Tbupdater.dll konnte nicht gefunden werden.

pauligauli · 28.03.2014, 23:16

Hier die FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by pr (administrator) on RENNHOFER-PC on 28-03-2014 23:05:11
Running from C:\Users\pr\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
() C:\Windows\System32\rpcnetp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPWAUDAP] - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [946176 2007-05-31] (Authentec,Inc)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-01-08] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Ad-Watch] - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [515416 2009-03-09] (Lavasoft)
HKU\.DEFAULT\...\RunOnce: [Application Restart #2] - C:\Windows\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {EF6E5A56-23CB-420D-8BFD-312F9DBFAFA4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default
FF NewTab: about:home
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Toolbar fuer eBay - C:\Program Files\Mozilla Firefox\extensions\ebay.xpi [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-16]

========================== Services (Whitelisted) =================

S3 AllShare; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2007-04-09] (Lenovo.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [24992 2011-07-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-07-16] (Samsung Electronics Co., Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [13312 2007-06-07] (Lenovo Group Limited)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-01-08] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 PRISM_USB; C:\Windows\System32\DRIVERS\PRISMUSB.sys [666624 2003-10-02] (GlobespanVirata, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cnbqnjgv; \??\C:\Windows\system32\drivers\cnbqnjgv.sys [X]
S1 evzimgfj; \??\C:\Windows\system32\drivers\evzimgfj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jffcavgd; \??\C:\Windows\system32\drivers\jffcavgd.sys [X]
S1 lyttuzax; \??\C:\Windows\system32\drivers\lyttuzax.sys [X]
S1 MpKslfde0b468; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{466A6067-B38B-4E4E-8E24-B3AC7D9F82AC}\MpKslfde0b468.sys [X]
S1 mymbzouu; \??\C:\Windows\system32\drivers\mymbzouu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S1 pzibtxsf; \??\C:\Windows\system32\drivers\pzibtxsf.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 20:35 - 2014-03-28 23:07 - 00015481 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:29 - 2014-03-23 20:32 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 11:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-23 11:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-23 11:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-23 11:36 - 2014-03-23 12:19 - 00000000 ____D () C:\Qoobox
2014-03-23 11:36 - 2014-03-23 12:10 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 11:30 - 2014-03-23 11:31 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 12:59 - 2014-03-28 22:55 - 00002908 _____ () C:\aaw7boot.log
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 12:13 - 2009-03-09 20:06 - 00015688 _____ () C:\Windows\system32\lsdelete.exe
2014-03-22 11:28 - 2014-03-22 11:30 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2009-03-09 20:06 - 00064160 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-03-22 11:26 - 2014-03-22 11:27 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 10:51 - 2014-03-22 12:57 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:36 - 2014-03-28 23:05 - 00000000 ____D () C:\FRST
2014-03-22 10:22 - 2014-03-23 22:35 - 00010296 _____ () C:\Windows\PFRO.log
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:18 - 2014-03-15 11:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:31 - 2014-03-09 09:32 - 00000000 ____D () C:\Intel
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:16 - 2014-03-08 19:20 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:13 - 2014-03-08 19:16 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:05 - 2014-03-08 19:07 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg

==================== One Month Modified Files and Folders =======

2014-03-28 23:07 - 2014-03-23 20:35 - 00015481 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-28 23:07 - 2008-06-24 10:13 - 01921692 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 23:05 - 2014-03-22 10:36 - 00000000 ____D () C:\FRST
2014-03-28 22:59 - 2010-08-27 14:34 - 00043008 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2014-03-28 22:56 - 2014-01-18 09:00 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2014-03-28 22:56 - 2007-08-16 11:28 - 00025334 _____ () C:\Windows\system32\PROCDB.INI
2014-03-28 22:56 - 2007-08-16 11:28 - 00000000 _____ () C:\Windows\system32\IPSCtrl.INI
2014-03-28 22:56 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 22:56 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 22:56 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 22:55 - 2014-03-22 12:59 - 00002908 _____ () C:\aaw7boot.log
2014-03-28 22:55 - 2014-01-10 08:19 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-03-28 19:22 - 2008-09-16 18:31 - 00000000 _____ () C:\Users\Public\Documents\AcSvc.dmp
2014-03-28 19:22 - 2008-06-24 10:15 - 00003204 _____ () C:\Windows\bthservsdp.dat
2014-03-28 19:22 - 2006-11-02 13:58 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 19:13 - 2013-05-16 15:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
2014-03-28 19:09 - 2009-06-20 13:18 - 00000000 ____D () C:\Users\pr\Privat
2014-03-28 17:29 - 2013-05-16 15:42 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
2014-03-25 16:43 - 2011-05-08 14:55 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Mozilla
2014-03-23 22:35 - 2014-03-22 10:22 - 00010296 _____ () C:\Windows\PFRO.log
2014-03-23 20:32 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:47 - 2008-09-13 17:38 - 00000000 ____D () C:\Users\pr
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 12:19 - 2014-03-23 11:36 - 00000000 ____D () C:\Qoobox
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-23 12:10 - 2014-03-23 11:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 12:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-23 11:57 - 2006-11-02 11:22 - 42205184 _____ () C:\Windows\system32\config\software.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 28573696 _____ () C:\Windows\system32\config\system.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-23 11:55 - 2008-08-13 13:18 - 00000000 ____D () C:\Users\rennhofer
2014-03-23 11:31 - 2014-03-23 11:30 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 14:31 - 2013-09-28 16:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-22 14:31 - 2013-09-28 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-22 12:57 - 2014-03-22 10:51 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 11:49 - 2011-01-07 22:45 - 00000000 ___RD () C:\Program Files\Skype
2014-03-22 11:30 - 2014-03-22 11:28 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2014-03-22 11:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 11:14 - 2008-09-18 21:03 - 00000000 ____D () C:\Programme_download
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:25 - 2013-03-31 10:53 - 00000000 ____D () C:\Users\pr\Desktop\CCleaner
2014-03-22 09:19 - 2012-05-23 22:42 - 00000774 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-22 09:19 - 2012-05-23 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-22 09:12 - 2013-05-01 12:36 - 00000000 ____D () C:\Windows\pss
2014-03-19 08:29 - 2006-11-02 11:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 08:10 - 2008-11-07 18:49 - 00000000 ____D () C:\Users\sr\Sayeeda
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-16 08:52 - 2013-12-20 11:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 08:46 - 2013-10-10 14:52 - 00000000 ____D () C:\Users\pr\AppData\Roaming\HomeTab
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:19 - 2014-03-15 11:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 21:09 - 2013-05-20 11:23 - 00000000 ____D () C:\Users\pr\Documents\888poker
2014-03-09 10:00 - 2013-09-28 16:57 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:32 - 2014-03-09 09:31 - 00000000 ____D () C:\Intel
2014-03-08 19:33 - 2014-03-08 19:16 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:20 - 2014-03-08 19:16 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:13 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:07 - 2014-03-08 19:05 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:37 - 2011-06-16 07:25 - 00000000 ____D () C:\Program Files\FoxTab3GPConverter
2014-03-08 15:08 - 2012-09-30 11:52 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\TuneUp Software
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-03-07 15:25 - 2011-01-09 17:17 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Skype
2014-03-07 15:23 - 2011-01-07 22:45 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\Skype
2014-03-07 14:41 - 2008-08-13 13:22 - 00270384 _____ () C:\Users\rennhofer\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 23:07

==================== End Of Log ============================

--- --- ---

--- --- ---

und die Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by pr at 2014-03-28 23:09:00
Running from C:\Users\pr\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

