Trojaner-Board - Windows 7 64Bit Sperrbildschirm / FRST txt anbei

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7 64Bit Sperrbildschirm / FRST txt anbei (https://www.trojaner-board.de/151801-windows-7-64bit-sperrbildschirm-frst-txt-anbei.html)

Windows 7 64Bit Sperrbildschirm / FRST txt anbei

Hallo,
meine "Hochschwangere" Schwester hat mir ziemlich verzweifelt Ihr "altes" Notebook gebracht, weil dort die einzige Lagerstätte von Bilder Ihres Erstgeborenen sind. Die Maschine ist immer in einem ziemliche chaotischen Zustand. Jetzt hat Sie sich aber einen Sperrbildschirm eingefangen, mit dem ich so einfach nicht fertig werde. Wenn mit jemand helfen könnte, wäre ich sehr dankbar, da meine Schwester zur Zeit eher...Hormonell gesteuert ist, und mein Schwager der Situation äusserst hilflos ausgeliefert ist.
Danke für Eure/Deine Hilfe!

Gruss

P.S. leider habe ich ausser FRST nix mehr aus dem System rausbekommen:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Bekki (administrator) on PC-K on 31-03-2014 19:42:37
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72BDB9C8EFCACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {D6025D83-5701-4B05-BF7D-408943F40585} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B29F9ABE-C3FC-457A-9E61-BECCC20AD501&apn_sauid=3A84F2E8-FDB2-4C12-87BA-07E0F51C7F58
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (VLC Web Plugin) - C:\Users\Bekki\Desktop\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-08]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\urladvisor.crx [2012-04-10]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\virtkbd.crx [2012-04-10]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\ab.crx [2012-04-10]

==================== Services (Whitelisted) =================

S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
S2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
S2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-11-23] ()
S2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-05-23] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-31 19:41 - 2014-03-31 19:42 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-03-31 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-03-31 19:42 - 2014-03-31 19:41 - 00000000 ____D () C:\FRST
2014-03-31 19:38 - 2013-05-16 09:09 - 00000004 _____ () C:\Users\Bekki\AppData\Roaming\skype.ini
2014-03-31 19:38 - 2012-11-30 19:58 - 00000336 _____ () C:\Windows\Tasks\spmonitor.job
2014-03-31 19:38 - 2012-11-30 12:37 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2014-03-31 19:38 - 2012-05-23 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-31 19:38 - 2012-01-04 22:38 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 19:37 - 2012-05-24 14:41 - 00007982 _____ () C:\Windows\setupact.log
2014-03-31 19:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 19:32 - 2009-07-14 12:57 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 19:32 - 2009-07-14 12:57 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 19:32 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 19:20 - 2012-01-04 23:17 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-31 19:18 - 2012-01-04 23:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:16 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\Bekki\AppData\Roaming\Spotify
2014-03-31 19:15 - 2012-01-04 22:38 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 19:13 - 2012-01-04 10:38 - 01260346 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 19:10 - 2012-01-04 10:54 - 00000000 ____D () C:\Users\Bekki

Files to move or delete:
====================
C:\Users\Bekki\AppData\Roaming\skype.dat
C:\Users\Bekki\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\Bekki\AppData\Local\Temp\ApnStub.exe
C:\Users\Bekki\AppData\Local\Temp\install_reader10_de_gtbp_chra_aih.exe
C:\Users\Bekki\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-05-04 11:37

==================== End Of Log ============================

Hallo JBL, :hallo:

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
- Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
- Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweise

Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.

Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
- http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus. :)

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION 

C:\Users\Bekki\AppData\Roaming\skype.dat

C:\Users\Bekki\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Startet der Rechner nach diesem Fix wieder ganz normal?

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Fix

Hallo Jonas,
dnake für deine Hilfe. Log anbei:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Bekki at 2014-03-31 20:36:12 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION
C:\Users\Bekki\AppData\Roaming\skype.dat
C:\Users\Bekki\AppData\Roaming\skype.ini

*****************

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Bekki\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Bekki\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

Startet der Rechner wieder im Normalen Modus? ;)

Ja!
und wieder 20 000 Programme im autostart..... :kloppen:

Alles klar, dann mache bitte folgendes:
Schritt 1
Starte noch einmal FRST.

