Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update (https://www.trojaner-board.de/163586-windows-7-update-code-8008005-unbekannte-fehler-windows-update.html)

AnnoMK 04.02.2015 15:22
Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Trojanerboard Team,

letztes Jahr hatte ich Probleme mit dem Start von Windows auf meinem Desktop-PC.
Die Profile wurden nicht geladen. Erst nach mehrere Versuche klappte es. Für mich sah das nach Virus aus und ich setzte mein System zurück (mir Recovery CD).

Mindestens seitdem funktioniert mein Windows Update nicht mehr (Manuel auch nicht).
Nochmal zurücksetzen hat nicht geholfen. Ich habe ziemlich alles ausprobiert, was im Netz zu finden war. Erfolglos!

Die Fehlermeldung lautet genau:
Code 8008005 Unbekannte Fehler bei Windows Update

Sonst ist alles normal mit meinem PC. Keine Meldungen von Viren und Malware.
NUR wenn ich mich unter meinem Administrator Profil anmelde (sonst nicht), kommt beim Start eine DLL-Fehlemeldung. Screenshot davon habe ich gepostet (.pdf).


sfc \scannow - hat auch nicht geholfen.
http://www.trojaner-board.de/91139-s...x80080005.html


Wenn mir jemand helfen kann, bevor ich das System neuaufsetzen muss, wäre ich sehr dankbar

VG

schrauber 04.02.2015 17:48
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

AnnoMK 04.02.2015 22:22
Ok danke!

Die Fehlermeldung beim Starten des Administratorsprofils lautet:

"RunDLL

Problem beim Starten von
C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

Das angegebene Modul wurde nicht gefunden.
"





defogger
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:23 on 04/02/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
FRST



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Admin (administrator) on SILENT on 04-02-2015 14:33:31
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe /tray
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1531528 2015-01-10] (AVAST Software)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [uTorrent] => "C:\Windows\TEMP\avast_ash\uTorrent (current user)\uTorrent.exe"  /MINIMIZED <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {53C81C2F-5834-42F2-8CAB-E09DC929E098} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a22b8286-29db-4ccd-b6ec-18f216374e2b&apn_sauid=02D49FA5-8766-431C-9B5F-A48F2098793E
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-04] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe
2015-02-04 14:33 - 2015-02-04 14:33 - 00021191 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-04 14:33 - 2015-02-04 14:33 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000000 ____D () C:\FRST
2015-02-04 14:32 - 2015-02-04 14:32 - 01122304 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-01-31 17:32 - 2015-01-31 17:32 - 00000206 _____ () C:\Users\User\Desktop\Untitled.URL
2015-01-30 20:36 - 2015-01-30 20:36 - 02460763 _____ () C:\Users\User\Desktop\sammeldownload_20150130_203618.zip
2015-01-29 07:16 - 2015-01-31 08:38 - 4028379289 _____ () C:\Users\User\Downloads\Fury.2014.720p.BRRip.x264.AC3-EVO.mkv
2015-01-28 19:47 - 2015-01-28 20:13 - 472306888 _____ () C:\Users\User\Downloads\20.000.Days.on.Earth.2014.LiMiTED.BDRiP.X264-TASTE.mkv
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-21 10:18 - 2015-01-21 10:18 - 00000000 ____D () C:\Users\User\Desktop\Zeugnis
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-12 07:22 - 2015-01-12 07:22 - 00001829 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC - Verknüpfung.lnk
2015-01-11 20:57 - 2015-01-11 20:57 - 00916668 _____ () C:\Users\User\Desktop\lic-10.01.rar
2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____D () C:\Users\User\Desktop\lic-10.01
2015-01-10 19:58 - 2015-01-10 19:58 - 00057387 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC.srt
2015-01-10 15:09 - 2015-01-10 15:09 - 00311481 _____ () C:\Users\User\Downloads\Sing mit mir - Kinderlieder - YouTube.htm
2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 14:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-04 14:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 14:28 - 2013-07-07 16:59 - 00302240 _____ () C:\Windows\setupact.log
2015-02-04 14:28 - 2011-01-27 09:18 - 01355152 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 14:25 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-04 14:25 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-04 14:25 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-04 14:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-04 14:00 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:46 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-01 18:55 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-01 13:46 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 20:01 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 08:15 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 20:44 - 2012-04-14 07:29 - 04097536 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-08 23:58 - 2013-07-08 06:51 - 00157928 _____ () C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\BitAD12.tmp.exe
C:\Users\Admin\AppData\Local\Temp\FreeStudio.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\tmp910A.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\tmp41EF.exe
C:\Users\User\AppData\Local\Temp\tmpD197.exe
C:\Users\User\AppData\Local\Temp\utt5F59.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2011-10-23 13:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---




