Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus Bundesministerium f. Internetsicherheit entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2014, 06:51   #1
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Hallo zusammen,

ich habe mir neulich auch diesen lästigen Virus
Virus Bundesministerium f. Internetsicherheit eingefangen.

Meinen Laptop über den abgesicherten Modus zu starten hat leider nichts gebracht.

Ein Scan mit Farbar's Recovery Scan Tool brachte folgendes Ergebnis:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by SYSTEM on MININT-6UJLC6T on 25-04-2014 14:14:53
Running from K:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [832544 2010-01-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1287760 2010-01-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-23] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-23] ()
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\maxthon.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mx3uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\marco.deluxe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h3lfeods.lnk
ShortcutTarget: h3lfeods.lnk -> C:\ProgramData\2992199F9A\sdoefl3h.cpp (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 LavasoftAdAwareService11; C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S4 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
S2 Winmgmt; C:\ProgramData\2992199F9A\h3lfeods.faa [332020 2014-04-16] (Microsoft Corporation)
S2 WOTUpdater; C:\Users\marco.deluxe\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S2 CDRPDACC; C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2003-10-28] (Arrowkey)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-22] (GFI Software)
S3 gzflt; C:\Program Files (x86)\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2012-06-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 SANDRA; \??\C:\Program Files\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys D6CAD7E5B05055BB8226BDCB1644DA27
C:\Windows\System32\DRIVERS\atikmdag.sys 37456BE85384E4CC38DC899F07F88C45
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys B44879610F2DC4A046B14BEFA3AE72DE
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys 30B37C18E1725EB9F25039E9A1FB9B7E
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys E428DFFA96FAD07D8CA3C9082563A225
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Program Files (x86)\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys 07177B5A8C277074C30AC515FEBD4F37
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 42E00996DFC13C46366689C0EA8ABC5E
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\drivers\RTKVHD64.sys 51C98815721B44BF70E8AEB3FF3F57D6
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys 9D7EA8C7215D8D4AE7BE110EEE61085D
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\massfilter.sys 035C83CD72E06C47000793D32B1A642D
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 4A286CA297CD75A53D51348AD61680FB
C:\Windows\System32\drivers\RtHDMIVX.sys 4E821C740A675F6D040BE41D59A62B1D
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\DRIVERS\sscdbus.sys ED161B91FDF7EAA39469D72D463D5F4E
C:\Windows\System32\DRIVERS\sscdmdfl.sys 4CB09E77593DBD8D7AF33B37375CA715
C:\Windows\System32\DRIVERS\sscdmdm.sys C7B4CF53497A6E5363F3439427663882
C:\Windows\System32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9C
C:\Windows\System32\DRIVERS\ssudobex.sys 139FBA0F9854F8098E0ABF2A64B9D4B4
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Trufos.sys D5747C16225B4C7B0D04511DB0407544
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys 45427C4B8CAC6B241478F149B935CD80
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 3762B4C538B9D710F85042849C20319F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 3762B4C538B9D710F85042849C20319F
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 3762B4C538B9D710F85042849C20319F

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 14:14 - 2014-04-25 14:14 - 00000000 ____D () C:\FRST
2014-04-16 11:45 - 2014-04-16 12:24 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-10 12:32 - 2014-03-30 17:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-10 12:32 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-10 12:32 - 2014-03-30 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 12:32 - 2014-03-30 15:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 12:31 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-10 12:31 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-10 12:31 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-10 12:31 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-10 12:31 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-10 12:31 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:31 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:31 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:31 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:31 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:31 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 12:31 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-10 12:31 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-10 12:31 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-10 12:31 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-10 12:31 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 12:31 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-03-26 11:52 - 2014-03-26 11:52 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Local\TuneUp Software

