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk
ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk
ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll [2008-02-15] (BinarySense, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default
FF Homepage: hxxp://www.ighome.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml [2014-10-14]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml [2014-10-14]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml [2014-10-19]
FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07]
FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07]
FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07]
FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07]
FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07]
FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07]
FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]
FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]
FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]
FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]
FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector

Chrome: 
=======
CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]
R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\HIDEC.3XE" "C:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-03-11] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [93344 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [329384 2015-03-11] (Duplex Secure Ltd.)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)
S3 catchme; \??\C:\Users\Wolf\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]
S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]
S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]
S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 SANDRA; \??\E:\SiSoftware Sandra Lite 2015.SP1\WNt600x86\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 a20780r3; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 22:36 - 2015-03-17 22:36 - 00019797 _____ () C:\Users\Wolf\Desktop\FRST.txt
2015-03-17 22:36 - 2015-03-17 22:35 - 01135104 _____ (Farbar) C:\Users\Wolf\Desktop\FRST.exe
2015-03-17 22:30 - 2015-03-16 14:20 - 01618512 _____ () C:\Users\Wolf\Desktop\EasyBCD_2.2b182.exe
2015-03-17 22:23 - 2015-03-08 12:12 - 00000052 _____ () C:\Program Files\Kill Onedrive.bat
2015-03-17 22:23 - 2013-05-01 11:28 - 00000029 _____ () C:\Program Files\Kill DropBox.bat
2015-03-17 21:56 - 2015-03-17 22:36 - 00000000 ____D () C:\FRST
2015-03-17 21:46 - 2015-03-17 21:50 - 00000000 ____D () C:\AdwCleaner
2015-03-17 21:37 - 2015-03-17 21:51 - 00001136 _____ () C:\Windows\PFRO.log
2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-17 21:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 21:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 14:50 - 2015-03-17 14:50 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\GUL
2015-03-17 11:55 - 2015-03-17 11:55 - 00000808 _____ () C:\Users\Wolf\Downloads\WDR.xspf
2015-03-16 18:15 - 2015-03-16 18:15 - 01665395 _____ () C:\Program Files\procexp1204.zip
2015-03-16 18:14 - 2015-03-16 18:14 - 01997800 _____ () C:\Program Files\2009Decoder.zip
2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyBCD
2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Program Files\EasyBCD
2015-03-16 14:05 - 2015-03-16 14:05 - 00000000 ____D () C:\Program Files\DAEMON Tools
2015-03-15 19:04 - 2015-03-17 21:51 - 00000392 _____ () C:\Windows\setupact.log
2015-03-15 19:04 - 2015-03-15 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 17:50 - 2015-03-15 17:50 - 00001699 _____ () C:\Users\Wolf\Desktop\start TV u. clock nach n sec - Verknüpfung.lnk
2015-03-14 20:20 - 2015-03-14 20:20 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-03-12 01:34 - 2015-03-12 01:34 - 00000000 ____D () C:\Program Files\Recuva
2015-03-11 22:21 - 2015-03-11 22:21 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-11 09:22 - 2015-03-11 09:22 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrascsibus.sys
2015-03-11 09:21 - 2015-03-15 01:22 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra
2015-03-10 15:14 - 2015-03-10 15:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Windows-7-Ultimate-(32-bit).dat
2015-03-10 15:14 - 2015-03-10 15:14 - 00000000 ____D () C:\RegBackup
2015-03-09 19:19 - 2015-03-09 19:19 - 00000000 ____D () C:\Program Files\VirtualCloneDrive
2015-03-09 19:13 - 2015-03-09 19:13 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Disc_Soft_Ltd
2015-03-09 19:01 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Public\Documents\Daemon Tools Images
2015-03-09 18:50 - 2015-03-11 09:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\DAEMON Tools Ultra
2015-03-09 18:49 - 2015-03-09 18:49 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2015-03-09 18:20 - 2015-03-09 18:22 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sptddrv1.sys
2015-03-09 16:40 - 2015-03-09 16:40 - 00000000 ____D () C:\Qoobox
2015-03-09 01:07 - 2015-03-07 16:02 - 00001108 _____ () C:\0 Desktop.lnk
2015-03-09 01:07 - 2015-03-06 20:05 - 00001239 _____ () C:\Batch für Prozessbeendigung.lnk
2015-03-09 01:07 - 2015-03-06 13:08 - 00000779 _____ () C:\Betriebs.lnk
2015-03-09 01:07 - 2014-12-24 13:18 - 00000801 _____ () C:\z Portable.lnk
2015-03-09 01:07 - 2014-11-04 17:45 - 00000810 _____ () C:\GrundProgsg.lnk
2015-03-07 16:13 - 2015-03-07 16:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-07 16:13 - 2015-03-07 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-06 22:35 - 2009-10-26 10:43 - 00093344 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2015-03-06 22:35 - 2009-10-26 10:43 - 00032800 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2015-03-06 22:35 - 2009-10-05 20:20 - 00031872 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2015-03-06 22:34 - 2015-03-06 22:34 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\InstallShield
2015-03-06 22:34 - 2009-10-16 11:36 - 00139356 _____ (Realtek) C:\Windows\system32\RTKDABSOURCE.dll
2015-03-06 22:34 - 2009-10-15 16:22 - 00348239 ____T (Realtek) C:\Windows\system32\RTKFM.dll
2015-03-06 22:34 - 2009-10-15 16:16 - 04690000 _____ (Realtek) C:\Windows\system32\RTKDAB.dll
2015-03-06 22:34 - 2009-10-15 15:03 - 00053248 _____ () C:\Windows\system32\RTKDABMWare.dll
2015-03-06 22:34 - 2009-10-15 11:21 - 00135294 _____ (Realtek) C:\Windows\system32\RTKFMSOURCE.dll
2015-03-06 22:34 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\system32\RTL283XACCESS.dll
2015-03-06 22:34 - 2009-09-11 11:44 - 00073832 _____ () C:\Windows\system32\SuperFrameSplitter.dll
2015-03-06 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-06 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-06 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-06 17:05 - 2015-03-06 17:05 - 00000000 ____D () C:\Windows\erdnt
2015-03-06 12:20 - 2015-03-17 22:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 12:20 - 2015-03-06 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-06 12:19 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-05 21:44 - 2015-03-05 21:51 - 00000066 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32 .txt
2015-03-05 13:49 - 2015-03-05 13:49 - 00000020 _____ () C:\Users\Wolf\defogger_reenable
2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt
2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk
2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar
2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL
2015-03-02 14:52 - 2015-03-17 14:03 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc
2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar
2015-03-02 12:27 - 2015-03-06 14:49 - 00155358 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar
2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe
2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat
2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL
2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat
2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log
2015-02-27 12:27 - 2015-03-12 23:53 - 00169836 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar
2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log
2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log
2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar
2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log
2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap
2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log
2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL
2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL
2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log
2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log
2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log
2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log
2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log
2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt
2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log
2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 22:28 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell
2015-03-17 21:56 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 21:56 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 21:56 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 21:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 21:36 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress
2015-03-17 20:23 - 2015-02-09 12:34 - 06814674 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar
2015-03-17 18:51 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype
2015-03-16 22:23 - 2014-11-08 11:00 - 00001724 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini
2015-03-16 18:24 - 2014-09-11 23:49 - 00159943 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 15:45 - 2013-05-17 16:49 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BURN ISO VIRTUAL-DRIVE
2015-03-16 15:44 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese
2015-03-15 18:56 - 2015-02-09 12:33 - 07407012 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar
2015-03-15 17:56 - 2010-10-15 22:08 - 00000000 ____D () C:\Windows\pss
2015-03-15 15:03 - 2013-06-02 20:07 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysExplor MenuEdit
2015-03-14 20:20 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 20:20 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 20:04 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe
2015-03-14 18:02 - 2010-10-15 21:48 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung & TroubleShoot
2015-03-13 07:46 - 2014-09-25 10:37 - 00002176 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-11 22:54 - 2012-09-27 19:49 - 00000000 ____D () C:\Users\Public\Documents\PhraseExpress
2015-03-11 20:45 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-11 09:11 - 2010-10-15 22:42 - 00329384 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-03-11 08:40 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox
2015-03-10 18:40 - 2010-10-15 21:09 - 00067296 _____ () C:\Users\Wolf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 18:40 - 2009-07-14 05:33 - 00307424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:24 - 2009-07-14 03:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_359
2015-03-10 11:43 - 2013-05-12 00:01 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Tools & Convert
2015-03-09 18:19 - 2014-11-12 18:09 - 00000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2015-03-09 04:09 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-09 04:09 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps
2015-03-09 04:09 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump
2015-03-09 04:09 - 2010-10-16 04:39 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\uTorrent
2015-03-07 12:11 - 2010-10-28 21:46 - 00007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2015-03-06 23:15 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram
2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ____D () C:\Program Files\Realtek
2015-03-06 22:27 - 2010-10-15 22:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-03-06 22:20 - 2010-10-15 21:55 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-06 17:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public
2015-03-06 12:21 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-05 22:06 - 2013-09-28 01:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Wächter u Reperatur
2015-03-05 21:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-05 13:49 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf
2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla
2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar
2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2015-03-02 13:35 - 2015-02-09 12:34 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar
2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto

==================== Files in the root of some directories =======

2015-03-16 18:14 - 2015-03-16 18:14 - 1997800 _____ () C:\Program Files\2009Decoder.zip
2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs
2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf
2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe
2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu
2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu
2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt
2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP
2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini
2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt
2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für  Remoce Torrent.gms
2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe
2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP
2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe
2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe
2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat
2015-03-17 22:23 - 2013-05-01 11:28 - 0000029 _____ () C:\Program Files\Kill DropBox.bat
2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe
2015-03-17 22:23 - 2015-03-08 12:12 - 0000052 _____ () C:\Program Files\Kill Onedrive.bat
2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat
2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt
2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt
2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt
2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe
2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe
2015-03-16 18:15 - 2015-03-16 18:15 - 1665395 _____ () C:\Program Files\procexp1204.zip
2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg
2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe
2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt
2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL
2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini
2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak
2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!
2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko
2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini
2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache
2014-11-12 18:09 - 2015-03-09 18:19 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2010-10-28 21:46 - 2015-03-07 12:11 - 0007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db
2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log
2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Wolf\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolf\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Wolf\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 02:04

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Wolf at 2015-03-17 22:36:54
Running from C:\Users\Wolf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acronis True Image 2014 (HKLM\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
AquaSnap 1.12.1 (HKLM\...\{60CECC09-6E7B-4392-AA49-A6CBE1E2786C}) (Version: 1.12.1 - hxxp://www.nurgo-software.com?utm_source=AquaSnap&utm_medium=application&utm_campaign=continuous)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)
BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)
Boxcryptor 2.0 (HKLM\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
CrystalDiskInfo 6.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
Desktopsymbole ausblenden 0.1 (HKLM\...\{C2424372-6F72-4364-9DDE-D0D28113F5D1}_is1) (Version:  - XProfan.Com)
DirComp (HKLM\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
GhostMouse 2.0 (HKLM\...\GhostMouse 2.0) (Version:  - )
Granola (HKLM\...\{9B0E7CB3-A6A8-4E2C-80E3-2188B8B035CB}) (Version: 5.0.1 - MiserWare, Inc.)
HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version:  - EFD Software)
HDD Regenerator (HKLM\...\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}) (Version: 20.11.0011 - Abstradrome)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
ISO Workshop 5.5 (HKLM\...\ISO Workshop_is1) (Version:  - Glorylogic)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Encarta 99 Enzyklopädie (HKLM\...\Encarta99D) (Version: 99D - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Moo0 RightClicker 1.47 (HKLM\...\Moo0 RightClicker) (Version:  - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Volumouse (HKLM\...\Volumouse) (Version:  - )
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.198.198.0 - Tracker Software Products Ltd)
PhraseExpress v10.5.35 (HKLM\...\PhraseExpress_is1) (Version: 10.5.35 - Bartels Media GmbH)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Right Click Enhancer 4.3.1 (HKLM\...\Right Click Enhancer) (Version: 4.3.1 - RBSoft, Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StrokeIt (Deutsch) (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt (Deutsch)) (Version:  - )
StrokeIt (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 3.0.0 (HKLM\...\System Explorer_is1) (Version:  - Mister Group)
Tweaking.com - Simple System Tweaker (HKLM\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - ArcSoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-03-10 18:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065E9E43-BEE6-4D82-8573-6D5DCD6737CD} - System32\Tasks\BoxCryptor 2-x, NEU => C:\Program Files\NEW Boxcryptor\Boxcryptor.exe [2014-04-08] (Secomba GmbH)
Task: {1B94BC7D-3534-4DE8-BF69-6CE2674920E2} - System32\Tasks\kill boxscrip => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {2CCD60D3-8578-4A89-9173-B99978307D7C} - System32\Tasks\AcronisDienst Stop => C:\Windows\system32\net.exe [2009-07-14] (Microsoft Corporation)
Task: {3E209D04-EA76-4D87-9F6D-260E407AA064} - System32\Tasks\Acronis Scheduler Dienst starten => C:\Windows\system32\Net.exe [2009-07-14] (Microsoft Corporation)
Task: {5E177179-7564-4584-AA37-B54FCE1DFFC6} - System32\Tasks\KILL DropBox => C:\Program Files\Kill DropBox.bat [2013-05-01] ()
Task: {7A42BEB4-A140-4454-9D7F-FFE774BE4E98} - System32\Tasks\WDR Philo-Sendung
Task: {7E0BB72C-E5C1-4325-8B34-B47DB0ADC89D} - System32\Tasks\BoxCryptor => C:\Program Files\BoxCryptor\BoxCryptor.exe [2012-06-07] (Secomba GmbH)
Task: {97CB342F-49F1-4D7D-AB86-4BA87F83B3D6} - System32\Tasks\Termin => C:\Users\Wolf\Desktop\Termin.txt
Task: {9FF061A7-6D8B-403A-826F-DD6ACB57DCA5} - System32\Tasks\AquaSnap => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [2015-02-23] (Nurgo-Software)
Task: {ACBA7AE2-0C7A-439B-9193-8484E1E11A41} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B675FB0B-C15F-4240-B8CA-2C5103AF92D4} - System32\Tasks\DropBox => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {C5A5E2F6-79A7-4DB0-BC01-286B414DDA8B} - System32\Tasks\Kill BoxScriptor NEU => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {E7C11865-CF8D-4952-B3C4-BA8575442A83} - System32\Tasks\Kill OneDrive => C:\Program Files\Kill Onedrive.bat [2015-03-08] ()
Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION
Task: {EEC1AEF6-BF1C-4341-A6DD-A6A15D6FD349} - System32\Tasks\KDE Mover => C:\Program Files\KDE Mover-Sizer for Windows\KDE Mover-Sizer.exe [2009-10-12] ()
Task: {EFD7ABDE-CAD3-4BE8-8DB5-7BAF310AF5FF} - System32\Tasks\Uhr auf Desk => C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE [2004-09-26] ()
Task: {F59D9840-21B6-4D4A-B607-74E74F77D052} - System32\Tasks\PhrasenProgramm => C:\Program Files\PhraseExpress\phraseexpress.exe [2014-10-23] (Bartels Media GmbH)
Task: {F7EC8DEF-0A23-4B1F-B9F7-BE086564B326} - System32\Tasks\Kill unsecapp.exe => C:\Program Files\Kill unsecapp.bat [2014-07-30] ()
Task: {FC488C27-8609-4CBE-B97E-F4E20B316AFC} - System32\Tasks\Uhr im Tray => C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe [2004-09-07] (Kazubon)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2011-06-25 03:54 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-11-16 02:13 - 2014-06-24 12:04 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe
2013-10-01 09:32 - 2013-10-01 09:32 - 02634920 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
2012-02-21 09:12 - 2012-02-21 09:12 - 00449264 _____ () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2BE9FEFC
AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A
AlternateDataStreams: C:\ProgramData\TEMP:A5A1816B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AHDDC2 => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDDHealth => 2
MSCONFIG\Services: HDDlife HDD Access service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SearchAnonymizer => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: IR_SERVER => C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2588859782-1139336777-623044890-500 - Administrator - Disabled)
Gast (S-1-5-21-2588859782-1139336777-623044890-501 - Limited - Disabled)
Wolf (S-1-5-21-2588859782-1139336777-623044890-1001 - Administrator - Enabled) => C:\Users\Wolf

==================== Faulty Device Manager Devices =============

Name: MpKslec0276e2
Description: MpKslec0276e2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslec0276e2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl2b051bfa
Description: MpKsl2b051bfa
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl2b051bfa
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl71523a7c
Description: MpKsl71523a7c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl71523a7c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKslc317aad9
Description: MpKslc317aad9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslc317aad9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 2047.3 MB
Available physical RAM: 986.05 MB
Total Pagefile: 5117.3 MB
Available Pagefile: 3960.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.85 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:29.3 GB) (Free:13.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Arch) (Fixed) (Total:68.36 GB) (Free:55.8 GB) NTFS
Drive e: (Back) (Fixed) (Total:175.78 GB) (Free:56.47 GB) NTFS
Drive f: (Dow) (Fixed) (Total:658.07 GB) (Free:555.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F0E5415B)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=658.1 GB) - (Type=05)

==================== End Of Log ============================

schrauber · 18.03.2015, 11:51

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Joshau · 19.03.2015, 01:54

Nö, momentan nicht. Komme mir bloß ein bisschen vor wie beim Arzt, der allerlei Sachen mit mir anstellt und vor lauter Konzentration nicht hört auf mein fragen, was er denn da so macht. Na ja, schließlich bin ich nicht mein PC.
Ich hoffe, ich werde noch heut Nacht dazu kommen, die angewiesenen Operationen durchzuführen - danke, Dir einen schönen Tag!