Addition


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Admin at 2015-02-04 14:34:34
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS Ver.2.01 (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.01 - GIGABYTE)
µTorrent (HKU\.DEFAULT\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Acronis*Disk*Director*11*Home (HKLM\...\{06E34C00-0446-4176-81C8-A5DAFE53CA36}) (Version: 11.0.2121 - Acronis)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Als HTML speichern (Version: 1.0.0.0 - Visio Corporation) Hidden
Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Anzeige von CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
ArcGIS Desktop (HKLM\...\ArcGIS Desktop) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager (HKLM\...\ArcGIS License Manager) (Version:  - )
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version:  - AVM Berlin)
Beispiele für den Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Benutzerdefinierte Muster (Version: 1.0.0.0 - Visio Corporation) Hidden
Beschriftungen und Verbinder (Version: 1.0.0.0 - Visio Corporation) Hidden
Blockdiagramm (Version: 1.0.0.0 - Visio Corporation) Hidden
CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Clipart und Symbole (Version: 1.0.0.0 - Visio Corporation) Hidden
DAO (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenbankassistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenfeld-Berichts-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenfeld-Editor (Version: 1.0.0.0 - Visio Corporation) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version:  - )
EndNote X2 (HKLM\...\{002B1E90-3241-4D45-8831-E89020F8E7E6}) (Version: 12.0.0.3252 - Thomson ResearchSoft)
Energy Saver Advance B10.0309.1 (HKLM\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Flußdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Formulare und Diagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Free AVI Video Converter version 5.0.24.430 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free Studio version 6.4.1.1215 (HKLM\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1028 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1028 - DVDVideoSoft Ltd.)
G DATA Logox4 Speechengine (HKLM\...\lgx4.lgx.server) (Version:  - G DATA Software AG)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Grafikfilter (Version: 1.0.0.0 - Visio Corporation) Hidden
GSview 4.9 (HKLM\...\GSview 4.9) (Version:  - )
Help for Visio 2000 (HTML Help) (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Beschriftungen und Verbindern (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Blockdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Clipart und Symbolen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Developing Visio Solutions (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Flußdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Formularen und Diagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Gebäudeinstallationen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Netzwerkdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Organigrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Programmdateien (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Projektplänen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Rahmen und Hintergründen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Raumplänen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Facilities-Management (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Maschinenbau (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Elektrotechnik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Gebäude- und Landschaftsarchitektur (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Pneumatik/Hydraulik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Verfahrenstechnik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe_Technical (Version: 1.0.0.0 - Visio Corporation) Hidden
HP Scanjet N8400 Document ISIS/TWAIN (HKLM\...\HP Scanjet N8400 Document ISIS/TWAIN) (Version:  - )
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version:  - )
IsoBuster 2.5 (HKLM\...\IsoBuster_is1) (Version: 2.5 - Smart Projects)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden
Lernwerkstatt 8 (HKLM\...\InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}) (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 8 (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
LightScribe System Software  1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lösungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MATLAB R2008a (HKLM\...\MatlabR2008a) (Version: 7.6 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MosChip PCI Multi-IO Controller (HKLM\...\ASIX Electronics Corporation) (Version:  - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MV2Player (remove only) (HKLM\...\MV2Player) (Version:  - )
Nero 7 Essentials (HKLM\...\{714ACFF3-B8A3-4AD6-937B-13C833D71033}) (Version: 7.03.1054 - Nero AG)
Netzwerkdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Organigramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Platform (Version: 1.38 - VIA Technologies, Inc.) Hidden
Programmdateien (Version: 06.00.0000 - Visio Corporation) Hidden
Programmdateien für Technical (Version: 1.0.0.0 - Visio Corporation) Hidden
Projektpläne (Version: 1.0.0.0 - Visio Corporation) Hidden
Python 2.5 numpy-1.0.3 (HKLM\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM\...\Python 2.5.1) (Version:  - )
Rahmen und Hintergründe (Version: 1.0.0.0 - Visio Corporation) Hidden
Raumplan (Version: 1.0.0.0 - Visio Corporation) Hidden
Rechtschreibung (Version: 1.0.0.0 - Visio Corporation) Hidden
Seitenlayout-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Sentinel Protection Installer 7.2.2 (HKLM\...\{6DC0632A-A838-4B34-AC19-0FA18E1C533C}) (Version: 7.2.2 - SafeNet, Inc.)
Shape-Explorer (Version: 1.0.0.0 - Visio Corporation) Hidden
Shape-Explorer-Hilfe (Version: 1.0.0.0 - Visio Corporation) Hidden
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Technische Grundlage (Version: 1.0.0.0 - Visio Corporation) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VBA (2816b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Versionshinweise (Version: 1.0.0.0 - Visio Corporation) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visio (Version: 1.0.0.0 - Visio Corporation) Hidden
Visio 2000 (DE) (HKLM\...\{49D23765-6C69-11d3-A508-00C04F44A9DA}) (Version: 6.0.0.1 - Visio Corporation)
Visio Core Files (Version: 06.00.0000 - Visio Corporation) Hidden
Visio Technical Core Files (Version: 06.00.0000 - Visio Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 Codec Pack 3.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version:  - Windows 7 Codec Pack)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinEdt (HKLM\...\WinEdt_is1) (Version:  - WinEdt Team)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{B45E6B9B-8498-49A5-BDD7-2A049553DF05}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
ZoneAlarm Antivirus (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
Zusatzprogramme (Version: 1.0.0.0 - Visio Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Conduit\Community Alerts\Alert.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D2068CA-98B7-46D2-90F4-EEC86AB36C29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {0F8C498D-146D-4D1B-A80C-9B2F52760891} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cd91fd4699c637 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {17D04C56-59F8-418C-BD72-1FE3CBAF3995} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2DAC72C0-DA6C-4FF7-9226-123CD5C054DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2DED3E61-EB82-4B4B-960A-8DB9595408A1} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {3A0343E9-1088-4058-8A97-7EC2CC39BFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {4137C5EF-5C16-4135-AC1B-393D77ECFCB9} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {49B488D5-ED25-49CD-83BC-82123A14F710} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cef5bf5acd6d4b => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {5BFF9A07-C862-4DC0-B62B-6B99F4D64321} - System32\Tasks\{EA81775A-869C-4984-84FC-520C0597BC25} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {5CE1EB40-A527-47A7-8FC3-C68BEA0FC98D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6177550B-0D66-4814-B8F3-262275873F33} - System32\Tasks\{52FEB432-4D96-44A6-B294-86F0028199AA} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {639E1E83-D257-4AFE-AF0D-DFDD66C3B90C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {862EC62B-EEB1-462C-B840-DEA8712F93F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Silent-User Silent => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {92A68DEC-BFF9-4E52-B133-C7CA4BFA0C21} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AB70FD0A-04CF-4BA5-9633-439BF8ED035A} - System32\Tasks\{2FEF53D1-AE31-42E0-9855-1460C2351322} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
Task: {C11775A4-DF12-4B4A-BD80-710F594FEADF} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {C75190C9-BD95-4518-ACFA-AE08595EE25C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C9524F47-9034-4F1E-83C9-51C224901618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {D562A9F1-EB34-4614-967F-CCED43B07B21} - System32\Tasks\{B6192244-1970-4355-A564-BFEA7AC4B45F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {EBC62328-373D-4F54-9A0C-3AE5D10034A9} - System32\Tasks\{9008979A-65BA-4E20-A15C-F8BC4EEC357C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=404&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {F396D518-C0A9-48E1-B4C4-DACC215E0130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {F7463A04-3EAB-47F6-A998-76E8231C52D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-02-04 13:37 - 2015-02-04 13:37 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020400\algo.dll
2010-09-27 11:03 - 2010-09-27 11:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00054544 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00015360 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00016384 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019968 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00011264 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00102400 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2011-10-27 17:59 - 2008-08-02 09:57 - 01757184 _____ () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
2011-02-13 20:48 - 2009-12-02 19:40 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
2011-02-13 20:48 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00726288 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00030208 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00025600 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00541968 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2010-09-29 18:30 - 2010-09-29 18:30 - 02139400 _____ () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
2014-11-23 15:58 - 2014-11-23 15:58 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2011-04-10 16:40 - 2006-09-16 21:19 - 00126976 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 22:53 - 2009-04-22 22:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2010-10-29 21:01 - 2010-10-29 21:01 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2010-10-29 21:02 - 2010-10-29 21:02 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2012-01-18 07:43 - 2012-01-18 07:43 - 00183320 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2010-11-25 21:46 - 2010-11-25 21:46 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-27 07:58 - 2015-01-27 07:58 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00028712 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedClipboard.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00042616 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDragAndDropSvc.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00040056 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxGuestControlSvc.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 01129784 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM64.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 01274448 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00198152 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD2.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00037984 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedFolders.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\User\Downloads\Baby-Besuch.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-1086903118-4148874774-2401624160-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1086903118-4148874774-2401624160-500 - Administrator - Disabled)
Guest (S-1-5-21-1086903118-4148874774-2401624160-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086903118-4148874774-2401624160-1002 - Limited - Enabled)
User (S-1-5-21-1086903118-4148874774-2401624160-1001 - Limited - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 01:52:58 PM) (Source: MsiInstaller) (EventID: 11605) (User: Silent)
Description: Product: LWS Pictures And Video -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 13.436 KB are required, but only 6.400 KB are available. Click Ignore to continue the install without saving recovery information, click Retry to check for available space again, or click Cancel to quit the installation.

