GVU mal wieder, FRST log liegt vor

TimoB · 04.04.2014, 14:15

Hi Zusammen,

hab auch nen PC bekommen, der gesperrt ist.

Abgesicheter Modus geht nicht, FRST Log liegt bei.

Wäre super, wenn ihr mir weiterhelfen könntet :-)

Ist der PC vom Chef

Danke vorab

deeprybka · 04.04.2014, 14:28

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld!

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

TimoB · 04.04.2014, 14:32

Hi Jürgen,

anbei nochmal das Logfile :-)

Danke Dir vorab

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MININT-PARFAMR on 04-04-2014 14:42:35
Running from H:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\Program Files\Lenovo\Mouse Suite\ICO.EXE [65536 2009-01-04] (TPMX Electronics Ltd.)
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [622592 2009-08-11] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] - C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-08-12] ()
HKLM\...\Run: [Message Center Plus] - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM\...\Run: [LenovoFSC] - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FMStart] - C:\Program Files\GFI\FAXmaker Client\fmstart.exe [151633 2008-11-11] (GFi)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [IminentMessenger] - C:\Program Files\Iminent\Iminent.Messengers.exe
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Security\egui.exe [3158584 2013-02-14] (ESET)
HKLM\...\Run: [ECtiClient] - C:\Program Files\ESTOS\ProCall 4\eCtiClient.exe [22863648 2014-03-04] (ESTOS GmbH)
HKU\Default\...\RunOnce: [] - [X]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [X]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Heike\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Jürgen.TK\...\Run: [iLivid] - "C:\Users\Jürgen.TK\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\Timo\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\progra~1\movies~1\datamngr\mgrldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lclcz2h8z.lnk
ShortcutTarget: lclcz2h8z.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp (No File)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oo4lf3n.lnk
ShortcutTarget: oo4lf3n.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\n3fl4oo.cpp (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION

========================== Services (Whitelisted) =================

S2 EACUSrv; C:\Windows\system32\EACUSrv.exe [7080776 2013-11-01] (ESTOS GmbH)
S3 edsservice; C:\Program Files\ESTOS\ProCall 4\EDeskShareService.exe [702272 2014-03-04] (ESTOS GmbH)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [33136 2013-02-14] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe [1020304 2013-02-14] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [183944 2013-02-14] (ESET)
S2 MSSQL$KNXETS4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [43129288 2012-06-28] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-08-04] (Sonic Solutions)
S4 SQLAgent$KNXETS4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-28] (Microsoft Corporation)
S2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-08-13] (Lenovo Group Limited)
S2 Winmgmt; C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]

==================== Drivers (Whitelisted) ====================

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [175288 2013-02-04] (ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [171680 2013-04-09] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [155224 2013-02-04] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [34208 2013-02-04] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47056 2013-02-04] (ESET)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57536 2008-03-12] (FTDI Ltd.)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2013-06-24] (Aladdin Knowledge Systems)
S3 Pei10Wdm; C:\Windows\System32\Drivers\Pei10Wdm.sys [35547 2002-08-14] (EIBA s.c.)
S3 Pei16Wdm; C:\Windows\System32\Drivers\Pei16Wdm.sys [34683 2002-09-19] (EIBA s.c.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-28] (Microsoft Corporation)
S3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11720 2009-06-05] ()
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 14:42 - 2014-04-04 14:42 - 00000000 ____D () C:\FRST
2014-04-04 04:11 - 2014-04-04 04:13 - 103335704 _____ (Microsoft Corporation) C:\Users\Jürgen.TK\Downloads\msert.exe
2014-04-02 01:15 - 2014-04-02 01:15 - 00229769 _____ (Microsoft Corporation) C:\ProgramData\n3fl4oo.cpp
2014-03-30 23:38 - 2014-03-30 23:38 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Local\KNX
2014-03-30 23:35 - 2014-03-30 23:35 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\ProgramData\KNX
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\ETS4
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\Ets3PlugIn
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\Common Files\Elka Shared
2014-03-30 23:31 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\System32\js
2014-03-30 23:31 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\System32\html
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\prompting
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\images
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\css
2014-03-30 23:26 - 2012-06-28 15:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$KNXETS4-sqlctr10.52.4000.0.dll
2014-03-30 23:26 - 2012-06-28 15:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-03-30 23:25 - 2014-03-30 23:25 - 00000000 ____D () C:\Windows\System32\RsFx
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-30 23:21 - 2014-03-30 23:21 - 00000000 ____D () C:\Windows\System32\1033
2014-03-30 23:15 - 2014-03-30 23:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-25 21:55 - 2014-03-25 21:55 - 00009779 _____ () C:\Users\Jürgen.TK\Desktop\Alko Winterpflege.xlsx
2014-03-24 02:51 - 2014-03-02 05:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-23 22:59 - 2014-03-04 06:14 - 03902248 _____ (ESTOS GmbH) C:\Windows\System32\edial.tsp
2014-03-11 23:27 - 2013-07-23 06:29 - 54611968 ____N () C:\Users\Jürgen.TK\Documents\ees_nt32_deu.msi
2014-03-11 18:03 - 2014-02-24 07:35 - 02078208 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 01232896 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00981504 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00627712 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00176640 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00132096 ____N (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00067584 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-11 18:03 - 2014-02-24 07:35 - 00048640 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-11 18:03 - 2014-02-24 05:39 - 01638912 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-11 18:03 - 2014-02-03 18:04 - 00509440 ____N (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-11 18:02 - 2014-02-24 07:35 - 11020800 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-11 18:02 - 2014-02-24 07:35 - 06041088 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-11 18:02 - 2014-02-06 17:07 - 02349056 ____N (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-11 18:02 - 2014-02-03 18:04 - 01230336 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-11 18:02 - 2014-01-27 18:07 - 00185344 ____N (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-11 18:00 - 2014-01-28 18:06 - 00381440 ____N (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-09 23:03 - 2014-03-11 23:41 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-09 23:03 - 2014-03-11 23:14 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\systweak
2014-03-09 23:03 - 2014-03-09 23:04 - 00000000 ____D () C:\Program Files\video-high
2014-03-09 23:03 - 2014-03-09 23:03 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\IminentToolbar
2014-03-09 23:03 - 2014-03-09 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-09 23:03 - 2013-12-13 08:53 - 00017496 ____N (System Speedup) C:\Windows\System32\roboot.exe

