Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   cdn cache virus (https://www.trojaner-board.de/162867-cdn-cache-virus.html)

Energie2000 17.01.2015 12:29
cdn cache virus
 
Hallo,

habe den cdn cache virus auf meinem Rechner, Windows 7.
Beigefügt die Logfiles von FRST64.

[FRST.txt]
[Addition.txt]

s. Anhang

Bitte um weitere Anweisungen.
Danke im Voraus.

Gruß
Energie2000

schrauber 17.01.2015 12:36
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Energie2000 17.01.2015 12:42
Hallo Schrauber,

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by labuhn (administrator) on LABUHN-THINK on 17-01-2015 12:07:49
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [PDFVPrinter] => C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\MountPoints2: {e8e9fbbd-2380-11e1-80ad-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=781483096&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D120814-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D120814-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE462
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: youtubeadblocker -> {9ce9c8bf-d30e-460a-8378-2af2a1cb3397} -> C:\Program Files (x86)\youtubeadblocker\vau31b4tib5fWs.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: uNNisAAlEs -> {d7b173e2-2274-4119-89d1-396c57691e07} -> C:\Program Files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.x64.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: youtubeadblocker -> {9ce9c8bf-d30e-460a-8378-2af2a1cb3397} -> C:\Program Files (x86)\youtubeadblocker\vau31b4tib5fWs.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: uNNisAAlEs -> {d7b173e2-2274-4119-89d1-396c57691e07} -> C:\Program Files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.dll ()
Toolbar: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default
FF NewTab: Google
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-maps.xml
FF Extension: uNiisales - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\F1ZWLpcU@4.com [2015-01-11]
FF Extension: youtubeadblocker - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\rr7G7@h.edu [2015-01-11]
FF Extension: Flashblock - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-17]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-17]
FF Extension: Flash Block - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF Extension: Adblock Edge - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ofbhmgdnoeallignocbmcpnpondfanip] - C:\ProgramData\SaveByclick\ofbhmgdnoeallignocbmcpnpondfanip.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4182016 2015-01-11] () [File not signed] <==== ATTENTION
R2 HPSLPSVC; C:\Users\labuhn\AppData\Local\Temp\7zS424C\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 cpuz134; \??\C:\Users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 12:07 - 2015-01-17 12:08 - 00022302 ____C () C:\Users\labuhn\Desktop\FRST.txt
2015-01-17 12:07 - 2015-01-17 12:07 - 02125824 ____C (Farbar) C:\Users\labuhn\Desktop\FRST64.exe
2015-01-17 12:07 - 2015-01-17 12:07 - 00000000 ___DC () C:\FRST
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 ____C () C:\autoexec.bat
2015-01-17 11:41 - 2015-01-17 11:41 - 03044736 ____C (Enigma Software Group USA, LLC.) C:\Users\labuhn\Downloads\SpyHunter-Installer.exe
2015-01-17 11:12 - 2015-01-17 12:02 - 00000466 ____C () C:\Windows\setupact.log
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-17 10:53 - 2015-01-17 10:53 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-17 10:53 - 2015-01-17 10:53 - 00000833 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-17 10:52 - 2015-01-17 10:53 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-17 10:51 - 2015-01-17 10:51 - 04188536 ____C (Piriform Ltd) C:\Users\labuhn\Downloads\ccsetup501_slim.exe
2015-01-16 20:09 - 2015-01-16 20:09 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{EEB95024-3F3F-47DA-9A08-1CE69E4A26B4}
2015-01-16 17:34 - 2015-01-16 17:34 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{798AD570-B6ED-4858-9BEC-1B0BAEC0BFD5}
2015-01-15 20:29 - 2015-01-17 11:17 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:29 - 2015-01-16 10:18 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:26 - 2015-01-14 08:32 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:26 - 2015-01-14 08:32 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{2838C558-6176-4648-B364-969F60983C0B}
2015-01-13 20:33 - 2015-01-13 20:37 - 00000156 ____C () C:\Windows\Reimage.ini
2015-01-13 19:07 - 2015-01-13 19:07 - 00003408 ____N () C:\bootsqm.dat
2015-01-13 18:23 - 2015-01-13 18:23 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 07:18 - 2015-01-13 08:49 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-12 21:58 - 2015-01-12 21:58 - 00000773 ____C () C:\Windows\removeep.cmd