Error: (02/04/2015 01:46:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (02/01/2015 10:28:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/01/2015 10:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/01/2015 10:28:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/01/2015 10:27:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/01/2015 07:42:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (01/31/2015 00:36:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/31/2015 00:36:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/31/2015 00:36:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/04/2015 02:26:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (02/04/2015 02:26:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (02/04/2015 02:26:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2015 02:25:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450

Error: (02/04/2015 01:39:40 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (02/04/2015 01:39:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450

Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (02/04/2015 01:37:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2015 01:36:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450


Microsoft Office Sessions:
=========================
Error: (01/14/2015 10:03:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/12/2015 07:25:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/25/2014 09:23:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/09/2014 06:42:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/03/2014 09:45:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/01/2014 09:40:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/27/2014 09:03:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/08/2014 07:35:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/07/2014 08:53:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/29/2014 07:11:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3582.3 MB
Available physical RAM: 2065.41 MB
Total Pagefile: 23024.58 MB
Available Pagefile: 20757.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.99 GB) (Free:9.25 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (bie786) (CDROM) (Total:2.23 GB) (Free:0 GB) CDFS
Drive j: () (Fixed) (Total:228 GB) (Free:3.96 GB) NTFS
Drive w: (S******) (Fixed) (Total:400 GB) (Free:77.72 GB) NTFS
Drive x: (M******) (Fixed) (Total:1137.66 GB) (Free:66.04 GB) NTFS
Drive z: (Z******) (Fixed) (Total:325.23 GB) (Free:282.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F2BCDD92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=228 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 624F7BFE)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End Of Log ============================
Gmer

Code:
GMER Logfile:

       
Code:

       
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-04 14:52:59
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD322GJ rev.1AR10001 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\agldypow.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwAddBootEntry [0x9242AAC4]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwAllocateVirtualMemory [0x924E60BA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwAssignProcessToJobObject [0x9242B5A2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateEvent [0x9243763C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateEventPair [0x92437688]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateIoCompletion [0x92437822]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateMutant [0x924375AA]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwCreateSection [0x924E6494]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateSemaphore [0x924375F2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwCreateThread [0x924E6724]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwCreateThreadEx [0x924E680E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateTimer [0x924377DC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDebugActiveProcess [0x9242C390]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDeleteBootEntry [0x9242AB2A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDuplicateObject [0x9242FB86]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwLoadDriver [0x9242A716]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwMapViewOfSection [0x924E6574]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwModifyBootEntry [0x9242AB90]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwNotifyChangeKey [0x9242FF7C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwNotifyChangeMultipleKeys [0x9242CE78]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenEvent [0x92437666]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenEventPair [0x924376AA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenIoCompletion [0x92437846]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenMutant [0x924375D0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenProcess [0x9242F47E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenSection [0x9243775A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenSemaphore [0x9243761A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenThread [0x9242F86A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenTimer [0x92437800]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwProtectVirtualMemory [0x924E6312]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwQueryObject [0x9242CCEC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwQueueApcThreadEx [0x9242C9FA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetBootEntryOrder [0x9242ABF6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetBootOptions [0x9242AC5C]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwSetContextThread [0x924E6670]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetSystemInformation [0x9242A7B0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetSystemPowerState [0x9242A982]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwShutdownSystem [0x9242A910]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSuspendProcess [0x9242C55A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSuspendThread [0x9242C6BC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSystemDebugControl [0x9242AA0A]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwTerminateProcess [0x924E63E0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwTerminateThread [0x9242C1EA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwVdmControl [0x9242ACC2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                ZwWriteVirtualMemory [0x924E6244]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                       8325E539 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                83283092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!RtlSidHashLookup + 224                                                                   8328A884 4 Bytes  [C4, AA, 42, 92]
.text  ntkrnlpa.exe!RtlSidHashLookup + 24C                                                                   8328A8AC 4 Bytes  [BA, 60, 4E, 92]
.text  ntkrnlpa.exe!RtlSidHashLookup + 2AC                                                                   8328A90C 4 Bytes  [A2, B5, 42, 92]
.text  ntkrnlpa.exe!RtlSidHashLookup + 300                                                                   8328A960 8 Bytes  [3C, 76, 43, 92, 88, 76, 43, ...] {CMP AL, 0x76; INC EBX; XCHG EDX, EAX; MOV [ESI+0x43], DH; XCHG EDX, EAX}
.text  ntkrnlpa.exe!RtlSidHashLookup + 30C                                                                   8328A96C 4 Bytes  [22, 78, 43, 92] {AND BH, [EAX+0x43]; XCHG EDX, EAX}
.text  ...                                                                                                  
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                           8348865A 4 Bytes  CALL 9242D55F \SystemRoot\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                          83490734 4 Bytes  CALL 9242D575 \SystemRoot\system32\drivers\aswSnx.sys
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x93231000, 0x3617E0, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1820] kernel32.dll!SetUnhandledExceptionFilter     769730E2 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtCreateFile                             772D4870 5 Bytes  JMP 59659AE0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtFlushBuffersFile                       772D4C00 5 Bytes  JMP 5963C434 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtQueryFullAttributesFile                772D5290 5 Bytes  JMP 5963C150 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtReadFile                               772D5560 5 Bytes  JMP 5963C330 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtReadFileScatter                        772D5570 5 Bytes  JMP 5A05F60F C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtWriteFile                              772D5D10 5 Bytes  JMP 5965A9F0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!NtWriteFileGather                        772D5D20 5 Bytes  JMP 5A05F5BE C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!LdrUnloadDll                             772EBEAF 5 Bytes  JMP 000703FC
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] ntdll.dll!LdrLoadDll                               772EF5B5 5 Bytes  JMP 6D311F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 16F     7696C057 7 Bytes  JMP 59F84AA0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] KERNEL32.dll!CloseHandle + 38                      7697058F 7 Bytes  JMP 59F84AC3 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] KERNEL32.dll!GetExitCodeProcess + 2C               769730DD 7 Bytes  JMP 596563D0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] user32.dll!GetWindowInfo                           756F6A82 5 Bytes  JMP 59E7B991 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4136] GDI32.dll!GetViewportOrgEx + 21C                   76A085EB 7 Bytes  JMP 59F84A21 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4184] kernel32.dll!SetUnhandledExceptionFilter      769730E2 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                   C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x5F 0x14 0xF3 0x78 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                       C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x5F 0x14 0xF3 0x78 ...