==================== One Month Modified Files and Folders =======

2014-04-25 14:14 - 2014-04-25 14:14 - 00000000 ____D () C:\FRST
2014-04-16 12:24 - 2014-04-16 11:45 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-16 12:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 12:19 - 2013-08-26 12:17 - 00007760 _____ () C:\Windows\setupact.log
2014-04-16 11:59 - 2012-07-07 01:16 - 01789821 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 11:55 - 2013-12-21 15:07 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_marco.deluxe.job
2014-04-16 11:47 - 2013-12-29 06:09 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Roaming\DivX
2014-04-16 10:52 - 2012-10-12 12:13 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Roaming\AIMP3
2014-04-16 10:21 - 2013-08-26 09:04 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Local\JDownloader 0.9
2014-04-16 09:44 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 09:44 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 09:38 - 2013-10-29 16:12 - 00002246 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-15 08:06 - 2013-08-26 12:17 - 00525998 _____ () C:\Windows\PFRO.log
2014-04-10 13:12 - 2013-08-19 05:46 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-10 13:12 - 2010-01-15 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 13:10 - 2012-03-25 09:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-08 13:19 - 2012-03-23 05:55 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-04-08 12:29 - 2012-03-22 21:32 - 00699666 _____ () C:\Windows\System32\perfh007.dat
2014-04-08 12:29 - 2012-03-22 21:32 - 00149774 _____ () C:\Windows\System32\perfc007.dat
2014-04-08 12:29 - 2009-07-13 21:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-03 12:42 - 2012-03-23 07:53 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 09:39 - 2013-08-05 09:02 - 00003660 _____ () C:\Windows\System32\Tasks\Freemium1ClickMaint
2014-04-01 09:38 - 2013-08-05 09:00 - 00002595 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-04-01 09:36 - 2014-02-23 10:02 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Local\adawarebp
2014-04-01 09:31 - 2012-11-18 04:29 - 00000000 ____D () C:\Program Files (x86)\MadVR
2014-04-01 09:30 - 2012-03-22 13:44 - 00000000 ____D () C:\Program Files (x86)\LAV Filters
2014-04-01 08:51 - 2012-07-24 10:29 - 00000986 _____ () C:\Windows\wiso.ini
2014-03-30 17:16 - 2014-04-10 12:32 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-30 17:13 - 2014-04-10 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-30 16:13 - 2014-04-10 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 15:57 - 2014-04-10 12:32 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 11:53 - 2013-10-30 12:04 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-26 11:52 - 2014-03-26 11:52 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Local\TuneUp Software

Some content of TEMP:
====================
C:\Users\marco.deluxe\AppData\Local\Temp\avgnt.exe
C:\Users\marco.deluxe\AppData\Local\Temp\HNFH.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {5c107b98-74a7-11e1-9246-b36624b5fc3f}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5c107b98-74a7-11e1-9246-b36624b5fc3f}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\5c107b9a-74a7-11e1-9246-b36624b5fc3f\Winre.wim,{5c107b9b-74a7-11e1-9246-b36624b5fc3f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\5c107b9a-74a7-11e1-9246-b36624b5fc3f\Winre.wim,{5c107b9b-74a7-11e1-9246-b36624b5fc3f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {5c107b98-74a7-11e1-9246-b36624b5fc3f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {5c107b9b-74a7-11e1-9246-b36624b5fc3f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\5c107b9a-74a7-11e1-9246-b36624b5fc3f\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3958.78 MB
Available physical RAM: 3244.03 MB
Total Pagefile: 3956.93 MB
Available Pagefile: 3241.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:97.65 GB) (Free:50.93 GB) NTFS
Drive d: (Archiv) (Fixed) (Total:73.24 GB) (Free:18.86 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:122.54 GB) (Free:67.54 GB) NTFS
Drive f: (Bilder) (Fixed) (Total:102.54 GB) (Free:30.33 GB) NTFS
Drive i: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.73 GB) NTFS
Drive k: (WATSON 32GB) (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 9D1BA2AB)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=486 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2014-04-08 14:27

==================== End Of Log ============================
         
--- --- ---


Im Log-file steht zwar "FRST version is 8 days old and could be outdated",
ich habe mir FRST aber erst einige Tage nach dem Virusbefall an einem sicheren PC runtergeladen.
(Ich kam leider nicht früher dazu)
Ich hoffe man kann da noch was retten.

Alt 28.04.2014, 07:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\marco.deluxe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h3lfeods.lnk
ShortcutTarget: h3lfeods.lnk -> C:\ProgramData\2992199F9A\sdoefl3h.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\h3lfeods.faa [332020 2014-04-16] (Microsoft Corporation)
2014-04-16 11:45 - 2014-04-16 12:24 - 00000000 ____D () C:\ProgramData\2992199F9A
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.
__________________

__________________

Alt 29.04.2014, 08:17   #3
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Hallo schrauber,

vielen Dank für die schnelle Antwort.
Ich werde versuchen ob ich die FRST.exe irgendwie starten kann.
Der Bildschirm ist leider durch diesen "Bundesamt für Sicherheit in der Informationstechnik Trojaner" gesperrt.

