ComboFix 16-06-30.01 - hp-netbook 04.07.2016  21:10:17.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3837.2418 [GMT 2:00]
ausgeführt von:: c:\users\hp-netbook\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1364506314.bdinstall.bin
c:\programdata\1364506550.bdinstall.bin
c:\programdata\1394014138.bdinstall.bin
c:\users\hp-netbook\ZHPDiag3.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-06-04 bis 2016-07-04  ))))))))))))))))))))))))))))))
.
.
2016-07-04 19:19 . 2016-07-04 19:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-07-04 19:15 . 2016-07-04 19:15	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D237D1F2-A084-4054-ACEF-1A9C0074F9CA}\offreg.976.dll
2016-07-03 14:05 . 2016-07-03 14:05	24688	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2016-07-03 14:05 . 2016-07-03 14:05	--------	d-----w-	c:\programdata\RogueKiller
2016-07-03 13:06 . 2016-07-03 13:08	--------	d-----w-	c:\users\hp-netbook\AppData\Roaming\ZHP
2016-07-01 11:20 . 2016-06-21 22:04	12007136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D237D1F2-A084-4054-ACEF-1A9C0074F9CA}\mpengine.dll
2016-06-19 12:43 . 2016-06-19 12:57	--------	d-----w-	c:\programdata\tmp
2016-06-19 12:43 . 2016-06-19 12:43	--------	d-----w-	c:\programdata\hps
2016-06-19 12:39 . 2016-06-19 12:39	--------	d-----w-	c:\program files\dm
2016-06-17 09:29 . 2016-06-17 09:29	--------	d-----w-	c:\program files (x86)\ESET
2016-06-15 18:47 . 2016-05-12 14:58	464896	----a-w-	c:\windows\system32\drivers\srv.sys
2016-06-15 18:46 . 2016-04-09 06:58	14186496	----a-w-	c:\windows\system32\shell32.dll
2016-06-14 19:52 . 2016-06-14 19:52	37144	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2016-06-14 19:52 . 2016-06-14 19:52	398152	----a-w-	c:\windows\system32\aswBoot.exe
2016-06-14 19:52 . 2016-06-14 19:52	52184	----a-w-	c:\windows\avastSS.scr
2016-06-14 18:47 . 2016-06-14 18:47	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-03 15:10 . 2012-07-17 12:37	24800	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-17 09:44 . 2012-04-23 18:43	796352	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-06-17 09:44 . 2011-06-18 11:26	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-15 20:01 . 2011-06-17 19:14	142482544	----a-w-	c:\windows\system32\MRT.exe
2016-06-14 19:52 . 2014-08-06 18:35	37656	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2016-06-14 19:52 . 2014-03-05 10:29	74544	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2016-06-14 19:52 . 2014-03-05 10:29	287528	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2016-06-14 19:52 . 2014-03-05 10:29	166432	----a-w-	c:\windows\system32\drivers\aswStm.sys
2016-06-14 19:52 . 2014-03-05 10:29	465792	----a-w-	c:\windows\system32\drivers\aswSP.sys
2016-06-14 19:52 . 2014-03-05 10:29	107792	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2016-06-14 19:52 . 2014-03-05 10:29	103064	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2016-06-14 19:52 . 2014-03-05 10:29	1070904	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2016-06-13 17:31 . 2011-06-17 20:19	484008	------w-	c:\windows\system32\MpSigStub.exe
2016-05-08 18:59 . 2016-05-08 18:59	377344	----a-w-	c:\windows\RegBootClean.exe
2016-04-14 13:49 . 2016-05-10 20:42	603648	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2016-04-14 13:21 . 2016-05-10 20:42	647680	----a-w-	c:\windows\system32\d3d10level9.dll
2016-04-09 07:02 . 2016-05-10 20:41	631176	----a-w-	c:\windows\system32\winresume.efi
2016-04-09 07:01 . 2016-05-10 20:41	706280	----a-w-	c:\windows\system32\winload.efi
2016-04-09 07:01 . 2016-05-10 20:41	5546216	----a-w-	c:\windows\system32\ntoskrnl.exe
2016-04-09 07:01 . 2016-05-10 20:42	986344	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2016-04-09 07:01 . 2016-05-10 20:42	264936	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2016-04-09 06:59 . 2016-05-10 20:41	3998952	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59 . 2016-05-10 20:41	3943144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59 . 2016-05-10 20:41	1732864	----a-w-	c:\windows\system32\ntdll.dll
2016-04-09 06:58 . 2016-05-10 20:41	362496	----a-w-	c:\windows\system32\wow64win.dll
2016-04-09 06:58 . 2016-05-10 20:41	215552	----a-w-	c:\windows\system32\winsrv.dll
2016-04-09 06:58 . 2016-05-10 20:41	243712	----a-w-	c:\windows\system32\wow64.dll
2016-04-09 06:58 . 2016-05-10 20:41	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2016-04-09 06:58 . 2016-05-10 20:41	503808	----a-w-	c:\windows\system32\srcore.dll
2016-04-09 06:58 . 2016-05-10 20:41	50176	----a-w-	c:\windows\system32\srclient.dll
2016-04-09 06:58 . 2016-05-10 20:41	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2016-04-09 06:57 . 2016-05-10 20:41	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2016-04-09 06:57 . 2016-05-10 20:41	419840	----a-w-	c:\windows\system32\KernelBase.dll