---- EOF - GMER 2.1 ----

--- --- ---

schrauber 05.02.2015 10:19
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

AnnoMK 05.02.2015 11:01
Voilà !

Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-02-02.01 - Admin 05.02.2015  10:31:52.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.1.1033.18.3582.2210 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\User\4.0
c:\windows\IsUn0407.exe
c:\windows\system32\AdobePDF.dll
c:\windows\system32\regobj.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-05 to 2015-02-05  )))))))))))))))))))))))))))))))
.
.
2015-02-04 21:29 . 2015-02-04 21:56        --------        d-----w-        c:\users\TEMP.Silent.004
2015-02-04 15:22 . 2015-02-04 21:09        --------        d-----w-        c:\users\TEMP.Silent.003
2015-02-04 13:33 . 2015-02-04 13:35        --------        d-----w-        C:\FRST
2015-01-17 20:39 . 2015-01-17 20:42        --------        d-----w-        c:\users\TEMP.Silent.002
2015-01-09 00:14 . 2015-01-09 00:14        --------        d-----w-        c:\program files\ESET
2015-01-08 23:44 . 2015-01-08 23:44        --------        d-----w-        c:\program files\Free Codec Pack
2015-01-08 23:44 . 2015-01-08 23:46        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 09:46 . 2011-02-13 19:47        17488        ----a-w-        c:\windows\gdrv.sys
2015-02-04 12:46 . 2015-01-04 17:47        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-25 08:34 . 2012-08-11 07:14        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-01-25 08:34 . 2011-12-04 15:07        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-27 18:28 . 2011-04-04 18:46        736952        ----a-w-        c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-11-27 18:28 . 2011-04-04 18:36        2876528        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-11-27 18:27 . 2011-04-04 18:36        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-11-23 18:43 . 2014-11-23 18:43        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-11-23 14:59 . 2014-11-23 14:59        787800        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-11-23 14:59 . 2014-11-23 14:59        423784        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-11-23 14:58 . 2015-01-01 20:23        291352        ----a-w-        c:\windows\system32\aswBoot.exe
2014-11-23 14:58 . 2014-11-23 14:59        91496        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2014-11-23 14:58 . 2014-11-23 14:59        206248        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-11-23 14:58 . 2014-11-23 14:59        70384        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 14:58 . 2014-11-23 14:59        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 14:58 . 2014-11-23 14:59        81768        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-11-23 14:58 . 2014-11-23 14:59        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-11-23 14:58 . 2014-11-23 14:58        43152        ----a-w-        c:\windows\avastSS.scr
2014-11-21 05:14 . 2015-01-04 17:47        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2015-01-04 17:47        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2015-01-04 17:47        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-23 14:58        723976        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avast-Browser-Cleanup"="c:\program files\AVAST Software\Avast\BrowserCleanup.exe/RunOnce" [X]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-07-14 1173504]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-3-27 6144]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2014\mshaktuell.exe [2014-5-25 1428248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-05-30 179200]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-05-30 217600]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-23 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-23 423784]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-23 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-23 91496]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 54544]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-12-02 68136]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 726288]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 541968]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-23 218192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-23 3192344]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 586752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 08:34]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 14:06]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mSearch Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-BackgroundContainerV2 - c:\users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
AddRemove-TWAIN - c:\windows\IsUn0407.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2015-02-05  10:51:16 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-05 09:51
.
Pre-Run: 30 Verzeichnis(se), 11.079.073.792 Bytes frei
Post-Run: 36 Verzeichnis(se), 11.776.188.416 Bytes frei
.
- - End Of File - - A02D6BD8CFFEEE226A9A706B3F255D01

--- --- ---
C02F39C50B5CCF697A325E8C46E83639

schrauber 05.02.2015 13:11
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

AnnoMK 05.02.2015 14:15
Hi,

die Malwarebztes hatte ich schon und benutze es ab und zu.
Die RunDLL.Meldung ist weg nachdem Combofix.


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 13:37:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 518923
Verstrichene Zeit: 10 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Awdcleaner habe ich auch neuerdings ausgeführt. Es war kein Neustart erforderlich.


AdwCleaner Logfile:
Code:
# AdwCleaner v4.109 - Report created 05/02/2015 at 13:49:25
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Admin - SILENT
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\invalidprefs.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\user.js
Folder Found : C:\Program Files\Tbccint
Folder Found : C:\Program Files\Toolbar Cleaner
Folder Found : C:\Program Files\vGrabber-software
Folder Found : C:\ProgramData\DownloadManager
Folder Found : C:\Users\Admin\AppData\Local\Conduit
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Folder Found : C:\Users\Admin\AppData\Local\PackageAware
Folder Found : C:\Users\Admin\AppData\Local\Rich Media Player
Folder Found : C:\Users\Admin\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Admin\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\Admin\AppData\Roaming\goforfiles
Folder Found : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Users\User\AppData\Local\PackageAware
Folder Found : C:\Users\User\AppData\LocalLow\adawaretb
Folder Found : C:\Users\User\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\User\AppData\LocalLow\Conduit
Folder Found : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\User\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\User\AppData\Roaming\goforfiles
Folder Found : C:\Users\User\AppData\Roaming\Uniblue
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled Tasks ] *****

Task Found : Express FilesUpdate
Task Found : GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\ExpressFiles
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16869