==================== One Month Modified Files and Folders =======

2014-04-04 14:42 - 2014-04-04 14:42 - 00000000 ____D () C:\FRST
2014-04-04 04:38 - 2009-10-15 10:10 - 01623702 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 04:38 - 2009-07-13 20:34 - 00016768 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 04:38 - 2009-07-13 20:34 - 00016768 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 04:37 - 2009-10-15 10:14 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-04 04:32 - 2009-07-13 20:39 - 00127471 _____ () C:\Windows\setupact.log
2014-04-04 04:23 - 2011-12-05 03:07 - 00000000 ___RD () C:\Users\Jürgen.TK\Dropbox
2014-04-04 04:23 - 2011-12-05 03:06 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\Dropbox
2014-04-04 04:21 - 2009-12-11 00:44 - 00000104 _____ () C:\Windows\System32\config\netlogon.ftl
2014-04-04 04:13 - 2014-04-04 04:11 - 103335704 _____ (Microsoft Corporation) C:\Users\Jürgen.TK\Downloads\msert.exe
2014-04-04 04:01 - 2009-12-11 02:18 - 00000109 _____ () C:\Windows\cdlli40.INI
2014-04-02 01:15 - 2014-04-02 01:15 - 00229769 _____ (Microsoft Corporation) C:\ProgramData\n3fl4oo.cpp
2014-03-31 21:03 - 2009-12-11 02:24 - 00000432 _____ () C:\Windows\MSTCTI.INI
2014-03-31 00:10 - 2009-07-20 21:30 - 01815446 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-31 00:04 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-30 23:38 - 2014-03-30 23:38 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Local\KNX
2014-03-30 23:35 - 2014-03-30 23:35 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\ProgramData\KNX
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\ETS4
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\Ets3PlugIn
2014-03-30 23:35 - 2014-03-30 23:35 - 00000000 ____D () C:\Program Files\Common Files\Elka Shared
2014-03-30 23:34 - 2013-06-24 03:56 - 00000000 ____D () C:\Program Files\Common Files\EIBA sc
2014-03-30 23:32 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\js
2014-03-30 23:32 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\html
2014-03-30 23:32 - 2009-07-13 18:04 - 00017486 _____ () C:\Windows\System32\Drivers\etc\services
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\prompting
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\images
2014-03-30 23:31 - 2014-03-30 23:31 - 00000000 ____D () C:\Windows\System32\css
2014-03-30 23:25 - 2014-03-30 23:25 - 00000000 ____D () C:\Windows\System32\RsFx
2014-03-30 23:25 - 2009-10-15 10:26 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-30 23:21 - 2014-03-30 23:21 - 00000000 ____D () C:\Windows\System32\1033
2014-03-30 23:16 - 2014-03-30 23:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-30 22:59 - 2013-06-24 04:00 - 00000696 _____ () C:\Windows\ODBC.INI
2014-03-25 21:55 - 2014-03-25 21:55 - 00009779 _____ () C:\Users\Jürgen.TK\Desktop\Alko Winterpflege.xlsx
2014-03-15 08:38 - 2013-06-07 06:16 - 00002138 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 03:02 - 2009-10-15 10:06 - 00000000 ____D () C:\swshare
2014-03-12 01:15 - 2009-12-11 01:04 - 00002280 ____H () C:\Users\Jürgen.TK\Documents\Default.rdp
2014-03-11 23:41 - 2014-03-09 23:03 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-11 23:41 - 2009-12-11 06:20 - 00109482 ____N () C:\Windows\PFRO.log
2014-03-11 23:35 - 2009-12-11 01:01 - 00000000 ____D () C:\ProgramData\ESET
2014-03-11 23:35 - 2009-12-11 01:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-11 23:31 - 2012-04-10 21:07 - 00692616 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-11 23:31 - 2011-11-21 19:13 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-11 23:21 - 2010-08-26 05:14 - 00000000 ____D () C:\Program Files\Opera
2014-03-11 23:14 - 2014-03-09 23:03 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\systweak
2014-03-11 18:13 - 2009-07-13 20:33 - 00452624 ____N () C:\Windows\System32\FNTCACHE.DAT
2014-03-11 18:02 - 2009-10-15 10:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-09 23:04 - 2014-03-09 23:03 - 00000000 ____D () C:\Program Files\video-high
2014-03-09 23:03 - 2014-03-09 23:03 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\IminentToolbar
2014-03-09 23:03 - 2014-03-09 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-09 22:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Jürgen.TK\AppData\Local\Temp\5F7DC16A363925F1B7EE63E346EA30DE.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\APNStub.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\datcmp.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\Delta.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\DeltaTB.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\eclnrest.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\hdinst_x64.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\promptafx.dll
C:\Users\Jürgen.TK\AppData\Local\Temp\setup.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\ShFolder.Exe
C:\Users\Jürgen.TK\AppData\Local\Temp\WSSetup.exe
C:\Users\Jürgen.TK\AppData\Local\Temp\~+JF1542151362969521577.dll
C:\Users\Jürgen.TK\AppData\Local\Temp\~+JF1644866241868668245.dll
C:\Users\Timo\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-28 10:00:49
Restore point made on: 2014-03-28 13:01:35
Restore point made on: 2014-03-30 23:15:31
Restore point made on: 2014-03-30 23:29:07
Restore point made on: 2014-03-30 23:33:44
Restore point made on: 2014-04-01 12:29:40