--- edit ---

Hier nun die logs.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=920e4e52546d7f4cbf8319215a51546d
# engine=22971
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-19 12:43:39
# local_time=2015-03-19 01:43:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41411152 178357010 0 0
# scanned=171890
# found=21
# cleaned=0
# scan_time=7094
sh=C3EB532BFFB32B5982D6028C5E2CD9C096A408C4 ft=1 fh=89cc5f5067b76069 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OK44YEH\setup[1].exe"
sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe"
sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"
sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"
sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"
sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe"
sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"
sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"
sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"
sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Revealer Keylogger.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Unlocker1.9.1.exe"
sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"
sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"
sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\Betriebs\1Allerlei\Unlocker1.9.1.exe"
sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"
sh=64C63505096186996B6CAB3B009E80D257BBF075 ft=1 fh=f64f4ef24f987c38 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\Bildbetrachter InfranView\PSDViewer32Setup.exe"
sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"
sh=64C63505096186996B6CAB3B009E80D257BBF075 ft=1 fh=f64f4ef24f987c38 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\X Andere\Bildbetrachter InfranView\PSDViewer32Setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Wise Registry Cleaner 5.9.4  
 Java 7 Update 67  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	17.0.0.134  
 Mozilla Firefox (36.0.1) 
 Mozilla Thunderbird (31.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Wolf (administrator) on WOLF-PC on 19-03-2015 01:51:52
Running from C:\Users\Wolf\Desktop
Loaded Profiles: Wolf (Available profiles: Wolf)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Allway Sync\Bin\SyncService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: {69c69ae8-c7c7-11e4-ab6a-00218503c947} - H:\setup.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll [2008-02-15] (BinarySense, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default
FF Homepage: hxxp://www.ighome.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml [2014-10-14]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml [2014-10-14]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml [2014-10-19]
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml [2014-10-19]
FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07]
FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07]
FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07]
FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07]
FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07]
FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07]
FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]
FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]
FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]
FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]
FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector

Chrome: 
=======
CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]
R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\HIDEC.3XE" "C:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-03-11] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [93344 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [329384 2015-03-11] (Duplex Secure Ltd.)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)
S3 catchme; \??\C:\Users\Wolf\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]
S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]
S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]
S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 SANDRA; \??\E:\SiSoftware Sandra Lite 2015.SP1\WNt600x86\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ai82zwhh; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 01:51 - 2015-03-19 01:52 - 00018727 _____ () C:\Users\Wolf\Desktop\FRST.txt
2015-03-19 01:51 - 2015-03-19 01:51 - 01135104 _____ (Farbar) C:\Users\Wolf\Desktop\FRST.exe
2015-03-19 01:51 - 2015-03-19 01:51 - 00000000 ____D () C:\Users\Wolf\Desktop\FRST-OlderVersion
2015-03-19 01:49 - 2015-03-19 01:50 - 00000935 _____ () C:\Users\Wolf\Desktop\Security Check.txt
2015-03-18 23:46 - 2015-03-18 23:46 - 00000000 _____ () C:\Users\Wolf\Desktop\3Sat FR 20.3. 0215 Der Henker.txt
2015-03-18 23:21 - 2015-03-19 01:47 - 00000000 ____D () C:\Program Files\ESET
2015-03-18 14:48 - 2015-03-18 14:47 - 00852604 _____ () C:\Users\Wolf\Desktop\SecurityCheck.exe
2015-03-17 22:23 - 2015-03-08 12:12 - 00000052 _____ () C:\Program Files\Kill Onedrive.bat
2015-03-17 22:23 - 2013-05-01 11:28 - 00000029 _____ () C:\Program Files\Kill DropBox.bat
2015-03-17 21:56 - 2015-03-19 01:51 - 00000000 ____D () C:\FRST
2015-03-17 21:46 - 2015-03-17 21:50 - 00000000 ____D () C:\AdwCleaner
2015-03-17 21:37 - 2015-03-17 21:51 - 00001136 _____ () C:\Windows\PFRO.log
2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-17 21:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 21:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 14:50 - 2015-03-17 14:50 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\GUL
2015-03-17 11:55 - 2015-03-17 11:55 - 00000808 _____ () C:\Users\Wolf\Downloads\WDR.xspf
2015-03-16 18:15 - 2015-03-16 18:15 - 01665395 _____ () C:\Program Files\procexp1204.zip
2015-03-16 18:14 - 2015-03-16 18:14 - 01997800 _____ () C:\Program Files\2009Decoder.zip
2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyBCD
2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Program Files\EasyBCD
2015-03-16 14:05 - 2015-03-16 14:05 - 00000962 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools.lnk
2015-03-16 14:05 - 2015-03-16 14:05 - 00000000 ____D () C:\Program Files\DAEMON Tools
2015-03-15 19:04 - 2015-03-18 19:38 - 00000560 _____ () C:\Windows\setupact.log
2015-03-15 19:04 - 2015-03-15 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 17:50 - 2015-03-15 17:50 - 00001699 _____ () C:\Users\Wolf\Desktop\start TV u. clock nach n sec - Verknüpfung.lnk
2015-03-14 20:20 - 2015-03-14 20:20 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-03-12 01:34 - 2015-03-12 01:34 - 00000000 ____D () C:\Program Files\Recuva
2015-03-11 22:21 - 2015-03-11 22:21 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-11 09:22 - 2015-03-11 09:22 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrascsibus.sys
2015-03-11 09:21 - 2015-03-15 01:22 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra
2015-03-10 15:14 - 2015-03-10 15:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Windows-7-Ultimate-(32-bit).dat
2015-03-09 19:19 - 2015-03-09 19:19 - 00000000 ____D () C:\Program Files\VirtualCloneDrive
2015-03-09 19:13 - 2015-03-09 19:13 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Disc_Soft_Ltd
2015-03-09 19:01 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Public\Documents\Daemon Tools Images
2015-03-09 18:50 - 2015-03-11 09:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\DAEMON Tools Ultra
2015-03-09 18:49 - 2015-03-09 18:49 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2015-03-09 18:20 - 2015-03-09 18:22 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sptddrv1.sys
2015-03-09 16:40 - 2015-03-09 16:40 - 00000000 ____D () C:\Qoobox
2015-03-09 01:07 - 2015-03-07 16:02 - 00001108 _____ () C:\0 Desktop.lnk
2015-03-09 01:07 - 2015-03-06 20:05 - 00001239 _____ () C:\Batch für Prozessbeendigung.lnk
2015-03-09 01:07 - 2015-03-06 13:08 - 00000779 _____ () C:\Betriebs.lnk
2015-03-09 01:07 - 2014-12-24 13:18 - 00000801 _____ () C:\z Portable.lnk
2015-03-09 01:07 - 2014-11-04 17:45 - 00000810 _____ () C:\GrundProgsg.lnk
2015-03-07 16:13 - 2015-03-07 16:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-07 16:13 - 2015-03-07 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-06 22:35 - 2009-10-26 10:43 - 00093344 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2015-03-06 22:35 - 2009-10-26 10:43 - 00032800 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2015-03-06 22:35 - 2009-10-05 20:20 - 00031872 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2015-03-06 22:34 - 2015-03-06 22:34 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\InstallShield
2015-03-06 22:34 - 2009-10-16 11:36 - 00139356 _____ (Realtek) C:\Windows\system32\RTKDABSOURCE.dll
2015-03-06 22:34 - 2009-10-15 16:22 - 00348239 ____T (Realtek) C:\Windows\system32\RTKFM.dll
2015-03-06 22:34 - 2009-10-15 16:16 - 04690000 _____ (Realtek) C:\Windows\system32\RTKDAB.dll
2015-03-06 22:34 - 2009-10-15 15:03 - 00053248 _____ () C:\Windows\system32\RTKDABMWare.dll
2015-03-06 22:34 - 2009-10-15 11:21 - 00135294 _____ (Realtek) C:\Windows\system32\RTKFMSOURCE.dll
2015-03-06 22:34 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\system32\RTL283XACCESS.dll
2015-03-06 22:34 - 2009-09-11 11:44 - 00073832 _____ () C:\Windows\system32\SuperFrameSplitter.dll
2015-03-06 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-06 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-06 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-06 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-06 17:05 - 2015-03-06 17:05 - 00000000 ____D () C:\Windows\erdnt
2015-03-06 12:20 - 2015-03-18 18:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 12:20 - 2015-03-06 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-06 12:19 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-05 21:44 - 2015-03-05 21:51 - 00000066 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32 .txt
2015-03-05 13:49 - 2015-03-05 13:49 - 00000020 _____ () C:\Users\Wolf\defogger_reenable
2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt
2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk
2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar
2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL
2015-03-02 14:52 - 2015-03-17 14:03 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc
2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar
2015-03-02 12:27 - 2015-03-06 14:49 - 00155358 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar
2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe
2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat
2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL
2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat
2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log
2015-02-27 12:27 - 2015-03-12 23:53 - 00169836 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar
2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log
2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log
2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar
2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log
2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap
2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log
2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL
2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL
2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log
2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log
2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log
2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log
2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log
2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt
2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log
2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 01:46 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell
2015-03-18 23:57 - 2010-10-16 04:39 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\uTorrent
2015-03-18 23:01 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 22:25 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype
2015-03-18 19:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 19:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 19:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 19:00 - 2013-05-17 16:49 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BURN ISO VIRTUAL-DRIVE
2015-03-18 18:28 - 2010-10-15 22:08 - 00000000 ____D () C:\Windows\pss
2015-03-18 14:50 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress
2015-03-17 20:23 - 2015-02-09 12:34 - 06814674 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar
2015-03-16 22:23 - 2014-11-08 11:00 - 00001724 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini
2015-03-16 18:24 - 2014-09-11 23:49 - 00159943 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 15:44 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese
2015-03-15 18:56 - 2015-02-09 12:33 - 07407012 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar
2015-03-15 15:03 - 2013-06-02 20:07 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysExplor MenuEdit
2015-03-14 20:20 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 20:20 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 20:04 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe
2015-03-14 18:02 - 2010-10-15 21:48 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung & TroubleShoot
2015-03-13 07:46 - 2014-09-25 10:37 - 00002176 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-11 22:54 - 2012-09-27 19:49 - 00000000 ____D () C:\Users\Public\Documents\PhraseExpress
2015-03-11 20:45 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-11 09:11 - 2010-10-15 22:42 - 00329384 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-03-11 08:40 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox
2015-03-10 18:40 - 2010-10-15 21:09 - 00067296 _____ () C:\Users\Wolf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 18:40 - 2009-07-14 05:33 - 00307424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:24 - 2009-07-14 03:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_359
2015-03-10 11:43 - 2013-05-12 00:01 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Tools & Convert
2015-03-09 18:19 - 2014-11-12 18:09 - 00000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2015-03-09 04:09 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-09 04:09 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps
2015-03-09 04:09 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 12:11 - 2010-10-28 21:46 - 00007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2015-03-06 23:15 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram
2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ____D () C:\Program Files\Realtek
2015-03-06 22:27 - 2010-10-15 22:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-03-06 22:20 - 2010-10-15 21:55 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-06 17:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public
2015-03-06 12:21 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-05 22:06 - 2013-09-28 01:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Wächter u Reperatur
2015-03-05 21:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-05 13:49 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf
2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla
2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar
2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2015-03-02 13:35 - 2015-02-09 12:34 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar
2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2015-03-16 18:14 - 2015-03-16 18:14 - 1997800 _____ () C:\Program Files\2009Decoder.zip
2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs
2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf
2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe
2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu
2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu
2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt
2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP
2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini
2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt
2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für  Remoce Torrent.gms
2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe
2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP
2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe
2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe
2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat
2015-03-17 22:23 - 2013-05-01 11:28 - 0000029 _____ () C:\Program Files\Kill DropBox.bat
2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe
2015-03-17 22:23 - 2015-03-08 12:12 - 0000052 _____ () C:\Program Files\Kill Onedrive.bat
2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat
2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt
2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt
2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt
2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe
2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe
2015-03-16 18:15 - 2015-03-16 18:15 - 1665395 _____ () C:\Program Files\procexp1204.zip
2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg
2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe
2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt
2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL
2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini
2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak
2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!
2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko
2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini
2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache
2014-11-12 18:09 - 2015-03-09 18:19 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2010-10-28 21:46 - 2015-03-07 12:11 - 0007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db
2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log
2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Wolf\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolf\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Wolf\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 02:04