-\\ Mozilla Firefox v35.0.1 (x86 de)

[rnb4l7cw.default] - Line Found : user_pref("CT2851647.isPerformedSmartBarTransition", "true");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.Uninstall", "0");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[rnb4l7cw.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q=");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q=");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=6a5edad3000000000000b[...]
[rnb4l7cw.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[rnb4l7cw.default] - Line Found : user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW");

-\\ Google Chrome v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=irst&f=4&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/errorhandler;_ylt=A7x9UnSPssJSuz8A6UK04IlQ?p={searchTerms}&fr2=sb-top&hspart=visicom&hsimp=yhse-lavasoft&type=lavasoft__adaware__0_9__yhse__antiphishing_dn__rp&rd=r1

*************************

AdwCleaner[R0].txt - [9679 octets] - [05/02/2015 13:49:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9739 octets] ##########
--- --- ---

[/CODE]




Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Admin on 05.02.2015 at 13:58:22,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\goforfilesupdate"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\downloadmanager"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\toolbar cleaner"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\smartbar
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\prefs.js

user_pref("CT2851647.1000234.TWC_TMP_city", "BERLIN");
user_pref("CT2851647.1000234.TWC_TMP_country", "DE");
user_pref("CT2851647.1000234.TWC_locId", "GMXX0007");
user_pref("CT2851647.1000234.TWC_location", "Berlin, Deutschland");
user_pref("CT2851647.1000234.TWC_region", "DE");
user_pref("CT2851647.1000234.TWC_temp_dis", "c");
user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
user_pref("CT2851647.CBOpenMAMSettings", "0");
user_pref("CT2851647.FirstTime", "true");
user_pref("CT2851647.FirstTimeFF3", "true");
user_pref("CT2851647.LoginRevertSettingsEnabled", true);
user_pref("CT2851647.RestartDialogFirstTime", "false");
user_pref("CT2851647.RestartDialogShouldDisplay", "false");
user_pref("CT2851647.RevertSettingsEnabled", true);
user_pref("CT2851647.UserID", "UN08223856081246883");
user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2851647.autoDisableScopes", -1);
user_pref("CT2851647.cbcountry_001", "DE");
user_pref("CT2851647.cbfirsttime.enc", "U2F0IEF1ZyAxOCAyMDEyIDE5OjEwOjM4IEdNVCswMjAw");
user_pref("CT2851647.countryCode", "DE");
user_pref("CT2851647.defaultSearch", "FALSE");
user_pref("CT2851647.enableAlerts", "always");
user_pref("CT2851647.enableFix404ByUser", "FALSE");
user_pref("CT2851647.enableSearchFromAddressBar", "FALSE");
user_pref("CT2851647.firstTimeDialogOpened", "true");
user_pref("CT2851647.fixPageNotFoundError", "true");
user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2851647.fixUrls", true);
user_pref("CT2851647.fullUserID", "UN08223856081246883.UP.2136");
user_pref("CT2851647.homepageuserchanged", true);
user_pref("CT2851647.installId", "fftD807.tmp.exe");
user_pref("CT2851647.installType", "XPE");
user_pref("CT2851647.isCheckedStartAsHidden", true);
user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
user_pref("CT2851647.isNewTabEnabled", true);
user_pref("CT2851647.isPerformedSmartBarTransition", "true");
user_pref("CT2851647.lastVersion", "10.35.0.503");
user_pref("CT2851647.migrateAppsAndComponents", true);
user_pref("CT2851647.openThankYouPage", "true");
user_pref("CT2851647.openUninstallPage", "FALSE");
user_pref("CT2851647.performedDomainChangesMigration", "true");
user_pref("CT2851647.scriptSource", "hxxp://127.0.0.1:10000/gui/");
user_pref("CT2851647.search.searchAppId", "129351532245275780");
user_pref("CT2851647.search.searchCount", "0");
user_pref("CT2851647.searchInNewTabEnabledByUser", "true");
user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
user_pref("CT2851647.searchSuggestEnabledByUser", "false");
user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1416753100930");
user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360423452690");
user_pref("CT2851647.serviceLayer_services_appTracking_lastUpdate", "1360423333832");
user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1360616294201");
user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360423333382");
user_pref("CT2851647.serviceLayer_services_login_10.10.20.14_lastUpdate", "1356886149326");
user_pref("CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360423333559");
user_pref("CT2851647.serviceLayer_services_login_10.14.42.7_lastUpdate", "1387015741893");
user_pref("CT2851647.serviceLayer_services_login_10.22.3.518_lastUpdate", "1388411826896");
user_pref("CT2851647.serviceLayer_services_login_10.23.0.822_lastUpdate", "1400745526687");
user_pref("CT2851647.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401446087072");
user_pref("CT2851647.serviceLayer_services_login_10.31.2.501_lastUpdate", "1416753100715");
user_pref("CT2851647.serviceLayer_services_login_10.35.0.503_lastUpdate", "1416755256193");
user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360423333163");
user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1416753100880");
user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1416753100774");
user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360423333305");
user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1416753100203");
user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1416753100403");
user_pref("CT2851647.settingsINI", true);
user_pref("CT2851647.shouldFirstTimeDialog", "false");
user_pref("CT2851647.showToolbarPermission", "false");
user_pref("CT2851647.smartbar.CTID", "CT2851647");
user_pref("CT2851647.smartbar.Uninstall", "0");
user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
user_pref("CT2851647.toolbarBornServerTime", "18-8-2012");
user_pref("CT2851647.toolbarCurrentServerTime", "23-11-2014");
user_pref("CT2851647.toolbarLoginClientTime", "Sat Dec 14 2013 11:35:53 GMT+0100");
user_pref("CT2851647.upgradeFromClearSBVersion", true);
user_pref("CT2851647.url_history0001", "hxxp://www.zalando.de/taschen-accessoires-taschen-damen/:::clickhandler:::1353844820448,,,hxxp://www.zalando.de/taschen-accessoires-tas
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&
user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&ts
user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&u
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW");
user_pref("valueApps.CT2851647.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2851647.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2851647.mam_gk_userBornDate.storedInFile", false);
user_pref("valueApps.storage.mam_gk_userId", "35363335333135642D653266662D343135302D396165372D326436613736303765646331");
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 14:00:17,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
das FRST hatte ich vergessen.