888poker (HKLM\...\888poker) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Ad-Aware (HKLM\...\Ad-Aware) (Version:  - Lavasoft)
Ad-Aware (Version: 8.0.0 - Lavasoft) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 9.4.7 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.03 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.06 - Broadcom Corporation)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.1 (HKLM\...\MP Navigator EX 1.1) (Version:  - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Setup Utility 2.3 (HKLM\...\Canon Setup Utility 2.3) (Version:  - )
Casio SMF Conveter (HKLM\...\InstallShield_{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}) (Version: 1.00.0000 - Your Company Name)
Casio SMF Conveter (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Client Security Solution (HKLM\...\{0F4EFCE8-E358-4430-A504-F55F32BA1816}) (Version: 8.0.0311.00 - Lenovo Group Limited)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dawn (HKLM\...\{459E0590-ECD4-490E-9E52-3EF1F1782225}) (Version: 5.4.0 - \)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Forte Free 2.0 (HKLM\...\Forte Free) (Version: 2.0 - Lugert Verlag)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hallmark Card Studio 2005 (HKLM\...\{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}) (Version: 6.0.0.0 - SierraHome)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00c - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo Fingerprint Software (HKLM\...\{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}) (Version: 1.1.0.21 - Ihr Firmenname)
Lenovo PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.00 - )
Maintenance Manager (HKLM\...\AwayTask) (Version: 3.0.5.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4SP2 (HKLM\...\InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}) (Version: 1.00.0000 - Sierra Entertainment, Inc.)
msxml4SP2 (Version: 1.00.0000 - Sierra Entertainment, Inc.) Hidden
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.00.11130 - Sony Corporation)
Network Magic (HKLM\...\{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}) (Version: 4.1.7082.0 - Pure Networks)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC-Doctor 5 für Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4565.08 - PC-Doctor, Inc.)
PixiePack Codec Pack (HKLM\...\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}) (Version: 0.10.6.0 - None)
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.63.1.6 - Lenovo)
PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 3.04 - )
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.00.0117.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.33.01 - )
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
SA32xx Device Manager (HKCU\...\{7CDC26F7-D6BF-442A-B599-0075A48310F7}) (Version: 01.01.00.1024 - Philips)
Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.11072_11 - Samsung Electronics Co., Ltd.)
Samsung AllShare (Version: 2.1.0.11072_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG PC Share Manager (HKLM\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (Version: 4.0 - SAMSUNG) Hidden
Secure Download Manager (HKLM\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version:  - Microsoft Corporation)
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
STRATO HiDrive (remove only) (HKLM\...\STRATO HiDrive) (Version:  - STRATO AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.00.0030 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 4.42 - )
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
Tiefpreisalarm 1.0 (HKLM\...\{3414EDA4-FA2E-4C24-83CE-E40BD6F47087}_is1) (Version:  - e-load)
TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wallpapers (Version:  - ) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WordPerfect Office X3 (Version: 13.2 - Corel Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-03-23 12:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1629A389-C9BD-4982-BFF2-AB796C7A30F8} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22C92C31-CF59-45DD-8BC7-8EDF4441BF54} - System32\Tasks\9317i31 => C:\Users\pr\AppData\Local\Temp\0.8598648385159425.exe <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {5AFF33DC-174D-4C6E-8616-6935C16C11D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {5F475CE1-27BA-4DBA-A99F-929A345AA58C} - System32\Tasks\{04D46EE2-3604-4477-B626-9EF0D9DDDC69} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {6558B681-9A77-451C-BC48-13352F0CC1A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08] (Adobe Systems Incorporated)
Task: {682FEF0E-457E-46C8-9A9F-170A7025280F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - sr => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {689D1068-5E2F-4828-9896-C1C452F21BF2} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files\HomeTab\TBUpdater.dll",TBCheckForUpdate
Task: {6EA9F42D-5C80-4133-BA49-FE15B6365272} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {89ACB852-F931-462F-A9A4-BD5A3AACAC28} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8D4778C4-65B5-44C6-9AA3-82CA1D9BAE56} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {B038784A-28DC-4A16-971C-61C0392B0116} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - pr => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {CED79402-40F3-4742-A984-15B9622D170F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
Task: {EC2EBDA8-312C-4BB6-A585-55E185230165} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe <==== ATTENTION
Task: {F0A8EB5A-E16B-4A18-9435-54406F4426E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {F2DFA8D5-D9AF-4DFD-9297-7647A84C39F9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09] (Lavasoft)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-09 20:06 - 2009-03-09 20:06 - 00212848 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2009-03-09 20:06 - 2009-03-09 20:06 - 01626976 _____ () C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
2008-09-10 23:00 - 2008-09-10 23:00 - 00168960 _____ () C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 ____N () C:\Windows\system32\PSIService.exe
2014-01-10 08:19 - 2014-03-28 22:55 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe
2014-01-18 09:00 - 2014-03-28 22:56 - 00017408 _____ () C:\Windows\System32\rpcnetp.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 01102848 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00641536 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00105472 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00093696 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00077312 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00520234 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\sqlite3.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00450560 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2010-12-16 12:09 - 2010-12-16 12:09 - 05717504 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00028672 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00147456 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00012800 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 04671488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00070656 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00686080 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00152064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00028160 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00063488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2010-12-16 12:09 - 2010-12-16 12:09 - 00366592 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\tag.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00022528 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00018432 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00132608 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00023040 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\photoDriver.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00399826 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00013824 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00031232 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\Autobackup.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00054784 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2011-02-01 11:01 - 2011-02-01 11:01 - 00044032 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\us.dll
2007-05-11 03:22 - 2007-03-02 06:07 - 00055936 ____N () C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
2007-01-08 19:03 - 2007-01-08 19:03 - 00569344 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2007-01-08 18:49 - 2007-04-14 14:30 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-06-24 10:28 - 2007-05-08 08:06 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-05-11 03:23 - 2006-09-06 08:38 - 00054824 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
2007-05-11 03:23 - 2006-09-06 08:38 - 00063016 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAud32.dll
2007-01-08 18:08 - 2007-01-08 18:08 - 00110592 ____N () C:\Program Files\Common Files\Lenovo\XML4CMessages5_5.DLL
2007-01-08 18:49 - 2007-04-14 14:30 - 00139264 ____N () C:\Program Files\Common Files\Lenovo\CDRecord.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 10:56:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 03:56:09 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1864
Anfangszeit: 01cf4a95826315e0
Zeitpunkt der Beendigung: 42