2016-04-09 06:57 . 2016-05-10 20:41	1163264	----a-w-	c:\windows\system32\kernel32.dll
2016-04-09 06:57 . 2016-05-10 20:41	43520	----a-w-	c:\windows\system32\csrsrv.dll
2016-04-09 06:57 . 2016-05-10 20:42	144384	----a-w-	c:\windows\system32\cdd.dll
2016-04-09 06:57 . 2016-05-10 20:41	880640	----a-w-	c:\windows\system32\advapi32.dll
2016-04-09 06:57 . 2016-05-10 20:41	59904	----a-w-	c:\windows\system32\appidapi.dll
2016-04-09 06:57 . 2016-05-10 20:41	34816	----a-w-	c:\windows\system32\appidsvc.dll
2016-04-09 06:57 . 2016-05-10 20:41	6656	----a-w-	c:\windows\system32\apisetschema.dll
2016-04-09 06:57 . 2016-05-10 20:41	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-09 06:57 . 2016-05-10 20:41	1314112	----a-w-	c:\windows\SysWow64\ntdll.dll
2016-04-09 06:54 . 2016-05-10 20:41	275456	----a-w-	c:\windows\SysWow64\KernelBase.dll
2016-04-09 06:54 . 2016-05-10 20:41	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2016-04-09 06:54 . 2016-05-10 20:41	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2016-04-09 06:54 . 2016-05-10 20:41	644096	----a-w-	c:\windows\SysWow64\advapi32.dll
2016-04-09 06:54 . 2016-05-10 20:41	50688	----a-w-	c:\windows\SysWow64\appidapi.dll
2016-04-09 06:54 . 2016-05-10 20:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2016-04-09 06:54 . 2016-05-10 20:41	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2016-04-09 06:54 . 2016-05-10 20:41	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-09 06:54 . 2016-05-10 20:41	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
2015-04-24 10:22	38104	----a-w-	c:\program files (x86)\PDF Architect 3\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2DFF3579-5AA7-45B9-9328-1D38EA230861}"= "c:\program files (x86)\PDF Architect 3\creator-ie-plugin.dll" [2015-04-24 496344]
.
[HKEY_CLASSES_ROOT\clsid\{2dff3579-5aa7-45b9-9328-1d38ea230861}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{882BBDC8-4C5D-46A7-8333-5F4E819666F4}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	211264	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	211264	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	211264	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-05-11 37152]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"Dropbox Update"="c:\users\hp-netbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-18 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="d:\program files\Avast\AvastUI.exe" [2016-06-27 7408312]
.
c:\users\hp-netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-6-24 24105936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * \0BootDefrag.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 eapihdrv;eapihdrv;c:\users\HP-NET~1\AppData\Local\Temp\ehdrv.sys;c:\users\HP-NET~1\AppData\Local\Temp\ehdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 09:10	1245848	----a-w-	c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2016-07-02 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17 09:44]
.
2016-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:44]
.
2016-07-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457469959-3694489001-2918448936-1000Core.job
- c:\users\hp-netbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:18]
.
2016-07-04 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457469959-3694489001-2918448936-1000UA.job
- c:\users\hp-netbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:18]
.
2016-07-04 c:\windows\Tasks\GlaryInitialize.job
- d:\program files (x86)\Glary Utilities\initialize.exe [2013-02-13 14:58]
.
2016-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 10:39]
.
2016-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 10:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-06-14 19:52	920784	----a-w-	d:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	255296	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	255296	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	255296	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10	255296	----a-w-	c:\users\hp-netbook\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\hp-netbook\AppData\Roaming\Mozilla\Firefox\Profiles\rlemy3u6.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/de-de/?pc=U270&ocid=U270DHP|www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-457469959-3694489001-2918448936-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-07-04  21:21:59
ComboFix-quarantined-files.txt  2016-07-04 19:21
.
Vor Suchlauf: 15 Verzeichnis(se), 16.953.847.808 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 16.855.425.024 Bytes frei
.
- - End Of File - - 619055438999FB2CA6587E951059F239
A36C5E4F47E84449FF07ED3517B43A31