Setze einen Haken bei Additions.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt der beiden Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Scan

FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Bekki (administrator) on PC-K on 31-03-2014 20:55:05
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\spotify.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd)
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat <==== ATTENTION
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Bekki at 2014-03-31 20:55:37

Running from E:\

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky Security Suite CBE (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Security Suite CBE (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Security Suite CBE (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )

Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)

Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.07 - )

GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3607.2246 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.21.145 - Google Inc.) Hidden

Intel PROSet Wireless (Version:  - ) Hidden

Intel PROSet Wireless (x32 Version:  - ) Hidden

Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version:  - )

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)

iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)

Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.350 - Oracle)

Kaspersky Security Suite CBE 12 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)

Kaspersky Security Suite CBE 12 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )

Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited)

Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (HKLM\...\{1C83CB66-D345-4D6C-95A2-63A03269ADA0}) (Version: 1.3.0.007 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.20.0001 - Lenovo Group Limited)

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.01.0005 - Lenovo)

Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)

quäldich.de Tourenplaner (HKLM-x32\...\quaeldich.de Tourenplaner) (Version: 0.9.1 - )

SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)

SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.4.4 - Uniblue Systems Ltd)

Spotify (HKCU\...\Spotify) (Version: 0.8.8.349.g3657a532 - Spotify AB)

System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )

ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )

ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.1 - )

ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)

ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {2178A725-900F-4454-9ADC-D76CFB67BECC} - System32\Tasks\{3179C303-5E86-4975-9A15-437DBA09A0B7} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-11-29] (Apple Inc.)

Task: {27037FA4-8CD7-4AC2-AC2D-7F2D5937D149} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {5303695B-C539-40E7-9C18-4B4F58586AE5} - System32\Tasks\{2292904C-D968-429F-A689-90ABD7F3B11E} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-11-29] (Apple Inc.)

Task: {794586D1-6228-4C18-8B16-503868420FD7} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2012-11-22] (Uniblue Systems Ltd)

Task: {7B8CF497-B258-413D-AF39-97E982B546BE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {7E0DCEDA-ED68-4608-8CB2-0C5AABFC0B3C} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-11-22] (Uniblue Systems Ltd)

Task: {A16005EE-2163-42A6-A13C-79B052565C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)

Task: {CC301A44-DD19-4FD1-BB89-9B16CF85958E} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {D8243A52-1B00-4AAB-9B14-71344EED0A50} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION

Task: {DCEBAD41-633F-4986-8785-40A8487B4E1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)

Task: {F6F2EAD8-FE07-40EF-8F82-829E30640EBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe

Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe

Task: C:\Windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2012-01-04 12:58 - 2012-03-15 06:07 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

2011-10-20 11:12 - 2011-10-20 11:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-11-30 19:57 - 2012-11-22 20:43 - 00114056 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll

2012-11-30 19:57 - 2012-11-22 20:43 - 00474504 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\de\de.dll

2012-11-30 19:57 - 2012-11-22 20:43 - 00018824 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll

2012-12-12 19:52 - 2013-03-13 20:04 - 21938072 _____ () C:\Users\Bekki\AppData\Roaming\Spotify\Data\libcef.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtCore4.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtGui4.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtDeclarative4.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtScript4.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtSql4.dll

2012-04-10 19:18 - 2012-04-10 19:18 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtNetwork4.dll

2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: Basissystemgerät

Description: Basissystemgerät

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: Basissystemgerät

Description: Basissystemgerät

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/31/2014 08:51:02 PM) (Source: PC-Doctor) (User: )

Description: (4888) Asapi: (20:51:02:3580)(4888) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317
 

Error: (03/31/2014 08:51:02 PM) (Source: PC-Doctor) (User: )

Description: (4888) Asapi: (20:51:02:2480)(4888) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317
 

Error: (03/31/2014 08:40:52 PM) (Source: LMS) (User: NT-AUTORITÄT)

Description: LMS Service cannot connect to HECI driver
 

Error: (03/31/2014 07:38:33 PM) (Source: LMS) (User: NT-AUTORITÄT)

Description: LMS Service cannot connect to HECI driver
 

Error: (03/31/2014 07:20:01 PM) (Source: PC-Doctor) (User: )

Description: (5180) Asapi: (19:20:01:4010)(5180) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317
 

Error: (03/31/2014 07:20:01 PM) (Source: PC-Doctor) (User: )

Description: (5180) Asapi: (19:20:01:2760)(5180) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317
 

Error: (03/31/2014 07:08:06 PM) (Source: LMS) (User: NT-AUTORITÄT)

Description: LMS Service cannot connect to HECI driver
 

Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 747385
 

Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 747385
 

Error: (05/27/2013 07:29:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (03/31/2014 08:40:30 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎31.‎03.‎2014 um 20:38:33 unerwartet heruntergefahren.
 