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Wolf at 2015-03-19 01:52:40
Running from C:\Users\Wolf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acronis True Image 2014 (HKLM\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
AquaSnap 1.12.1 (HKLM\...\{60CECC09-6E7B-4392-AA49-A6CBE1E2786C}) (Version: 1.12.1 - hxxp://www.nurgo-software.com?utm_source=AquaSnap&utm_medium=application&utm_campaign=continuous)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)
BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)
Boxcryptor 2.0 (HKLM\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
CrystalDiskInfo 6.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
Desktopsymbole ausblenden 0.1 (HKLM\...\{C2424372-6F72-4364-9DDE-D0D28113F5D1}_is1) (Version:  - XProfan.Com)
DirComp (HKLM\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
GhostMouse 2.0 (HKLM\...\GhostMouse 2.0) (Version:  - )
Granola (HKLM\...\{9B0E7CB3-A6A8-4E2C-80E3-2188B8B035CB}) (Version: 5.0.1 - MiserWare, Inc.)
HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version:  - EFD Software)
HDD Regenerator (HKLM\...\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}) (Version: 20.11.0011 - Abstradrome)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
ISO Workshop 5.5 (HKLM\...\ISO Workshop_is1) (Version:  - Glorylogic)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Encarta 99 Enzyklopädie (HKLM\...\Encarta99D) (Version: 99D - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Moo0 RightClicker 1.47 (HKLM\...\Moo0 RightClicker) (Version:  - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Volumouse (HKLM\...\Volumouse) (Version:  - )
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.198.198.0 - Tracker Software Products Ltd)
PhraseExpress v10.5.35 (HKLM\...\PhraseExpress_is1) (Version: 10.5.35 - Bartels Media GmbH)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Right Click Enhancer 4.3.1 (HKLM\...\Right Click Enhancer) (Version: 4.3.1 - RBSoft, Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StrokeIt (Deutsch) (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt (Deutsch)) (Version:  - )
StrokeIt (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 3.0.0 (HKLM\...\System Explorer_is1) (Version:  - Mister Group)
Tweaking.com - Simple System Tweaker (HKLM\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - ArcSoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-03-10 18:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065E9E43-BEE6-4D82-8573-6D5DCD6737CD} - System32\Tasks\BoxCryptor 2-x, NEU => C:\Program Files\NEW Boxcryptor\Boxcryptor.exe [2014-04-08] (Secomba GmbH)
Task: {1B94BC7D-3534-4DE8-BF69-6CE2674920E2} - System32\Tasks\kill boxscrip => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {2CCD60D3-8578-4A89-9173-B99978307D7C} - System32\Tasks\AcronisDienst Stop => C:\Windows\system32\net.exe [2009-07-14] (Microsoft Corporation)
Task: {3E209D04-EA76-4D87-9F6D-260E407AA064} - System32\Tasks\Acronis Scheduler Dienst starten => C:\Windows\system32\Net.exe [2009-07-14] (Microsoft Corporation)
Task: {5E177179-7564-4584-AA37-B54FCE1DFFC6} - System32\Tasks\KILL DropBox => C:\Program Files\Kill DropBox.bat [2013-05-01] ()
Task: {7A42BEB4-A140-4454-9D7F-FFE774BE4E98} - System32\Tasks\WDR Philo-Sendung
Task: {7E0BB72C-E5C1-4325-8B34-B47DB0ADC89D} - System32\Tasks\BoxCryptor => C:\Program Files\BoxCryptor\BoxCryptor.exe [2012-06-07] (Secomba GmbH)
Task: {97CB342F-49F1-4D7D-AB86-4BA87F83B3D6} - System32\Tasks\Termin => C:\Users\Wolf\Desktop\Termin.txt
Task: {9FF061A7-6D8B-403A-826F-DD6ACB57DCA5} - System32\Tasks\AquaSnap => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [2015-02-23] (Nurgo-Software)
Task: {ACBA7AE2-0C7A-439B-9193-8484E1E11A41} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B675FB0B-C15F-4240-B8CA-2C5103AF92D4} - System32\Tasks\DropBox => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {C5A5E2F6-79A7-4DB0-BC01-286B414DDA8B} - System32\Tasks\Kill BoxScriptor NEU => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {E7C11865-CF8D-4952-B3C4-BA8575442A83} - System32\Tasks\Kill OneDrive => C:\Program Files\Kill Onedrive.bat [2015-03-08] ()
Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION
Task: {EEC1AEF6-BF1C-4341-A6DD-A6A15D6FD349} - System32\Tasks\KDE Mover => C:\Program Files\KDE Mover-Sizer for Windows\KDE Mover-Sizer.exe [2009-10-12] ()
Task: {EFD7ABDE-CAD3-4BE8-8DB5-7BAF310AF5FF} - System32\Tasks\Uhr auf Desk => C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE [2004-09-26] ()
Task: {F59D9840-21B6-4D4A-B607-74E74F77D052} - System32\Tasks\PhrasenProgramm => C:\Program Files\PhraseExpress\phraseexpress.exe [2014-10-23] (Bartels Media GmbH)
Task: {F7EC8DEF-0A23-4B1F-B9F7-BE086564B326} - System32\Tasks\Kill unsecapp.exe => C:\Program Files\Kill unsecapp.bat [2014-07-30] ()
Task: {FC488C27-8609-4CBE-B97E-F4E20B316AFC} - System32\Tasks\Uhr im Tray => C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe [2004-09-07] (Kazubon)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2011-06-25 03:54 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-11-16 02:13 - 2014-06-24 12:04 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe
2013-10-01 09:32 - 2013-10-01 09:32 - 02634920 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
2012-02-21 09:12 - 2012-02-21 09:12 - 00449264 _____ () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
2010-10-15 22:00 - 2004-09-26 11:59 - 00473600 _____ () C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE
2015-03-14 20:04 - 2015-03-14 20:04 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll
2014-12-25 12:00 - 2014-11-28 01:09 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-25 12:00 - 2014-11-28 01:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-25 12:00 - 2014-11-28 01:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2BE9FEFC
AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A
AlternateDataStreams: C:\ProgramData\TEMP:A5A1816B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AHDDC2 => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDDHealth => 2
MSCONFIG\Services: HDDlife HDD Access service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SearchAnonymizer => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^Wolf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bird.lnk => C:\Windows\pss\bird.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Wolf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^firefox - Verknüpfung.lnk => C:\Windows\pss\firefox - Verknüpfung.lnk.Startup
MSCONFIG\startupreg: Allway Sync => "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
MSCONFIG\startupreg: Classic Start Menu => "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
MSCONFIG\startupreg: Granola => "C:\Program Files\MiserWare\Granola Personal\granola.exe"
MSCONFIG\startupreg: IR_SERVER => C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
MSCONFIG\startupreg: OneDrive => "C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: StrokeIt => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2588859782-1139336777-623044890-500 - Administrator - Disabled)
Gast (S-1-5-21-2588859782-1139336777-623044890-501 - Limited - Disabled)
Wolf (S-1-5-21-2588859782-1139336777-623044890-1001 - Administrator - Enabled) => C:\Users\Wolf