Error: (03/28/2014 03:53:41 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 27e4
Anfangszeit: 01cf4a953d96eef0
Zeitpunkt der Beendigung: 30

Error: (03/28/2014 03:51:29 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 11a4
Anfangszeit: 01cf4a92a7b67920
Zeitpunkt der Beendigung: 46

Error: (03/28/2014 03:21:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 09:20:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 09:04:42 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{2CB75F0D-3619-49F7-806C-3A9E43F34428}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/28/2014 08:44:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 09:02:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/27/2014 08:11:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/28/2014 11:05:09 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/28/2014 11:01:46 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (03/28/2014 11:01:38 PM) (Source: Service Control Manager) (User: )
Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1070

Error: (03/28/2014 11:01:36 PM) (Source: Service Control Manager) (User: )
Description: Funktionssuchanbieter-Host

Error: (03/28/2014 11:01:16 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (03/28/2014 11:00:16 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (03/28/2014 10:59:46 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (03/28/2014 10:56:30 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/28/2014 07:08:52 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (03/28/2014 05:29:42 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office Sessions:
=========================
Error: (03/28/2014 10:56:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 03:56:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16483186401cf4a95826315e042

Error: (03/28/2014 03:53:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1648327e401cf4a953d96eef030

Error: (03/28/2014 03:51:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1648311a401cf4a92a7b6792046

Error: (03/28/2014 03:21:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 09:20:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 09:04:42 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{2CB75F0D-3619-49F7-806C-3A9E43F34428}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/28/2014 08:44:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 09:02:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/27/2014 08:11:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 14:25:44.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:43.664
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:42.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:42.220
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:34.002
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:33.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:32.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 14:25:31.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 12:22:45.265
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 12:22:44.148
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3061.69 MB
Available physical RAM: 1610.16 MB
Total Pagefile: 6327.77 MB
Available Pagefile: 4612.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.09 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:143.95 GB) (Free:59.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 55F61990)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=OF Extended)

==================== End Of Log ============================

mort · 29.03.2014, 10:26

Wir haben es geschafft.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {22C92C31-CF59-45DD-8BC7-8EDF4441BF54} - System32\Tasks\9317i31 => C:\Users\pr\AppData\Local\Temp\0.8598648385159425.exe <==== ATTENTION
Task: {689D1068-5E2F-4828-9896-C1C452F21BF2} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files\HomeTab\TBUpdater.dll",TBCheckForUpdate
Task: {EC2EBDA8-312C-4BB6-A585-55E185230165} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe <==== ATTENTION
C:\Users\pr\AppData\Roaming\HomeTab

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn du zufrieden bist, kannst du mir hier gerne danken.

Updates

Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunter

Klicke nun auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java- und Flash-Versionen.

Falls du Java brauchst kannst du es wieder herunter laden:

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 51) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.

Öffne bitte mit beiden Browsern Adobe - Adobe Flash Player installieren und lade dir die neueste Version herunter. Entferne beim installieren den Haken bei McAfee Security Plus.

Ich sehe in deinen Logs nichts gefährliches mehr.

Cleanup

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Tipps

Welches Antiviren-Programm soll ich nehmen?