==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 2047.24 MB
Available physical RAM: 1504.03 MB
Total Pagefile: 2047.24 MB
Available Pagefile: 1505.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.47 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:120.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:4.25 GB) NTFS
Drive g: (INTENSO) (Fixed) (Total:931.28 GB) (Free:316.82 GB) FAT32
Drive h: (TIMO USB) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E860FBE7)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 07A64394)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.


LastRegBack: 2014-03-29 15:01

==================== End Of Log ============================

--- --- ---

deeprybka · 05.04.2014, 10:35

Ok, wir machen so weiter:

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 Winmgmt; C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]
2014-04-02 01:15 - 2014-04-02 01:15 - 00229769 _____ (Microsoft Corporation) C:\ProgramData\n3fl4oo.cpp
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lclcz2h8z.lnk
ShortcutTarget: lclcz2h8z.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp (No File)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oo4lf3n.lnk
ShortcutTarget: oo4lf3n.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\n3fl4oo.cpp (No File)
C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Versuch jetzt bitte mal im Normalmodus zu booten und mach neue FRST-Logs.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

deeprybka · 07.04.2014, 12:40

Hi,

ich hab schon länger keine Antwort mehr von Dir erhalten. Brauchst Du noch Hilfe?

Hinweis: Sollte ich die nächsten 24h keine Nachricht von Dir bekommen, lösche ich das Thema aus meinen Abos und werde daher über Änderungen oder Beiträge nicht weiter informiert. Wenn Du weitermachen möchtest, schreib mir dann einfach eine PM.

TimoB · 14.04.2014, 09:46

Hi deeprybka,

sorry für meine späte Rückmeldung, die Grippe legte mich lang.

Hatte das GVU Fenster bereits durch einen ESET-Intensivsuchlauf knacken können.

Als erstes mal das Log direkt nach dem Fix, vor dem reboot

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2014 01
Ran by Jürgen at 2014-04-14 10:33:35 Run:1
Running from D:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 Winmgmt; C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]
2014-04-02 01:15 - 2014-04-02 01:15 - 00229769 _____ (Microsoft Corporation) C:\ProgramData\n3fl4oo.cpp
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lclcz2h8z.lnk
ShortcutTarget: lclcz2h8z.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp (No File)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oo4lf3n.lnk
ShortcutTarget: oo4lf3n.lnk -> C:\Users\JRGEN~1.TK\AppData\Local\Temp\n3fl4oo.cpp (No File)
C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]
*****************

Winmgmt => Service restored successfully.
C:\ProgramData\n3fl4oo.cpp => Moved successfully.
C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lclcz2h8z.lnk => Moved successfully.
C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp not found.
C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oo4lf3n.lnk => Moved successfully.
C:\Users\JRGEN~1.TK\AppData\Local\Temp\n3fl4oo.cpp not found.
"C:\Users\JRGEN~1.TK\AppData\Local\Temp\z8h2zclcl.cpp [X]" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====