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Admin (administrator) on SILENT on 05-02-2015 14:12:51
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
S2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2015-02-05 14:00 - 2015-02-05 14:00 - 00011823 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner
2015-02-05 13:49 - 2015-02-05 13:51 - 00009819 _____ () C:\Users\Admin\Desktop\AdwCleaner[R0].txt
2015-02-05 13:48 - 2015-02-05 13:48 - 00001186 _____ () C:\Users\Admin\Desktop\mbam.txt
2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt
2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox
2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log
2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004
2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003
2015-02-04 14:52 - 2015-02-04 14:52 - 00012861 _____ () C:\Users\Admin\Desktop\Gmer.log
2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log
2015-02-04 14:34 - 2015-02-04 14:58 - 00040197 _____ () C:\Users\Admin\Desktop\Addition.txt
2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe
2015-02-04 14:33 - 2015-02-05 14:12 - 00018551 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-04 14:33 - 2015-02-05 14:12 - 00000000 ____D () C:\FRST
2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 13:39 - 2011-01-27 09:18 - 01394166 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-05 13:29 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-05 13:28 - 2013-07-07 16:59 - 00303752 _____ () C:\Windows\setupact.log
2015-02-05 13:28 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-05 13:28 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-05 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log
2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-04 22:07 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db
2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

==================== Files in the root of some directories =======

2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2011-10-23 13:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 05.02.2015 15:00

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

AnnoMK 05.02.2015 23:28
ESET hat Sachen gefunden. Wurden diese bei den gewählten Einstellungen gelöscht?

Windows Update geht nach wie vor nicht!!!!! :killpc:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=89ceb5887ed0f5488be2624916e1def7
# engine=22323
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 06:01:23
# local_time=2015-02-05 07:01:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 735856 7788494 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 711975 174790474 0 0
# scanned=850512
# found=22
# cleaned=0
# scan_time=13233
sh=F5EE1489F5BD5427F1EA65441E5DCCA924E31336 ft=1 fh=eae9470eeeee5c10 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\KbrokvVK\dat\rwvMMna.dll"
sh=72179DBF2A4CEBFDD86C2CF4F93F132901EF58AE ft=1 fh=248b5c7f1207a7c2 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Roaming\rmi\offer_downloader.exe"
sh=CB93BAD66A2CF65E904BE0DEEBFA9F6280DC9438 ft=1 fh=8a6e1371ef6c32ff vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=0E09656165324C583CA0B8436FF33ACEB4C5AFE6 ft=1 fh=b7026f1f27c2fa03 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll"
sh=5D8336F26518B2369F8980E0423535C0070327E5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip"
sh=FF28E21E32CAD198B64852130ACA1C19A05067DC ft=1 fh=cd51d5272c5878fb vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll"
sh=32D60DAEFF549FDAD23B2F9D5D311708B130C322 ft=1 fh=1b9f47df6137f750 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll"
sh=13140FCCCBAA29328B0A85FA4025587A41592E86 ft=1 fh=35424f93784fbad1 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe"
sh=A6E6CA8CEE1D4714B47C4DC569AF8EB32AED3FC0 ft=1 fh=879b9ffe556ed83c vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=AF2859B7659FC1B492BA982FC340D8C68C6F25BA ft=1 fh=b93f72d73566c42b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll"
sh=395BF6FD62990AE6A4ACDC49D71880938D9459A2 ft=1 fh=6c8501d774790c5f vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe"
sh=C6A703254761706EEF729C20EC9F0CA922A212C5 ft=0 fh=0000000000000000 vn="Variante von MSIL/RiskWare.TBKeylogger.A Anwendung" ac=I fn="W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi"
sh=40160FD00021E404D942C3CD038B8427F8A6A46F ft=1 fh=f4431d4f501bfec8 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe"
sh=F31EDC46C709BCFEDA3C36B7394167553923F5C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip"
sh=07DEB2D82D3738C4915DEC4BFE232826FFD84910 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar"

Code:
Results of screen317's Security Check version 0.99.95 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Java 7 Update 71 
 Java(TM) 6 Update 24 
 Java(TM) SE Development Kit 6 Update 25
 Java DB 10.6.2.1 
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Admin (administrator) on SILENT on 05-02-2015 23:00:00
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 23:00 - 2015-02-05 23:00 - 00018948 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-05 22:58 - 2015-02-05 22:59 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner
2015-02-05 22:58 - 2015-02-05 22:58 - 00001128 _____ () C:\Users\Admin\Desktop\checkup.txt
2015-02-05 22:42 - 2015-02-05 22:42 - 00852573 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-02-05 19:09 - 2015-02-05 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-05-18-09-59.049-AvastVBoxSVC.exe-3408.log
2015-02-05 15:05 - 2015-02-05 15:05 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner
2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt
2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox
2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log
2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004
2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003
2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log
2015-02-04 14:33 - 2015-02-05 23:00 - 00000000 ____D () C:\FRST
2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 22:57 - 2013-07-07 16:59 - 00304872 _____ () C:\Windows\setupact.log
2015-02-05 22:42 - 2011-01-27 09:18 - 01414633 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 22:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-05 22:30 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-05 21:33 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:07 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-05 19:07 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-05 19:07 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-05 19:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 19:01 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-05 16:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 16:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log
2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

==================== Files in the root of some directories =======

2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2011-10-23 13:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Kann e sein, dass es am fehlenden SirvicePAck liegt _!!!! :stirn::stirn::stirn::stirn::stirn:

schrauber 06.02.2015 10:35
Ich würde ja mal mit dem keygen und Crack Scheiss aufhören.....



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\KbrokvVK

C:\Users\Admin\AppData\Roaming\rmi

C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe

C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip

C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll

C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll

C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll

W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe

W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi

W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe

W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip

W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Servicepack 1 als Offline Installer laden, installieren. Wenn das klappt die 265 FolgeUPdates laden.

AnnoMK 06.02.2015 13:25
Grundsätzlich habe ich lange aufgehört. Aber anscheined gibt es noch alte Sünden...
W:\DELL... könnte ich komplet löschen, da es alte Kopie eines Laptop ist, das nicht mehr existiert. Ich hätte nicht gedacht, dass das ein Problem sein kann.

Gestern Abend vor deiner Antwort habe ich noch mal mit der Windows CD probiert und diesmal sah gut aus. Nur es war wenig Speicherplatz auf C. Ich konnte nicht genug bereinigen und deswegen dachte ich mir schnell mal die Partion vergrößern.