==================== Faulty Device Manager Devices =============

Name: MpKslec0276e2
Description: MpKslec0276e2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslec0276e2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl2b051bfa
Description: MpKsl2b051bfa
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl2b051bfa
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl71523a7c
Description: MpKsl71523a7c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl71523a7c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKslc317aad9
Description: MpKslc317aad9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslc317aad9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 64%
Total physical RAM: 2047.3 MB
Available physical RAM: 731.61 MB
Total Pagefile: 5117.3 MB
Available Pagefile: 3666.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.67 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:29.3 GB) (Free:13.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Arch) (Fixed) (Total:68.36 GB) (Free:55.84 GB) NTFS
Drive e: (Back) (Fixed) (Total:175.78 GB) (Free:72.03 GB) NTFS
Drive f: (Dow) (Fixed) (Total:658.07 GB) (Free:564.1 GB) NTFS
Drive g: (USB Start 22 =C:) (Fixed) (Total:22.49 GB) (Free:22.37 GB) NTFS
Drive h: (Zweit WIN7) (Fixed) (Total:24.72 GB) (Free:24.63 GB) NTFS
Drive i: (Zweit ARCH) (Fixed) (Total:16.6 GB) (Free:16.46 GB) NTFS
Drive j: (Zweit BACK) (Fixed) (Total:33.21 GB) (Free:22.86 GB) NTFS
Drive l: (USB Archiv21=D:) (Fixed) (Total:29.45 GB) (Free:29.36 GB) NTFS
Drive m: (USB Backups250=E:) (Fixed) (Total:246.15 GB) (Free:153.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 5ADF567A)
Partition 1: (Not Active) - (Size=24.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=33.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F0E5415B)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=658.1 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: E0307819)
Partition 1: (Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Joshau · 19.03.2015, 11:58

Wenn ich richtig sehe, wurden also 21 Schädlinge attestiert? Die meisten davon mehrfach, weil von AllwaysSync legal in die Archive auf verschiedenen Festplatten/ Partitionen kopiert?

schrauber · 19.03.2015, 21:09

Die Funde kommen jetzt weg. Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OK44YEH\setup[1].exe

D:\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe

D:\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe

D:\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

D:\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

D:\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

E:\Archiv D\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

E:\Archiv D\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Revealer Keylogger.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Unlocker1.9.1.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

E:\OneDrive 1\OneDrive\Alles Andere\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

M:\OneDrive 2\OneDrive\Betriebs\1Allerlei\Unlocker1.9.1.exe

M:\OneDrive 2\OneDrive\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

M:\OneDrive 2\OneDrive\GrundProgs\Bildbetrachter InfranView\PSDViewer32Setup.exe

M:\OneDrive 2\OneDrive\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

M:\OneDrive 2\OneDrive\GrundProgs\X Andere\Bildbetrachter InfranView\PSDViewer32Setup.exe
Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

BEstehen aktuell noch Probleme mit dem System?