Hier das FRST.log direkt nach dem reboot

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014 01
Ran by Jürgen (administrator) on JT on 14-04-2014 10:38:02
Running from D:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESTOS GmbH) C:\Windows\system32\EACUSrv.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TPMX Electronics Ltd.) C:\Program Files\Lenovo\Mouse Suite\ico.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(GFi) C:\Program Files\GFI\FAXmaker Client\fmstart.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe
(ESTOS GmbH) C:\Program Files\ESTOS\ProCall 4\ECtiClient.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Dropbox, Inc.) C:\Users\Jürgen.TK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESTOS GmbH) C:\Program Files\ESTOS\ProCall 4\Communicator.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Program Files\Lenovo\Mouse Suite\ICO.EXE [65536 2009-01-04] (TPMX Electronics Ltd.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2009-08-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [174104 2009-08-02] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [151064 2009-08-02] (Intel Corporation)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [622592 2009-08-11] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-08-13] ()
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FMStart] => C:\Program Files\GFI\FAXmaker Client\fmstart.exe [151633 2008-11-11] (GFi)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [IminentMessenger] => C:\Program Files\Iminent\Iminent.Messengers.exe
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [3158584 2013-02-14] (ESET)
HKLM\...\Run: [ECtiClient] => C:\Program Files\ESTOS\ProCall 4\eCtiClient.exe [22863648 2014-03-04] (ESTOS GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1485710523-4015343456-4157109710-1144\...\Run: [iLivid] => "C:\Users\Jürgen.TK\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\progra~1\movies~1\datamngr\mgrldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen.TK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jürgen.TK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=695&systemid=406&v=a11465-226&apn_uid=4978090350894071&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {EE79FE94-1671-4F12-9C25-5EC0C2232EA0} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - Software URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - {C43BB2B0-6194-4DA1-B962-949E6A34DD4E} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {D02C66A7-5B04-4CEB-A89C-F9E1706CA650} URL = 
SearchScopes: HKCU - {EE79FE94-1671-4F12-9C25-5EC0C2232EA0} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
Toolbar: HKLM - No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {03056933-A3B0-493C-B67E-4FF483BFBF49} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Gantt_Chart.cab
DPF: {06314967-EECF-11D2-9D64-0000949887BE} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_ERM_ContentSync.cab
DPF: {0818A591-5276-4930-BC76-0D42F6EA1450} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Marketing_Allocation.cab
DPF: {1D73E847-908C-4468-89D5-112DABB9A61E} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_UInbox.cab
DPF: {1E4FF862-57ED-4E5C-9C57-3ECB8DC17827} hxxp://172.25.47.250/ePlusDVR.cab
DPF: {3BEB9B4B-227D-48F8-A8E6-562907748DAD} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Marketing_HTML_Editor.cab
DPF: {43083A36-3B86-466A-92CA-71503BB8BF15} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Test_Automation.cab
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://radax.dyndns.info:84/RtspVaPgDec.cab
DPF: {5FB18797-0E68-435E-A01F-C4E5754A4CB0} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_HI_Client.cab
DPF: {6A93528B-8657-4CC2-8BCA-9A6A72D09623} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Hospitality_Gantt.cab
DPF: {71B83EEB-817D-432D-87D5-76108AFC3DD5} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Calendar.cab
DPF: {80D54C86-1F4B-459D-9187-C7852DEC1037} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_CTI_Toolbar.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Desktop_Integration.cab
DPF: {8EC26986-77B5-4CC5-8BF0-A12473D41334} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Prodselection.cab
DPF: {9E16250E-8777-4D9D-B178-BA9BF728DC05} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Marketing_Calendar.cab
DPF: {B0EA311D-EC36-40FB-BCEC-70FEB1CC83F0} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Smartscript.cab
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://radax.dyndns.info:86/AxViewer/AxMediaControl.cab
DPF: {B624466D-8B11-4569-886C-E39739941D84} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_OutBound_mail.cab
DPF: {B6F5DEC1-EAD6-4F8C-9998-C903E05FCDFD} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_Microsite_Layout.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F86BCFF3-743B-4F11-92AB-D8538FF4BA53} https://siebelsales.sky.de/ecommunications_deu/20423/applets/SiebelAx_iHelp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.25.47.10

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2014-03-12]

Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-695&v=a11465-226&t=4
CHR RestoreOnStartup: "sync_promo" : {
      "startup_count" : 4,
      "user_skipped"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=695&systemid=406&v=a11465-226&apn_uid=4978090350894071&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-07]
CHR Extension: (Google Drive) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-07]
CHR Extension: (YouTube) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-07]
CHR Extension: (Google Search) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-07]
CHR Extension: (Google Wallet) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Jürgen.TK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-07]