Leider gab es Meldung über Fehlerhafte sektoren und die Vergrößerung wurde nicht zu Ende gemacht. Jetzt zeigt mit die Datenträgerverwaltug, dass C: 95GB groß ist und und im Expolrerfenster nur 70GB (alter Zustand). Fehlerüberprüfung sagt alles ok. Ich habe mir den Tool Seatools heruntergeladen uund er sagt auch alles ok. C: lässt sich aber nicht wieder verkleinern (wegen Fehler). Ist ComboFIX passend dafür?

Wegen Update bin ich jetzt opimistisch. Nur was ist besser ertsmal Updaten oder Partion in Ordnung bringen?
Herzlichen Dank für deine Hilfe und ich mache am WE weiter

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-02-2015 01
Ran by Admin at 2015-02-06 12:52:44 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\KbrokvVK

C:\Users\Admin\AppData\Roaming\rmi

C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe

C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip

C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll

C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll

C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll

W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll

W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe

W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi

W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe

W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip

W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar
Emptytemp:
       
*****************

C:\ProgramData\KbrokvVK => Moved successfully.
C:\Users\Admin\AppData\Roaming\rmi => Moved successfully.
C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
"C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe" => File/Directory not found.
"C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll" => File/Directory not found.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll => Moved successfully.
W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe => Moved successfully.
W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar => Moved successfully.
EmptyTemp: => Removed 688.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:53:25 ====

schrauber 06.02.2015 19:19
Wenn fehlerhafte Sektoren angezeogt werden sollte man die mal reparieren, bzw mal die Platte prüfen.

Fehler im Dateisystem beheben - so geht's - Anleitungen
Zustand der Festplatte herausfinden - so gehts - Anleitungen

AnnoMK 06.02.2015 23:29
Das hatte ich schon vorher zwei mal ausprobiert - "Datenträger-Überprüfung – aus laufendem Betrieb"
Jetzt habe ich es über die Eingabeaufforderung. Die Fehler werden nicht korregiert.

CrystalDisk sagt "Aktuell schwebende Sektoren". Soweit ich mich reingelesen habe, wenn Chkdsk nicht hilft, bleibt nur neufromatieren als Alternative. Ist das richtig? :glaskugel:

Ich tendiere schon zum Neuaufsetzen. :killpc: :killpc: :killpc:
VG

Code:
  7952628 KB auf dem Datenträger verfügbar

      4096 Bytes in jeder Zuordnungseinheit
  18347519 Zuordnungseinheiten auf dem Datenträger insgesamt
  1988157 Zuordnungseinheiten auf dem Datenträger verfügbar

Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26212</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-02-06T01:31:32.000000000Z" />
    <EventRecordID>97988</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Silent</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Dateisystem auf \\?\Volume{8e613d86-29ed-11e0-b338-806e6f6e6963} wird überprüft.
Der Typ des Dateisystems ist NTFS.

WARNUNG! Der Parameter F wurde nicht angegeben.
CHKDSK wird im schreibgeschützten Modus ausgeführt.

CHKDSK überprüft Dateien (Phase 1 von 3)...
  575488 Datensätze verarbeitet.                                       

Dateiüberprüfung beendet.
  316 große Datensätze verarbeitet.                                 

  0 ungültige Datensätze verarbeitet.                             

  2 E/A-Datensätze verarbeitet.                                   

  59 Analysedatensätze verarbeitet.                                 

CHKDSK überprüft Indizes (Phase 2 von 3)...
  669174 Indexeinträge verarbeitet.                                     

Indexüberprüfung beendet.
  0 nicht indizierte Dateien überprüft.                           

  0 nicht indizierte Dateien wiederhergestellt.                   

CHKDSK überprüft Sicherheitsbeschreibungen (Phase 3 von 3)...
  575488 SDs/SIDs verarbeitet.                                         

1502 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt.
1502 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt.
1502 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt.
Überprüfung der Sicherheitsbeschreibungen beendet.
  46844 Datendateien verarbeitet.                                     

CHKDSK überprüft USN-Journal...
  35412880 USN-Bytes verarbeitet.                                         

Die Überprüfung von USN-Journal ist abgeschlossen.
Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt.

  73390076 KB Speicherplatz auf dem Datenträger insgesamt
  64548204 KB in 399901 Dateien
    174376 KB in 46845 Indizes
        4 KB in fehlerhaften Sektoren
    714864 KB vom System benutzt
    65536 KB von der Protokolldatei belegt
  7952628 KB auf dem Datenträger verfügbar

      4096 Bytes in jeder Zuordnungseinheit
  18347519 Zuordnungseinheiten auf dem Datenträger insgesamt
  1988157 Zuordnungseinheiten auf dem Datenträger verfügbar
</Data>
    <Binary>00C8080024D106004C6D0B0000000000BC0200003B0000000000000000000000</Binary>
  </EventData>
</Event>

Code:
----------------------------------------------------------------------------
CrystalDiskInfo 6.3.0 (C) 2008-2015 hiyohiyo
                                Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------

    OS : Windows 7 Ultimate [6.1 Build 7600] (x86)
  Date : 2015/02/06 22:40:22

-- Controller Map ----------------------------------------------------------
 + Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26 [ATA]
  - ATA Channel 0 (0)
  + ATA Channel 1 (1)
    - ST2000DL004 HD204UI ATA Device
 + Standard-Zweikanal-PCI-IDE-Controller [ATA]
  + ATA Channel 0 (0)
    - SAMSUNG HD322GJ ATA Device
  + ATA Channel 1 (1)
    - HL-DT-ST DVD-RAM GH22LS30 ATA Device
 + Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20 [ATA]
  - ATA Channel 0 (0)
  - ATA Channel 1 (1)
 + Virtual CloneDrive [SCSI]
  - ELBY CLONEDRIVE SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
 (1) SAMSUNG HD322GJ : 320,0 GB [0/2/0, pd1]
 (2) ST2000DL004 HD204UI : 2000,3 GB [1/5/0, pd1] - st