Joshau · 23.03.2015, 21:52

Hi Schrauber,

auf Seite 5 steckst Du also! Ich war schon kurz davor, per PN bei Dir anzufragen, weil mein Browser brav immer nur die Seite 4 neu geladen hatte, so dass ich vergeblich nach Dir Ausschau hielt: Problem gelöst!
Java geupdated, und unten das Fixlog von FRST; ein paar von den Programmen hatte ich bereits per Hand gelöscht.
Probleme gibt's derzeit keine, weder mit Win7 noch mit dem PC, im Gegenteil, so weit ich seh. Das System ist so schnell voll da, wie noch nie.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Wolf at 2015-03-23 21:38:39 Run:1
Running from C:\Users\Wolf\Desktop
Loaded Profiles: Wolf (Available profiles: Wolf)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OK44YEH\setup[1].exe

D:\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe

D:\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe

D:\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

D:\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

D:\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe

E:\Archiv D\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

E:\Archiv D\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

E:\Archiv D\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Revealer Keylogger.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Unlocker1.9.1.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe

E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

E:\OneDrive 1\OneDrive\Alles Andere\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

M:\OneDrive 2\OneDrive\Betriebs\1Allerlei\Unlocker1.9.1.exe

M:\OneDrive 2\OneDrive\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe

M:\OneDrive 2\OneDrive\GrundProgs\Bildbetrachter InfranView\PSDViewer32Setup.exe

M:\OneDrive 2\OneDrive\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe

M:\OneDrive 2\OneDrive\GrundProgs\X Andere\Bildbetrachter InfranView\PSDViewer32Setup.exe
Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************

"C:\Users\Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OK44YEH\setup[1].exe" => File/Directory not found.
D:\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe => Moved successfully.
"D:\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe" => File/Directory not found.
D:\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe => Moved successfully.
"D:\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe" => File/Directory not found.
D:\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe => Moved successfully.
"E:\Archiv D\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe" => File/Directory not found.
"E:\Archiv D\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe" => File/Directory not found.
"E:\Archiv D\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe" => File/Directory not found.
"E:\Archiv D\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe" => File/Directory not found.
E:\Archiv D\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe => Moved successfully.
E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Revealer Keylogger.exe => Moved successfully.
E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Unlocker1.9.1.exe => Moved successfully.
E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe => Moved successfully.
E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe => Moved successfully.
E:\OneDrive 1\OneDrive\Alles Andere\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe => Moved successfully.
"M:\OneDrive 2\OneDrive\Betriebs\1Allerlei\Unlocker1.9.1.exe" => File/Directory not found.
"M:\OneDrive 2\OneDrive\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe" => File/Directory not found.
"M:\OneDrive 2\OneDrive\GrundProgs\Bildbetrachter InfranView\PSDViewer32Setup.exe" => File/Directory not found.
"M:\OneDrive 2\OneDrive\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe" => File/Directory not found.
"M:\OneDrive 2\OneDrive\GrundProgs\X Andere\Bildbetrachter InfranView\PSDViewer32Setup.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB580139-7CF9-4A64-9C6E-2580F18F9994}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB580139-7CF9-4A64-9C6E-2580F18F9994}" => Key deleted successfully.
C:\Windows\System32\Tasks\CrystalDiskInfo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CrystalDiskInfo" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 410.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:39:51 ====

schrauber · 24.03.2015, 10:38

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Joshau · 26.03.2015, 13:34

Lieber Schrauber,

das CleanUp habe ich jetzt gemacht, ich bin mit dem technischen Ergebnis* Deines intensiven Einsatzes hier vollständig zufrieden. Meinem großen Dankeschön! werde ich gerne eine Spende für dies Forum hinzufügen, ergänzt um folgendes Angebot: Solltest Du Interesse haben, Deine Träume methodisch psychoanalytisch zu erforschen (- der reinen Wissbegierde wegen, sowie des Grundes, dass sich auch auf diesem Gebiet Infektionen mit 'Schadcode' leider nie vollständig ausschließen lassen), so kannst Du dafür jederzeit mit meinem Beistand rechnen.

/* Eine kleine Kritik, von der ich nicht wirklich beurteilen kann, ob sie überhaupt berechtigt sei, hatte ich oben irgendwo angedeutet: Mir ist nicht klar geworden, ob mein PC tatsächlich von aktiv werkelnden Trojanern u.d.g. befallen war - ein leicht zu verkraftender Makel, da ich ihn nur der Perspektive Deiner hohen Professionalität anlaste, kombiniert mit der Dir wahrscheinlich fehlenden Zeit, mich Laien etwas näher in die Feinheiten Deiner Arbeit einzuweihen.

Es ist mir eine Ehre, Dich ein wenig kennen gelernt zu haben!
Dein J.

schrauber · 26.03.2015, 19:25

Stimmt, aufgrund der hohen Anzahl User geht das immer irgendwie ein wenig unter, sorry

15.03.2015, 20:04	#32
schrauber /// the machine /// TB-Ausbilder	Win7 friert manchmal ein, oder hat Bluescreen beim Start ich hab jetzt zwar nur die Hälfte verstanden, aber der letzte Satz klingt gut __________________ __________________

17.03.2015, 07:28	#34
schrauber /// the machine /// TB-Ausbilder	Win7 friert manchmal ein, oder hat Bluescreen beim Start Schau im im Ordner C:\Qoobox, bitte den Inhalt dieser Datei posten: ComboFix-quarantined-files.txt __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

26.03.2015, 19:25	#45
schrauber /// the machine /// TB-Ausbilder	Win7 friert manchmal ein, oder hat Bluescreen beim Start Stimmt, aufgrund der hohen Anzahl User geht das immer irgendwie ein wenig unter, sorry __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7 friert manchmal ein, oder hat Bluescreen beim Start

Log-Analyse und Auswertung: Win7 friert manchmal ein, oder hat Bluescreen beim Start