Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner - LOG File Analysieren und Bereinigen (https://www.trojaner-board.de/137857-gvu-trojaner-log-file-analysieren-bereinigen.html)

scott82 07.07.2013 18:56
GVU Trojaner - LOG File Analysieren und Bereinigen
 
Hallo Liebes Board,

ich habe mir den GVU Trojaner eingefangen und mit Farbars Recovery Scan Tool die Log erstellt.

Der Username wurde absichtlich nach erstellung der txt geändert.
Vielen Dank für Eure Hilfe.

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 07-07-2013 21:34:48
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-01 12:35 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip
2013-06-07 00:37 - 2013-07-04 18:24 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5308.68 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.6 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================

schrauber 07.07.2013 20:30
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
c:\users\administrator\appdata\local\temp\*.*
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

scott82 07.07.2013 21:02
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-07 23:58:22 Run:2
Running from I:\
Boot Mode: Recovery
==============================================

"c:\users\administrator\appdata\local\temp\*.*" => Could not move.

==== End of Fixlog ====

schrauber 08.07.2013 07:26
Poste bitte mal ein frisches FRST Log aus der Recovery.

scott82 08.07.2013 18:30

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:13:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5307.96 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive h: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================
--- --- ---

schrauber 08.07.2013 18:34
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

scott82 08.07.2013 18:48
FIXLOG
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-08 21:45:48 Run:7
Running from J:\
Boot Mode: Recovery
==============================================

W32Time => Service not found.
WajamUpdater => Service not found.
PCDSRVC{6368CD8C-4B9A13B6-06020200}_0 => Service not found.
"c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y" => File/Directory not found.

==== End of Fixlog ====
Neuer Scan nach dem letzten Fixlog

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:45:56
Running from J:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Putzmunter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\Putzmunter\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\Putzmunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\Putzmunter
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\Putzmunter\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Putzmunter\putzmunter
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\Putzmunter\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\Putzmunter\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5309.66 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5298.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive j: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=3 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================
--- --- ---

--- --- ---


ICh habe mir gerade mal den Bluescreen genauer angesehen.
Als fehlercode kommt am Ende 12A
Laut Google ist das das LanguagePack. Hat das eine tiefere bedeutung oder ist das bei dem Trojaner unwichtig.

schrauber 08.07.2013 21:09
Poste mal den kompletten Bluescreen Inhalt.

scott82 14.07.2013 17:52
Kann sein das ich eine Null zuviel drin habe ;)

Code:
A problem has been detected and windows has denn shut down to
prevent damage to your computer.

Windows did not find any installed, licensed language packs for the system
defauls UI language.

If this is the first time you,ve seen this Stop error screen, restart your computer.
If this screen appears again, follow these steps:

Chekc to make sure any new hardware or software is properly installed.

If problems continue, disable or remove any newly installed hardware or software.
Disable BIOS memory options such as cahing or shadowing. If you need to use Safe
Mde to remove or disable components, restart your computer, press F8 to select
Advaned Startup Options, and then select safe mode.

Technical Information:

*** STOP: 0x0000012A (0x0000000000000001,0x0000000000000046,
0x0000000000000000,0x00000000000000000)

schrauber 14.07.2013 19:03
Startreparatur von der WIndows DVD machen :)

scott82 14.07.2013 19:54
leider habe ich grade die windows dvd nicht da, und hier ist nur ein rechner mit ner recovery partion. Somit habe ich die reparatur nicht von dvd sondern vom system aus gestartet.

Leider erfolglos.

INFO:
Problemereignisname: StartupRepairOffline
Problemsignatur 01: 6.1.7600.16385
Problemsignatur 02: 6.1.7600.16385
Problemsignatur 03: unknown
Problemsignatur 04: 21200057
Problemsignatur 05: AutoFailover
Problemsignatur 06: 9
Problemsignatur 07: NoRootCause6.1.7600.2.0.0.256.1
Gebietsschema-ID: 1031

schrauber 14.07.2013 21:38
Kannst die DVD organisieren?

scott82 15.07.2013 17:06
Ja. Werde ich heute abend testen.

schrauber 15.07.2013 19:16
ok :)

scott82 16.07.2013 19:07
Hat auch nicht geklappt.
Rechner ist nun formatiert.

Ich dank dir für deine tatkräftige Unterstützung. Aber ich denke so war es der beste weg.

Thread closed


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131