2015-01-12 21:51 - 2015-01-12 21:58 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\Solvusoft
2015-01-12 21:51 - 2012-10-15 17:02 - 00019888 ____C (solvusoft) C:\Windows\system32\roboot64.exe
2015-01-12 21:41 - 2015-01-12 21:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\reaper
2015-01-12 20:55 - 2015-01-12 20:55 - 00000000 ___DC () C:\Users\Public\Lenovo
2015-01-12 20:30 - 2015-01-12 20:30 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 20:30 - 2015-01-12 20:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-12 17:26 - 2015-01-12 17:26 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{2C0329A4-F17D-40EA-8355-9A8E4F247338}
2015-01-12 17:23 - 2015-01-12 17:23 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{6520D803-CE23-4BA9-9F93-2BDCF6BD7FF4}
2015-01-12 17:16 - 2015-01-12 17:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{E0AD3550-E14B-43F8-87D6-E76B154F4AF9}
2015-01-11 11:05 - 2015-01-11 11:05 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{41901703-0D31-4B14-ACC4-7E66C1A29D12}
2015-01-11 10:01 - 2015-01-11 10:01 - 00000000 ___DC () C:\Program Files (x86)\DeltaFix
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\youtubeadblocker
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\Live Radio Stations
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\ProgramData\17058789219343606795
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNNisAAlEs
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNiisales
2015-01-10 20:30 - 2015-01-10 20:30 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{75A2A55C-ED9C-4749-B800-79EE3F1F6D6F}
2015-01-10 11:23 - 2015-01-10 11:23 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{B5D32317-40AA-4167-88CD-FEE4465CF362}
2015-01-08 21:03 - 2015-01-08 21:04 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{7B3FCCF6-E81D-49C5-BF81-80A71481FBA0}
2015-01-08 09:02 - 2015-01-08 09:02 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{1B52B66B-2EA9-4F18-865D-441D138A4923}
2015-01-07 12:44 - 2015-01-07 12:47 - 00000000 ___DC () C:\Users\labuhn\Documents\2015 Bewerbungen
2015-01-06 19:12 - 2015-01-06 19:12 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{C700976D-770F-4E83-93E3-00FDB1ECF7BE}
2015-01-04 16:31 - 2015-01-04 16:31 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{1590045A-4A65-46A4-BFB1-F8AE1895620E}
2015-01-03 22:50 - 2015-01-03 22:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{1C436D92-1CEE-4BE5-9FA9-F13BEC705804}
2015-01-03 10:49 - 2015-01-03 10:49 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{D2693611-654E-44CF-ADCB-66C6D8D96043}
2015-01-02 10:12 - 2015-01-02 10:12 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{702FEFB7-81F3-4CD4-BDD1-2BEE289ACDF0}
2015-01-01 17:56 - 2015-01-01 17:56 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{6676FBD9-1F3F-4193-96D6-5E5060D33D5F}
2014-12-31 16:59 - 2014-12-31 16:59 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{6EE9FFFB-2051-4344-AA0E-E2389AF63B65}
2014-12-31 16:54 - 2014-12-31 16:54 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{FC58236B-EDB0-43DC-99EF-E4014B0FE59B}
2014-12-31 16:47 - 2014-12-31 16:47 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{612F8AF9-6248-4FB7-862A-8864DB547239}
2014-12-30 14:01 - 2014-12-30 14:01 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{C8CEB996-76E4-46D8-8581-3ED096B2080D}
2014-12-29 09:42 - 2014-12-29 09:42 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{CE6C7E97-DAA6-44B2-937F-6488851B8179}
2014-12-28 22:41 - 2014-12-28 22:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{CFCCAB34-98C7-496D-92F6-DE5763EBBDC6}
2014-12-28 22:31 - 2014-12-28 22:31 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{70D53656-9BF2-41CD-825B-D1C74A5E7849}
2014-12-28 10:30 - 2014-12-28 10:30 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{5EEC2651-B9B3-455A-809D-8617F2B9A0E5}
2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{ED08F12A-4C20-4662-87DF-F9064C45EA76}
2014-12-27 11:29 - 2015-01-08 09:52 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-01-28 Kontenklärung
2014-12-27 10:25 - 2014-12-27 11:19 - 00000000 __RDC () C:\Users\labuhn\Documents\Scannen
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\MAGIX
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Program Files\Common Files\MAGIX Shared
2014-12-26 18:27 - 2015-01-12 21:57 - 00000000 __RDC () C:\Users\labuhn\Documents\MAGIX
2014-12-26 18:27 - 2015-01-12 21:56 - 00000000 ___DC () C:\ProgramData\MAGIX
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Apple Computer