Was meinst du mit "Reparaturoptionen"?
beim Starten F2 oder F8 drücken und dann zur Auswahl
"abgesicherter Modus mit Eingabeaufforderung"?

Welches Format sollte der USB-Stick mit der FRST.exe haben? FAT32 oder NTFS?
ich habe zu diesem Thema schon beide Vorschläge gehört/gelesen
und bin mir nicht sicher was davon in diesem Fall besser ist.
__________________

Geändert von donthackme00 (29.04.2014 um 08:31 Uhr)

Alt 30.04.2014, 09:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Du hast doch das FRST Log in der REcovery gemacht. Genau so nochmal FRST starten, aber fixen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.04.2014, 10:02   #5
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Ich hab's hinbekommen...

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
Ran by SYSTEM at 2014-04-29 21:27:22 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\marco.deluxe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h3lfeods.lnk
ShortcutTarget: h3lfeods.lnk -> C:\ProgramData\2992199F9A\sdoefl3h.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\h3lfeods.faa [332020 2014-04-16] (Microsoft Corporation)
2014-04-16 11:45 - 2014-04-16 12:24 - 00000000 ____D () C:\ProgramData\2992199F9A
*****************

C:\Users\marco.deluxe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h3lfeods.lnk => Moved successfully.
C:\ProgramData\2992199F9A\sdoefl3h.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.

==== End of Fixlog ====
         


Alt 01.05.2014, 06:21   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Jetzt versuchen den Rechner normal zu starten
__________________
--> Virus Bundesministerium f. Internetsicherheit entfernen

Alt 01.05.2014, 18:29   #7
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Der Rechner ließ sich wieder starten ohne dass der Desktop durch den Virus gesperrt wurde.
Ist der Virus jetzt weg oder
kannst du mir ein Tool zum endgültigen Entfernen des Virus empfehlen?

Alt 02.05.2014, 16:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Nee wir sind noch nit fertig, ab jetzt alles im normalen Modus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.05.2014, 17:16   #9
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



hier die Scan-Files

FRST.txt

Code:
ATTFilter
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by marco.deluxe (administrator) on ACER5741-DELUXE on 11-05-2014 14:11:14
Running from C:\Users\marco.deluxe\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Users\marco.deluxe\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpSystemStatusCheck.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [832544 2010-01-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1287760 2010-01-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1500952384-1108008716-574049464-1001\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1500952384-1108008716-574049464-1001\...\MountPoints2: {940aaf3e-4e68-11e3-8ff9-705ab6462f18} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1500952384-1108008716-574049464-1001\...\MountPoints2: {a8dad4ec-e627-11e1-993c-705ab6462f18} - I:\LaunchU3.exe -a
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\maxthon.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mx3uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD6400BEVT-22A0RT0_WD-WXF1A10J0576J0576&ts=1383162954&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=WDCXWD6400BEVT-22A0RT0_WD-WXF1A10J0576J0576&ts=1383162954&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WOT - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\marco.deluxe\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\marco.deluxe\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha984.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha984\ff
FF HKCU\...\Firefox\Extensions: [lrcsearch@bjornet.net] - C:\Program Files (x86)\LyricSearch\FF\
FF Extension: Lyrics Search - C:\Program Files (x86)\LyricSearch\FF\ []