----------------------------------------------------------------------------
 (1) SAMSUNG HD322GJ
----------------------------------------------------------------------------
          Model : SAMSUNG HD322GJ
        Firmware : 1AR10001
  Serial Number : S2BJJ90Z918796
      Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
    Buffer Size : 16384 KB
    Queue Depth : 32
    # of Sectors : 625140335
  Rotation Rate : 7200 RPM
      Interface : Serial ATA
  Major Version : ATA8-ACS
  Minor Version : ATA8-ACS version 6
  Transfer Mode : ---- | SATA/300
  Power On Hours : 16541 Std.
  Power On Count : 4787 mal
    Temperature : 34 C (93 F)
  Health Status : Vorsicht
        Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
      APM Level : 0000h [OFF]
      AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 0000000001E9 Lesefehlerrate
02 _55 _55 __0 000000000AB8 Datendurchsatz-Leistung
03 _84 _75 _25 000000001373 Mittl. Anlaufzeit
04 _96 _96 __0 0000000012FF Start/Stopp-Zyklen d. Spindel
05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren
07 252 252 _51 000000000000 Anz. Suchfehler
08 252 252 _15 000000000000 Güte der Suchoperationen
09 100 100 __0 00000000409D Betriebsstunden
0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe
0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen
0C _96 _96 __0 0000000012B3 Anz. Geräte-Einschaltvorgänge
BF _91 _91 __0 000000018066 G-Sensor-Fehlerrate
C0 252 252 __0 000000000000 Ausschaltungsabbrüche
C2 _64 _59 __0 0029000B0022 Temperatur
C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt
C4 252 252 __0 000000000000 Wiederzuweisungsereignisse
C5 100 100 __0 000000000001 Aktuell schwebende Sektoren
C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
C8 100 100 __0 000000000936 Schreibfehlerrate
DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen
E1 100 100 __0 000000001317 Laden/Entladen-Zyklen

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 424A 4A39 305A 3931 3837 3936 2020 2020 2020
020: 0000 8000 0004 3141 5231 3030 3031 5341 4D53 554E
030: 4720 4844 3332 3247 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 0018
090: 0018 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: E26F 2542 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0350 AC93 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C7A5

-- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 E9 01 00 00 00 00 00 02 26
010: 00 37 37 B8 0A 00 00 00 00 00 03 23 00 54 4B 73
020: 13 00 00 00 00 00 04 32 00 60 60 FF 12 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 9D 40 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 B3
080: 12 00 00 00 00 00 BF 22 00 5B 5B 66 80 01 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 3B 22 00 0B 00 29 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 64 64 01 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 C8 C8 00
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 36 09 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 17 13 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 B8 0B 00 5B
170: 03 00 01 00 02 32 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F

-- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

----------------------------------------------------------------------------
 (2) ST2000DL004 HD204UI
----------------------------------------------------------------------------
          Model : ST2000DL004 HD204UI
        Firmware : 1AQ10001
  Serial Number : S2H7J90C507820
      Disk Size : 2000,3 GB (8,4/137,4/2000,3/2000,3)
    Buffer Size : 32767 KB
    Queue Depth : 32
    # of Sectors : 3907029168
  Rotation Rate : 5400 RPM
      Interface : Serial ATA
  Major Version : ATA8-ACS
  Minor Version : ATA8-ACS version 6
  Transfer Mode : ---- | SATA/300
  Power On Hours : 9877 Std.
  Power On Count : 2609 mal
    Temperature : 34 C (93 F)
  Health Status : Gut
        Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
      APM Level : 0000h [OFF]
      AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Lesefehlerrate
02 252 252 __0 000000000000 Datendurchsatz-Leistung
03 _67 _66 _25 000000002716 Mittl. Anlaufzeit
04 _84 _84 __0 000000004238 Start/Stopp-Zyklen d. Spindel
05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren
07 252 252 _51 000000000000 Anz. Suchfehler
08 252 252 _15 000000000000 Güte der Suchoperationen
09 100 100 __0 000000002695 Betriebsstunden
0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe
0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen
0C _98 _98 __0 000000000A31 Anz. Geräte-Einschaltvorgänge
B5 100 100 __0 000000C21A4E Herstellerspezifisch
BF 100 100 __0 000000000022 G-Sensor-Fehlerrate
C0 252 252 __0 000000000000 Ausschaltungsabbrüche
C2 _64 _59 __0 0029000F0022 Temperatur
C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt
C4 252 252 __0 000000000000 Wiederzuweisungsereignisse
C5 252 252 __0 000000000000 Aktuell schwebende Sektoren
C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
C8 100 100 __0 000000000000 Schreibfehlerrate
DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen
E1 _99 _99 __0 000000004240 Laden/Entladen-Zyklen

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 4837 4A39 3043 3530 3738 3230 2020 2020 2020
020: 0000 FFFF 0004 3141 5131 3030 3031 5354 3230 3030
030: 444C 3030 3420 4844 3230 3455 4920 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 00A2
090: 00A2 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 88B0 E8E0 0000 0000 0000 0000 4000 0000 5000 4CF2
110: 0779 37AE 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 09A5

-- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 43 42 16
020: 27 00 00 00 00 00 04 32 00 54 54 38 42 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 95 26 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 62 62 31
080: 0A 00 00 00 00 00 B5 22 00 64 64 4E 1A C2 00 00
090: 00 00 BF 22 00 64 64 22 00 00 00 00 00 00 C0 22
0A0: 00 FC FC 00 00 00 00 00 00 00 C2 02 00 40 3B 22
0B0: 00 0F 00 29 00 00 C3 3A 00 64 64 00 00 00 00 00
0C0: 00 00 C4 32 00 FC FC 00 00 00 00 00 00 00 C5 32
0D0: 00 FC FC 00 00 00 00 00 00 00 C6 30 00 FC FC 00
0E0: 00 00 00 00 00 00 C7 36 00 C8 C8 00 00 00 00 00
0F0: 00 00 C8 2A 00 64 64 00 00 00 00 00 00 00 DF 32
100: 00 FC FC 00 00 00 00 00 00 00 E1 32 00 63 63 40
110: 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 FC 4E 00 5B
170: 03 00 01 00 02 FF 00 51 01 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75

-- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 B5 00 00 00 00 00 00 00 00 00
090: 00 00 BF 00 00 00 00 00 00 00 00 00 00 00 C0 00
0A0: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00
0B0: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00
0C0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 DF 00
100: 00 00 00 00 00 00 00 00 00 00 E1 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86

schrauber 07.02.2015 12:45
Zitat:
Health Status : Vorsicht
Ich tendiere zum Kauf einer neuen Festplatte ;)

AnnoMK 07.02.2015 20:41
Ja, ich habe auch daran gedacht. :daumenhoc

Eine SSD werde ich der alten Kiste gönnen. Aber erstmal muss ich mir eine Gute aussuchen
Ich bedanke mich vielmals. :dankeschoen:

Und wenn du willst kannst du das Thema abschließen.


:dankeschoen: :dankeschoen: :dankeschoen: :dankeschoen: :dankeschoen: :dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131