Es gibt kein Antiviren-Programm, dass alle schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.

Klicke nicht auf alles blinkende oder das dich auffordert etwas herunterzuladen.
Lasse die finger weg von illegalen Programmen. Sie sind der Hauptgrund für infizierte Computer.
Öffne Email-Anhänge nur von bekannten Absendern.
Halte Java, Adobe Flash Player und andere Programme immer aktuell.

Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.

Als gutes und kostenloses Antivieren Programm empfehle ich dir avast! free antivirus.
Alternativ kannst du auch Microsoft Security Essentials nutzen.
Wenn es auch etwas kosten darf, empfehle ich dir Emsisoft Anti-Malware.

Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.

Malwarebytes Anti-Malware
ESET Online Scanner
Falls ESET bedrohungen findet, erstelle hier einen neuen Thread und Poste uns das Log von ESET.

Was sollte ich vor dem Runterladen beachten?

Lade dir Programme direkt vom Hersteller runter. Bei Programmen aus einer anderen Quelle wie Softonic und anderen Seiten die dir einen Downloader anbieten, werden unerwünschte Toolbars und anderer Müll mitinstalliert. Führe außerdem immer eine benutzerdefinierte Installation durch und entferne die Haken optionalen Programmen.
Lass die Finger von Registry-Cleanern. Sie versprechen dir eine große Beschleunigung deines Sytems obwohl das enfternen von verwaisten Registry-Schlüsseln nur wenig Perfomancegewinng bringt, wenn überhaupt etwas. Falls das Programm aber mal etwas wichtiges löscht, kannst du damit die Registry zerstören. Zerstörst du die Registry, zerstörst du Windows!

Sonstige Tipps

Halte dein System und die Programme darauf immer aktuell. Alte Software enthält Sicherheitslücken, die dein System angreifbar machen.
Nutze mehrere Passwörter. Falls jemand das Passwort eines Accounts von dir herausfindet hätte er Zugriff auf alle anderen Accounts.
Öffne keine Emails von dir unbekannten Absendern. Diese Emails sind meistens Spammails die dich unter anderem auch dazu bringen wollen bestimmt Seiten zu besuchen oder Dateien bzw. Anhänge herunterzuladen.
Achte auf die Dateiendung. In den Anhängen von Spammails wird gerne der Trick genutzt, ausfürbare Dateien als harmlose Datei darzustellen, in dem sie eine Datei z.B. Rechnung.pdf.exe nennen. (Dateiendungen anzeigen lassen)
Deaktivere die Autorun Funktion. Damit kann Malware sich automatisch von einem USB-Stick starten, wenn man einen infizierten USB-Stick einsteckt hat. (Autorun deaktivieren)

Wenn du das Trojaner-Board untersützten willst, kannst du gerne Spenden.
Ich wünsche dir noch eine schöne Zeit.

pauligauli · 29.03.2014, 12:19

Hi Mort, hier die Fixlist

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by pr at 2014-03-29 12:17:46 Run:2
Running from C:\Users\pr\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {22C92C31-CF59-45DD-8BC7-8EDF4441BF54} - System32\Tasks\9317i31 => C:\Users\pr\AppData\Local\Temp\0.8598648385159425.exe <==== ATTENTION
Task: {689D1068-5E2F-4828-9896-C1C452F21BF2} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files\HomeTab\TBUpdater.dll",TBCheckForUpdate
Task: {EC2EBDA8-312C-4BB6-A585-55E185230165} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe <==== ATTENTION
C:\Users\pr\AppData\Roaming\HomeTab

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22C92C31-CF59-45DD-8BC7-8EDF4441BF54} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C92C31-CF59-45DD-8BC7-8EDF4441BF54} => Key deleted successfully.
C:\Windows\System32\Tasks\9317i31 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9317i31 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{689D1068-5E2F-4828-9896-C1C452F21BF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{689D1068-5E2F-4828-9896-C1C452F21BF2} => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC2EBDA8-312C-4BB6-A585-55E185230165} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC2EBDA8-312C-4BB6-A585-55E185230165} => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => Key deleted successfully.
C:\Users\pr\AppData\Roaming\HomeTab => Moved successfully.

==== End of Fixlog ====

Tbupdater.dll konnte nicht gefunden werden.

Plagegeister aller Art und deren Bekämpfung: Tbupdater.dll konnte nicht gefunden werden.