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 LavasoftAdAwareService11; C:\Program Files (x86)\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S4 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
R2 WOTUpdater; C:\Users\marco.deluxe\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S2 CDRPDACC; C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2003-10-29] (Arrowkey)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-22] (GFI Software)
S3 gzflt; C:\Program Files (x86)\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2012-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 SANDRA; \??\C:\Program Files\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 14:11 - 2014-05-11 14:11 - 00015390 _____ () C:\Users\marco.deluxe\Desktop\FRST.txt
2014-05-11 14:08 - 2014-05-11 14:09 - 02066432 _____ (Farbar) C:\Users\marco.deluxe\Desktop\FRST64.exe
2014-05-08 18:58 - 2014-05-11 13:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 21:51 - 2014-04-29 21:51 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 21:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 21:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 21:51 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 21:50 - 2014-05-11 14:10 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-26 00:14 - 2014-05-11 14:11 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-05-11 14:11 - 2014-05-11 14:11 - 00015390 _____ () C:\Users\marco.deluxe\Desktop\FRST.txt
2014-05-11 14:11 - 2014-04-26 00:14 - 00000000 ____D () C:\FRST
2014-05-11 14:10 - 2014-04-29 21:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-11 14:10 - 2012-07-07 11:16 - 01834382 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 14:09 - 2014-05-11 14:08 - 02066432 _____ (Farbar) C:\Users\marco.deluxe\Desktop\FRST64.exe
2014-05-11 14:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-11 13:55 - 2013-12-22 01:07 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_marco.deluxe.job
2014-05-11 13:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:38 - 2014-05-08 18:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 13:36 - 2012-06-10 19:08 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-11 13:35 - 2013-08-26 22:17 - 00008152 _____ () C:\Windows\setupact.log
2014-05-11 13:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 18:55 - 2012-03-23 07:32 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-08 18:55 - 2012-03-23 07:32 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-08 18:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 07:27 - 2012-03-22 22:52 - 00000000 ___RD () C:\Users\marco.deluxe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 21:55 - 2012-03-23 14:55 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Roaming\XnView
2014-04-29 21:51 - 2014-04-29 21:51 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 21:51 - 2014-04-29 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 21:47 - 2013-12-29 16:09 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Roaming\DivX
2014-04-16 20:52 - 2012-10-12 22:13 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Roaming\AIMP3
2014-04-16 20:21 - 2013-08-26 19:04 - 00000000 ____D () C:\Users\marco.deluxe\AppData\Local\JDownloader 0.9
2014-04-16 19:38 - 2013-10-30 02:12 - 00002246 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-15 18:06 - 2013-08-26 22:17 - 00525998 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\marco.deluxe\AppData\Local\Temp\avgnt.exe
C:\Users\marco.deluxe\AppData\Local\Temp\HNFH.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
         
Addition.txt

Code:
ATTFilter
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by marco.deluxe at 2014-05-11 14:12:04
Running from C:\Users\marco.deluxe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.58 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.1.4 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0105.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.6.0.3 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1324, 15.11.2013 - AIMP DevTeam)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Aura Video Converter 1.6.2 (HKLM-x32\...\Aura Video Converter_is1) (Version:  - Aura4You.com)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.58 - NewTech Infosystems) Hidden
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5100 series Benutzerregistrierung (HKLM-x32\...\Canon MG5100 series Benutzerregistrierung) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help English (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help French (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help German (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.1209.2335.42329 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )
Free SystemUtilities (x32 Version: 1.1.0.95 - Covus Freemium GmbH) Hidden
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeFileSync 6.3 (HKLM-x32\...\FreeFileSync) (Version: 6.3 - Zenju)
Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version:  - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\jdownloader09) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4246) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.2 - Acer Inc.)
LAV Filters 0.61.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.61.1 - Hendrik Leppkes)
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version:  - Daniel Rebelo)
Lyrics Search (HKLM-x32\...\lrcsearch@bjornet.net) (Version:  - Bjornet Industries) <==== ATTENTION
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Maxthon2 (HKLM-x32\...\Maxthon2) (Version:  - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0.1 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11800.21.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6509 - NewTech Infosystems) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Paragon Partition Manager™ 2013 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.205.0 - Tracker Software Products Ltd)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.1 - NTeWORKS)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30110 - Realtek Semiconductor Corp.)
SMPlayer 0.8.6.6026 (x64) (HKLM\...\SMPlayer) (Version: 0.8.6.6026 - Ricardo Villalba)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 9.0 ATL (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3012 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM-x32\...\{12B56DF9-6EB6-4305-83AF-CF9286576B01}) (Version: 21.02.8520 - Buhl Data Service GmbH)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )
Zoom Player deutsche Sprachdateien (entfernen) (HKLM-x32\...\ZoomPlayer_German) (Version:  - )

==================== Restore Points  =========================
         

Alt 12.05.2014, 13:41   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.05.2014, 07:26   #11
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Leider komme ich nicht weiter.
Der Rechner benötigt sehr viel Zeit (ca. 5-10 Min.) zum Hochfahren
und auch die vorgeschlagenen Programme laufen nicht richtig.

Den Revo Uninstaller konnte ich zwar installieren und starten,
jedoch läuft er nicht wirklich.
Beim "Wiederherstellungspunkt anlegen" bleibt er hängen.
Ich habe über eine Stunde gewartet, aber da tat sich nichts.

Auch Malwarebytes Anti-Malware ließ sich nicht starten.