========================== Services (Whitelisted) =================

R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [7080776 2013-11-01] (ESTOS GmbH)
S3 edsservice; C:\Program Files\ESTOS\ProCall 4\EDeskShareService.exe [702272 2014-03-04] (ESTOS GmbH)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [33136 2013-02-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe [1020304 2013-02-14] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [183944 2013-02-14] (ESET)
R2 MSSQL$KNXETS4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-08-04] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$KNXETS4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
U2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-08-13] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [175288 2013-02-04] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [171680 2013-04-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [155224 2013-02-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [34208 2013-02-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47056 2013-02-04] (ESET)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2013-06-24] (Aladdin Knowledge Systems)
R3 Pei10Wdm; C:\Windows\System32\Drivers\Pei10Wdm.sys [35547 2002-08-15] (EIBA s.c.)
R3 Pei16Wdm; C:\Windows\System32\Drivers\Pei16Wdm.sys [34683 2002-09-19] (EIBA s.c.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11720 2009-06-05] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 09:56 - 2014-04-14 09:56 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\QuickScan
2014-04-14 09:50 - 2009-06-10 23:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140414-095043.backup
2014-04-14 09:42 - 2014-04-14 09:42 - 00002134 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-14 09:41 - 2014-04-14 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-14 09:41 - 2014-04-14 09:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-14 09:41 - 2014-04-14 09:41 - 00000000 ____D () C:\Users\Jürgen.TK\Desktop\Spybot
2014-04-14 09:41 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-04-14 08:23 - 2014-04-14 08:23 - 00034443 _____ () C:\Users\Jürgen.TK\Desktop\gemsmantel_Reportformular SysStabV1.xlsx
2014-04-09 03:07 - 2014-02-24 04:05 - 11020800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 03:07 - 2014-02-24 04:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 03:07 - 2014-02-24 03:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 03:07 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 03:07 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 03:07 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 03:07 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 03:07 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 03:04 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-05 00:42 - 2014-04-14 10:38 - 00000000 ____D () C:\FRST
2014-04-04 16:05 - 2014-04-04 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-04 16:05 - 2014-04-04 16:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-04 16:05 - 2014-04-04 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 16:05 - 2014-04-04 16:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\ESTOS
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\ESET
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Apple Computer
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\Google
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\ESTOS
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\ESET
2014-04-04 14:11 - 2014-04-04 14:13 - 103335704 _____ (Microsoft Corporation) C:\Users\Jürgen.TK\Downloads\msert.exe
2014-03-31 09:38 - 2014-03-31 09:38 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Local\KNX
2014-03-31 09:35 - 2014-03-31 09:35 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\ProgramData\KNX
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\ETS4
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\Ets3PlugIn
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\Common Files\Elka Shared
2014-03-31 09:31 - 2014-03-31 09:32 - 00000000 ____D () C:\Windows\system32\js
2014-03-31 09:31 - 2014-03-31 09:32 - 00000000 ____D () C:\Windows\system32\html
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\prompting
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\images
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\css
2014-03-31 09:26 - 2012-06-29 01:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$KNXETS4-sqlctr10.52.4000.0.dll
2014-03-31 09:26 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-03-31 09:25 - 2014-03-31 09:25 - 00000000 ____D () C:\Windows\system32\RsFx
2014-03-31 09:23 - 2014-03-31 09:23 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-31 09:21 - 2014-03-31 09:21 - 00000000 ____D () C:\Windows\system32\1033
2014-03-31 09:15 - 2014-03-31 09:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-30 14:34 - 2014-04-14 10:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c1465c89dab.job
2014-03-26 07:55 - 2014-03-26 07:55 - 00009779 _____ () C:\Users\Jürgen.TK\Desktop\Alko Winterpflege.xlsx
2014-03-24 12:51 - 2014-03-02 15:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-24 08:59 - 2014-03-04 16:14 - 03902248 _____ (ESTOS GmbH) C:\Windows\system32\edial.tsp

==================== One Month Modified Files and Folders =======

2014-04-14 10:39 - 2014-03-30 14:34 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c1465c89dab.job
2014-04-14 10:38 - 2014-04-05 00:42 - 00000000 ____D () C:\FRST
2014-04-14 10:37 - 2011-12-05 13:07 - 00000000 ___RD () C:\Users\Jürgen.TK\Dropbox
2014-04-14 10:37 - 2011-12-05 13:06 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\Dropbox
2014-04-14 10:36 - 2013-04-25 13:58 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 10:35 - 2009-12-11 16:20 - 00111112 _____ () C:\Windows\PFRO.log
2014-04-14 10:35 - 2009-12-11 10:44 - 00000104 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-14 10:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 10:35 - 2009-07-14 06:39 - 00127975 _____ () C:\Windows\setupact.log
2014-04-14 10:34 - 2009-10-15 20:10 - 01479264 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 10:31 - 2014-04-14 09:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-14 10:31 - 2012-04-11 07:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 09:56 - 2014-04-14 09:56 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Roaming\QuickScan
2014-04-14 09:46 - 2009-07-14 06:34 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 09:46 - 2009-07-14 06:34 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 09:44 - 2014-04-14 09:41 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-14 09:42 - 2014-04-14 09:42 - 00002134 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-14 09:41 - 2014-04-14 09:41 - 00000000 ____D () C:\Users\Jürgen.TK\Desktop\Spybot
2014-04-14 08:23 - 2014-04-14 08:23 - 00034443 _____ () C:\Users\Jürgen.TK\Desktop\gemsmantel_Reportformular SysStabV1.xlsx
2014-04-14 08:22 - 2009-12-11 12:18 - 00000109 _____ () C:\Windows\cdlli40.INI
2014-04-13 15:00 - 2009-12-11 10:46 - 00000340 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-04-12 21:00 - 2009-12-11 10:46 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-04-09 20:44 - 2013-06-07 16:16 - 00002138 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-09 06:52 - 2009-12-11 12:24 - 00000432 _____ () C:\Windows\MSTCTI.INI
2014-04-09 03:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-09 03:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 03:09 - 2009-10-15 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-07 19:46 - 2013-10-29 13:29 - 00000000 ____D () C:\Users\Jürgen.TK\Documents\Robin
2014-04-04 16:05 - 2014-04-04 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-04 16:05 - 2014-04-04 16:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-04 16:05 - 2014-04-04 16:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 16:05 - 2014-04-04 16:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-04 16:05 - 2012-11-18 14:24 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-04 16:05 - 2012-11-18 14:24 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-04 16:05 - 2009-10-15 20:11 - 00000000 ____D () C:\Program Files\Java
2014-04-04 15:58 - 2009-12-11 11:04 - 00002274 ____H () C:\Users\Jürgen.TK\Documents\Default.rdp
2014-04-04 14:55 - 2009-10-15 20:14 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\ESTOS
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\ESET
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Apple Computer
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\Google
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\ESTOS
2014-04-04 14:52 - 2014-04-04 14:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\ESET
2014-04-04 14:13 - 2014-04-04 14:11 - 103335704 _____ (Microsoft Corporation) C:\Users\Jürgen.TK\Downloads\msert.exe
2014-03-31 10:10 - 2009-07-21 07:30 - 01815446 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 10:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-31 09:38 - 2014-03-31 09:38 - 00000000 ____D () C:\Users\Jürgen.TK\AppData\Local\KNX
2014-03-31 09:35 - 2014-03-31 09:35 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\ProgramData\KNX
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\ETS4
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\Ets3PlugIn
2014-03-31 09:35 - 2014-03-31 09:35 - 00000000 ____D () C:\Program Files\Common Files\Elka Shared
2014-03-31 09:34 - 2013-06-24 13:56 - 00000000 ____D () C:\Program Files\Common Files\EIBA sc
2014-03-31 09:32 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\js
2014-03-31 09:32 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\html
2014-03-31 09:32 - 2009-07-14 04:04 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\prompting
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\images
2014-03-31 09:31 - 2014-03-31 09:31 - 00000000 ____D () C:\Windows\system32\css
2014-03-31 09:25 - 2014-03-31 09:25 - 00000000 ____D () C:\Windows\system32\RsFx
2014-03-31 09:25 - 2009-10-15 20:26 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-03-31 09:23 - 2014-03-31 09:23 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-31 09:21 - 2014-03-31 09:21 - 00000000 ____D () C:\Windows\system32\1033
2014-03-31 09:16 - 2014-03-31 09:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-31 08:59 - 2013-06-24 14:00 - 00000696 _____ () C:\Windows\ODBC.INI
2014-03-26 07:55 - 2014-03-26 07:55 - 00009779 _____ () C:\Users\Jürgen.TK\Desktop\Alko Winterpflege.xlsx
2014-03-15 13:02 - 2009-10-15 20:06 - 00000000 ____D () C:\swshare

Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:35

==================== End Of Log ============================

--- --- ---

--- --- ---

Und noch die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014 01
Ran by Jürgen at 2014-04-14 10:40:25
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Endpoint Security 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Endpoint Security 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Anmeldevordruck 4.0 (HKLM\...\{3DE689FE-0A69-40AF-8B0A-2930AD7FAD36}) (Version: 4.00.0000 - PDG Softwaredesign)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESET Endpoint Security (HKLM\...\{323DDD5B-3BE3-45FA-931D-D4AE04F63EF3}) (Version: 5.0.2214.5 - ESET, spol. s r.o.)
ESTOS ProCall (HKLM\...\{4D690C48-F3B5-4890-8535-8B5B16612CA8}) (Version: 4.1.16.26842 - ESTOS)
ETS3 Professional (HKLM\...\ETS3 Professional) (Version: 3.0.00990.0 - KNX Association)
ETS3 Professional (Version: 3.0.00990.0 - KNX Association cvba) Hidden
FanSpeedControl (HKLM\...\InstallShield_{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (Version: 1.00.00.13 - Lenovo) Hidden
FileZilla Client 3.3.0.1 (HKLM\...\FileZilla Client) (Version: 3.3.0.1 - )
GFI FAXmaker Client (HKLM\...\{83B346F1-E4B1-4863-8759-5E09C35FE080}) (Version: 14.3.511 - GFI Software Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GutachtenManager (HKLM\...\{33AFEE13-4459-4F0E-A763-22EA2842701D}) (Version: 6.0.0 - WaningV60)
Hardcopy (C:\Program Files\Hardcopy) (HKLM\...\Hardcopy(C__Program Files_Hardcopy)) (Version: 17.0.07 - )
HS/FS Experte 2.5  (HKLM\...\HS_FS Experte 2.5.100908_DE) (Version: 2.5  - )
HS/FS Experte 2.60 (HKLM\...\HS_FS Experte 2.6.110331_DE) (Version: 2.60 - )
iCloud (HKLM\...\{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}) (Version: 1.0.1.29 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
KNX eteC Falcon Runtime v2.1 (Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM\...\KNX ETS4) (Version: 4.1.3246.36180 - KNX Association cvba)
KNX ETS4 (Version: 4.1.3246.36180 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (Version: 4.0.0.0 - KNX Association cvba) Hidden
Korean Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5449.31 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.016.0 - Lenovo)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.121.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7FB12670-0F93-4E1E-B2F5-4F339199A03A}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Minianwendung "Desktoplinks" für Windows Small Business Server 2008 (HKLM\...\{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}) (Version: 6.0.5601.6 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version: 2.0.5.23 - Lenovo)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
PACdimension 1.3 (HKLM\...\PACdimension_is1) (Version: 1.3 - doppelintegral GmbH)
PASST pro (HKLM\...\PASST pro) (Version:  - )
PASSTProPCDeploy (HKLM\...\{2DF38AC0-3BF7-4E06-861C-84341AD2ECD2}) (Version: 1.0.2 - Standardfirmenname)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Small Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Safari (HKLM\...\{5E453519-60F6-4A4D-A0BF-16663F9B3536}) (Version: 5.34.51.22 - Apple Inc.)
Schüco Solar Calculator (HKLM\...\SolarCalculator) (Version: v2.02 - Resolto Informatik GmbH)
Schüco Solar Calculator (Version: 2.02 - Resolto Informatik GmbH) Hidden
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SimonsVoss Driver (HKLM\...\{677EE074-2863-41FF-854B-0F6D45293EC5}) (Version: 4.10.0700 - SimonsVoss Technologies AG)
SimonsVoss Locking System Management Starter 3.2 (HKLM\...\{B8FBA436-568C-4519-B66A-7A5A17C2E683}) (Version: 3.2.10316 - SimonsVoss Technologies AG)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sunny Design 2.20 (HKLM\...\{374262DA-B644-4CCA-8A37-DF57AD806408}) (Version: 2.20.1.4 - SMA Solar Technology AG)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0005 - Lenovo)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8703  - TeamViewer GmbH)
ThinkVantage Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.01.0064 - Lenovo Group Limited)
TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VDE-Anwendungsprogramm 8.1.1.38 (HKLM\...\VDE-Anwendungsprogramm) (Version: 8.1.1.38 - VDE Verlag GmbH)
Voltwerk Sizer 2.0.0 (HKCU\...\Voltwerk Sizer_is1) (Version:  - )
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{492F8345-095D-467F-926C-278870D93ECF}) (Version: 6.0.5601.6 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.6 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel Corporation (igfx) Display  (07/28/2009 8.15.10.1855) (HKLM\...\F72C19F49669B7F5F229BB51895CB31FB56993F7) (Version: 07/28/2009 8.15.10.1855 - Intel Corporation)
Windows-Treiberpaket - Marvell (yukonw7) Net  (05/20/2009 11.10.5.3) (HKLM\...\43AB67B7FFAA910B27AD8EEDCD3F35D302404D75) (Version: 05/20/2009 11.10.5.3 - Marvell)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (08/05/2009 6.0.1.5911) (HKLM\...\3D521A9B0C0925C77D4D5276998FFF6DF66CBA2F) (Version: 08/05/2009 6.0.1.5911 - Realtek Semiconductor Corp.)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (08/05/2009 6.0.1.5911) (HKLM\...\EDB0CD5E842AE668D9A01C6275DA2CD736D3DD06) (Version: 08/05/2009 6.0.1.5911 - Realtek Semiconductor Corp.)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