Error: (03/31/2014 08:33:53 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

AFD

CSC

DfsC

discache

kl2

KLIF

KLIM6

lenovo.smi

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

tdx

TPPWRIF

Wanarpv6

WfpLwf
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%31
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%31
 

Error: (03/31/2014 08:33:52 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%31
 
 

Microsoft Office Sessions:

=========================

Error: (04/24/2012 06:33:46 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 354 seconds with 300 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 51%

Total physical RAM: 2030.3 MB

Available physical RAM: 994.84 MB

Total Pagefile: 4060.59 MB

Available Pagefile: 2494.25 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (Preload) (Fixed) (Total:148.37 GB) (Free:20.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: () (Removable) (Total:1.85 GB) (Free:1.81 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1669C708)

Partition 1: (Active) - (Size=148 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=694 MB) - (Type=1C)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Das FRST Logfile ist nicht vollständig, bitte nochmal vollständig in CODE-Tags posten :).

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Bekki (administrator) on PC-K on 31-03-2014 20:55:05

Running from E:\

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe

(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\spotify.exe

(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe

(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated)

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)

HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)

HKLM\...\Run: [nwiz] - nwiz.exe /install

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation)

HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)

Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd)

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd)

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a

HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat <==== ATTENTION 

Lsa: [Notification Packages] scecli ACGina
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72BDB9C8EFCACC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

SearchScopes: HKCU - {D6025D83-5701-4B05-BF7D-408943F40585} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B29F9ABE-C3FC-457A-9E61-BECCC20AD501&apn_sauid=3A84F2E8-FDB2-4C12-87BA-07E0F51C7F58

BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (VLC Web Plugin) - C:\Users\Bekki\Desktop\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-08]

CHR Extension: (Virtuelle Tastatur) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-08]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\urladvisor.crx [2012-04-10]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\virtkbd.crx [2012-04-10]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\ab.crx [2012-04-10]
 

==================== Services (Whitelisted) =================
 

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)

R2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-11-23] ()

R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)

R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-05-23] (Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-31 19:41 - 2014-03-31 20:55 - 00000000 ____D () C:\FRST
 

==================== One Month Modified Files and Folders =======
 

2014-03-31 20:55 - 2014-03-31 19:41 - 00000000 ____D () C:\FRST

2014-03-31 20:51 - 2012-01-04 23:17 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2014-03-31 20:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-31 20:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-31 20:48 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\Bekki\AppData\Roaming\Spotify

2014-03-31 20:46 - 2012-01-04 23:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2014-03-31 20:46 - 2009-07-14 12:57 - 00654400 _____ () C:\Windows\system32\perfh007.dat

2014-03-31 20:46 - 2009-07-14 12:57 - 00130240 _____ () C:\Windows\system32\perfc007.dat

2014-03-31 20:46 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-31 20:45 - 2012-01-04 10:38 - 01264551 _____ () C:\Windows\WindowsUpdate.log

2014-03-31 20:44 - 2012-05-23 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-03-31 20:41 - 2012-11-30 19:58 - 00000336 _____ () C:\Windows\Tasks\spmonitor.job

2014-03-31 20:41 - 2012-11-30 12:37 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job

2014-03-31 20:41 - 2012-01-04 22:38 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-31 20:40 - 2012-05-24 14:41 - 00008038 _____ () C:\Windows\setupact.log

2014-03-31 20:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-31 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-03-31 19:15 - 2012-01-04 22:38 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-31 19:10 - 2012-01-04 10:54 - 00000000 ____D () C:\Users\Bekki
 

Some content of TEMP:

====================

C:\Users\Bekki\AppData\Local\Temp\ApnStub.exe

C:\Users\Bekki\AppData\Local\Temp\install_reader10_de_gtbp_chra_aih.exe

C:\Users\Bekki\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-05-04 11:37
 

==================== End Of Log ============================

--- --- ---

Schritt 1
Bitte deinstalliere folgende Programme:

Ask Toolbar
Ask Toolbar Updater
SpeedUpMyPC

Gehe dafür auf:

Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

MBAM-Scan
ESET-Scan
FRST-Scan

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen.

Fehlende Rückmeldung

Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht.

Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.