Alt 14.05.2014, 19:20   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



Versuch mal im abgesicherten Modus.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.07.2014, 09:00   #13
donthackme00
 
Virus Bundesministerium f. Internetsicherheit entfernen - Daumen hoch

Virus Bundesministerium f. Internetsicherheit entfernen



Tut mir leid dass ich mich so lange nicht gemeldet habe,
ich bin aber viel unterwegs und komme deshalb nicht so oft dazu,
mich um meinen Laptop zu kümmern.

Ich habe es trotz mehrfacher Versuche nicht hinbekommen alle vorgeschlagenen Programme durchlaufen zu lassen und die Logfiles zu erstellen. Mein Laptop hat für jede Aktion sehr, sehr lange gebraucht und sich dann auch regelmäßig aufgehängt. Am Ende hatte ich die Nase voll und hab ihn Platt gemacht.

Hab mir bei Microsoft die kostenlose ISO-Datei von Windows 7 runtergeladen, auf DVD gebrannt und damit den Laptop neu intalliert.
hxxp://answers.microsoft.com/de-de/windows/forum/windows_7-windows_install/wo-kann-ich-die-windows-7-iso-dateien/610a3a3c-e99c-42e6-8cf8-fda31127b035

Zusätzlich hab im mir noch Linux Mint 17 drauf gemacht und hoffe jetzt, dass ich zukünftig vor solchen heftigen Virus-Attacken verschont bleibe.

Ich möchte dir aber für deine Hilfe sehr danken.

Alt 17.07.2014, 16:39   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Bundesministerium f. Internetsicherheit entfernen - Standard

Virus Bundesministerium f. Internetsicherheit entfernen



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus Bundesministerium f. Internetsicherheit entfernen
ad-aware, antivirus, association, avg, avira, bootmgr, defender, desktop, download, entfernen, explorer, freemium, home, install.exe, launch, microsoft, opera, realtek, registry, scan, services.exe, sicherheit, software, starten, svchost.exe, system, temp, usbvideo.sys, virus, windows xp, winlogon.exe



Ähnliche Themen: Virus Bundesministerium f. Internetsicherheit entfernen


  1. Karrikaturen und Bilder für ein Referat über Internetsicherheit
    Diskussionsforum - 22.01.2014 (1)
  2. Bundesministerium für Internetsicherheit. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (4)
  3. Computer gesperrt, Meldung Bundesamt für Internetsicherheit
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (5)
  4. Virus Bundesministerium für Internetsicherheit - Zahlung von...
    Log-Analyse und Auswertung - 02.08.2013 (13)
  5. Sperrung des PCs durch Bundesamt für Internetsicherheit ?
    Log-Analyse und Auswertung - 04.06.2013 (95)
  6. Computer gesperrt mit Meldung vom Bundesamt für Internetsicherheit usw.
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  7. Trojaner Polizei Bundesministerium!
    Log-Analyse und Auswertung - 13.05.2013 (12)
  8. Bundesministerium für Internetsicherheit - Kompromitierter Rechner
    Log-Analyse und Auswertung - 12.05.2013 (34)
  9. Virus Bundesministerium f. Internetsicherheit...Zahlung von €100 per paypal
    Log-Analyse und Auswertung - 07.04.2013 (11)
  10. Ihr System wurde blockiert (Bundesministerium)
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (10)
  11. Trojaner: Bundesministerium für Sicherheit sperrt ihren Computer
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (3)
  12. Virus über Kinox.to, Bundesministerium
    Log-Analyse und Auswertung - 28.12.2012 (1)
  13. Probleme durch 'Bundesministerium'-Trojaner - OTL startet nicht (abges. Modus)
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (26)
  14. Laptop komplett gesperrt vom Bundesministerium!
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (3)
  15. Brüssel führt Umfrage zur Internetsicherheit durch
    Nachrichten - 23.07.2012 (0)
  16. EU-Kommission will Internetsicherheit global vorantreiben
    Nachrichten - 02.04.2011 (0)
  17. Agentur für Internetsicherheit rät zur Vorsicht in Social Networks
    Nachrichten - 08.02.2010 (0)

Zum Thema Virus Bundesministerium f. Internetsicherheit entfernen - Hallo zusammen, ich habe mir neulich auch diesen lästigen Virus Virus Bundesministerium f. Internetsicherheit eingefangen. Meinen Laptop über den abgesicherten Modus zu starten hat leider nichts gebracht. Ein Scan mit - Virus Bundesministerium f. Internetsicherheit entfernen...
Archiv
Du betrachtest: Virus Bundesministerium f. Internetsicherheit entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.