28-03-2014 18:00:21 Windows-Sicherung
28-03-2014 21:00:08 Windows Update
31-03-2014 07:15:14 
31-03-2014 07:28:28 
31-03-2014 07:33:38 Installed Microsoft Primary Interoperability Assemblies 2005
01-04-2014 20:29:09 Windows Update
04-04-2014 14:03:24 Installed Java 7 Update 51
04-04-2014 17:00:12 Windows-Sicherung
04-04-2014 20:44:46 Windows Update
08-04-2014 21:14:30 Windows Update
09-04-2014 01:00:22 Windows Update
11-04-2014 17:00:27 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-04-14 09:50 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {006966B7-049E-4D4B-BFED-0CE46B3CF4A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {0B74066C-1B08-487A-8F20-A690970E41A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {13CE9890-04EF-4EB9-BBBC-ED65E7B7B920} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {1DE11527-8070-4EA0-A6B8-C076C90C05FC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4c1465c89dab => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {231B8CCF-CF2C-4FEC-876A-A51D714D8893} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-20] (PC-Doctor, Inc.)
Task: {43C32486-1873-4A7D-AAA8-1A183DF74816} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B4D4D8C-6893-4657-B4DC-0A4D79980D90} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {68642FD5-6BD7-49AB-92E0-7385D3A876B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6C28F889-037A-4AA5-ABE9-274077B84C80} - System32\Tasks\Shutdown => C:\_scripts\shutdown.bat [2010-03-31] ()
Task: {77736073-2432-419C-97BF-22FBD19C4D84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {A1D172A0-054E-4E98-B71A-F61D359AE9B5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2636297-19DC-4567-BE8E-2013F96A2A10} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-13] (Lenovo Group Limited)
Task: {A27A0B07-9943-4E49-B647-308BBE3813CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {AD00DC7A-6D7E-44F9-BEB1-4E31AA518352} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {C1D4C0F7-8BF4-47B5-89FF-0A01F9EC2D5B} - System32\Tasks\realtekHDAudio => c:\program files\realtek\audio\hda\rthdvcpl.exe [2009-08-05] (Realtek Semiconductor)
Task: {D26B77CD-29E2-460B-80A2-553F44786139} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22] (PC-Doctor, Inc.)
Task: {D8EB3E54-9200-422B-ABEB-A5A1070DF50D} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c1465c89dab.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-14 09:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-14 09:41 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-14 09:41 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-14 09:41 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-14 09:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-04 09:13 - 2008-08-02 12:02 - 00057344 ____N () C:\Program Files\Hardcopy\HcDLL2_23_Win32.dll
2009-11-15 17:29 - 2009-11-15 17:29 - 00094208 ____N () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-12-11 13:47 - 2009-08-16 18:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2009-10-15 20:02 - 2009-08-11 19:00 - 00035328 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2009-10-15 20:00 - 2008-12-16 13:47 - 00020480 ____N () C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE
2010-01-04 09:13 - 2008-08-03 09:32 - 00441344 ____N () C:\Program Files\Hardcopy\HcDllS.dll
2010-01-04 09:13 - 2003-11-20 13:18 - 00045056 ____N () C:\Program Files\Hardcopy\hardcopy.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Jürgen.TK\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2014 09:53:10 AM) (Source: Application Hang) (User: )
Description: Programm SDScan.exe, Version 2.2.18.177 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 954

Startzeit: 01cf57b659a3daac

Endzeit: 0

Anwendungspfad: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Berichts-ID: ce22684c-c3a9-11e3-a765-0025114b152d

Error: (04/12/2014 10:54:44 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.18334, Zeitstempel: 0x52a13053
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e64f
ID des fehlerhaften Prozesses: 0xde8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/12/2014 10:24:18 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2ac

Startzeit: 01cf562781971d23

Endzeit: 10

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: d550c942-c21b-11e3-aac3-0025114b152d

Error: (04/12/2014 10:16:27 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a10

Startzeit: 01cf5625a4d027a0

Endzeit: 16

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: bc7728f8-c21a-11e3-aac3-0025114b152d

Error: (04/12/2014 10:14:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.18334, Zeitstempel: 0x52a13053
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e64f
ID des fehlerhaften Prozesses: 0x458
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/12/2014 10:14:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.18334, Zeitstempel: 0x52a13053
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e64f
ID des fehlerhaften Prozesses: 0x12d8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/12/2014 08:49:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7601.18404, Zeitstempel: 0x530aa86e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d9b6c
ID des fehlerhaften Prozesses: 0x121c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/12/2014 00:36:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2014 00:34:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "EtecFwk,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "EtecFwk,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 00:34:53 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "EtecFwk,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "EtecFwk,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/14/2014 10:35:24 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (04/14/2014 10:35:20 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne TK aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (04/14/2014 10:32:50 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/14/2014 10:32:49 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/14/2014 10:32:49 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/14/2014 10:32:48 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/14/2014 10:27:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/14/2014 10:27:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/14/2014 10:26:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/14/2014 10:26:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (11/14/2013 01:13:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 16607 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/29/2013 07:10:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25252 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/29/2013 06:08:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 31112 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (02/06/2012 10:00:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28305 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (12/23/2011 10:00:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 51498 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (12/13/2011 10:00:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46312 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (10/26/2011 03:09:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 21971 seconds with 2700 seconds of active time.  This session ended with a crash.

Error: (12/28/2010 10:00:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41935 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (11/11/2010 01:24:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7525 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 03:53:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21513 seconds with 1020 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 2047.24 MB
Available physical RAM: 658.08 MB
Total Pagefile: 4094.48 MB
Available Pagefile: 2427.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:114.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (TIMO USB) (Removable) (Total:1.86 GB) (Free:1.16 GB) FAT32
Drive m: (Volume) (Network) (Total:571.15 GB) (Free:122.15 GB) NTFS
Drive n: (Volume) (Network) (Total:571.15 GB) (Free:122.15 GB) NTFS
Drive o: (Volume) (Network) (Total:571.15 GB) (Free:122.15 GB) NTFS
Drive q: (Volume) (Network) (Total:571.15 GB) (Free:122.15 GB) NTFS
Drive s: (David) (Network) (Total:15.35 GB) (Free:12.32 GB) NTFS
Drive z: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:4.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E860FBE7)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 14.04.2014, 19:56

Hi,
so gehts weiter:

Schritt 1

Bitte deinstalliere folgende Programme:

Java(TM) 6 Update 29

Versuche es über die Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen,
machen wir es mit Revo.

Lade Dir dazu bitte Revo hier herunter.
Entpacke die zip-Datei auf den Desktop und starte die Revouninstaller.exe. Klicke auf Optionen und wähle als Sprache deutsch. Suche dann im Uninstallerfeld nach den oben angegebenen Programmen.

Klicke dann auf Uninstall.

Wähle dann den Modus wie auf dem Bild gezeigt. (Bild durch Anklicken vergrößerbar)

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit

Starte die HitmanPro.exe
Klicke unten auf der Button-Leiste auf Einstellungen
Belasse die Standardeinstellungen und wähle nur bei "Nach potentiell unerwünschten Programmen suchen" als "Standardaktion" Löschen aus und bestätige mit Ok.
Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
Lass am Ende des Suchlaufs alle auftretende Funde löschen und klicke auf Weiter.
Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro.

Schritt 5

Bitte starte FRST erneut und drücke auf Scan.

Bitte poste mir die Inhalte der Logs von MBAM, Adwarecleaner, Hitmanpro und FRST hier in den Thread.

deeprybka · 19.04.2014, 14:04

Hi,

ich hab schon länger keine Antwort mehr von Dir erhalten. Brauchst Du noch Hilfe?

Hinweis: Sollte ich die nächsten 24h keine Nachricht von Dir bekommen, lösche ich das Thema aus meinen Abos und werde daher über Änderungen oder Beiträge nicht weiter informiert. Wenn Du weitermachen möchtest, schreib mir dann einfach eine PM.

GVU mal wieder, FRST log liegt vor

Plagegeister aller Art und deren Bekämpfung: GVU mal wieder, FRST log liegt vor