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieUserList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieSiteList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieBrowserModeList
2014-12-26 18:04 - 2014-12-26 18:04 - 01174352 ____C () C:\Users\labuhn\Downloads\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe
2014-12-24 14:26 - 2014-12-24 14:26 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{CB4E57A8-E359-4544-A64A-00E8FB181EFF}
2014-12-24 08:44 - 2014-12-24 08:44 - 00003886 ____C () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-18 16:15 - 2014-12-18 20:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:15 - 2014-12-18 20:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 12:06 - 2011-12-11 08:37 - 00699682 ____C () C:\Windows\system32\perfh007.dat
2015-01-17 12:06 - 2011-12-11 08:37 - 00149790 ____C () C:\Windows\system32\perfc007.dat
2015-01-17 12:06 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 12:05 - 2011-12-11 00:04 - 01400869 ____C () C:\Windows\WindowsUpdate.log
2015-01-17 12:03 - 2011-12-26 16:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Temp
2015-01-17 12:02 - 2011-12-10 23:58 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-17 12:02 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-17 11:47 - 2011-12-15 21:05 - 00000000 ___DC () C:\Users\labuhn
2015-01-17 11:37 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 11:37 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 10:55 - 2012-11-17 18:03 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\CrashDumps
2015-01-17 10:55 - 2012-01-07 19:15 - 00000000 ___DC () C:\Windows\Minidump
2015-01-17 10:55 - 2011-02-15 10:42 - 00000000 ___DC () C:\Windows\Panther
2015-01-16 20:07 - 2014-12-05 17:23 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-10_bis_12 Neuseeland & Sydney
2015-01-16 17:31 - 2011-12-15 21:06 - 00000466 ____C () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-16 15:49 - 2011-12-15 21:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-16 15:49 - 2011-12-11 00:06 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-16 10:18 - 2013-02-27 15:06 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 10:18 - 2011-12-25 19:43 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 20:37 - 2011-12-15 21:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Adobe
2015-01-15 20:28 - 2014-01-19 15:53 - 00000000 ___DC () C:\ProgramData\McAfee Security Scan
2015-01-15 20:18 - 2011-12-29 13:00 - 00000000 ___DC () C:\ProgramData\PCDr
2015-01-14 08:32 - 2013-08-15 20:27 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 08:23 - 2011-12-18 19:12 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 19:07 - 2012-04-29 20:08 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 18:33 - 2014-04-14 17:39 - 00000000 ___DC () C:\EFW 2014-04-14
2015-01-12 21:58 - 2014-04-27 09:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Lenovo
2015-01-12 21:58 - 2011-12-10 23:54 - 00000000 ___DC () C:\Program Files (x86)\Lenovo
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ___DC () C:\Windows\Downloaded Installations
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-01-12 20:55 - 2012-10-13 18:45 - 00000000 __HDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-01-05 11:03 - 2013-02-10 18:27 - 00011861 _____ () C:\Users\labuhn\Documents\Silberhochzeitsliste.xlsx
2015-01-05 10:54 - 2013-07-28 07:44 - 00000000 ___DC () C:\Users\labuhn\Documents\2013-07-27 Silberhochzeit
2015-01-05 10:47 - 2014-02-23 19:05 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-02-23 Natalie beim Griechen
2015-01-04 19:07 - 2011-12-28 18:50 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-01-04 16:33 - 2014-07-11 07:46 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Windows Live
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 09:53 - 2014-08-15 18:39 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-07-26 Vater und Torsten
2014-12-28 22:41 - 2014-02-23 19:34 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-06-17 Dichtschlemme
2014-12-27 10:18 - 2014-01-28 13:39 - 00000000 ___DC () C:\Users\labuhn\Documents\Scanner
2014-12-26 18:52 - 2011-12-15 21:06 - 00152288 ____C () C:\Users\labuhn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:52 - 2009-07-14 05:45 - 00481912 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-26 18:27 - 2014-10-02 10:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-12-26 18:27 - 2011-12-16 20:00 - 00000000 ___DC () C:\Program Files (x86)\MSXML 4.0
2014-12-26 18:14 - 2012-10-13 18:37 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\vlc
2014-12-24 14:15 - 2011-12-26 16:57 - 00000000 ___DC () C:\Dateien 2014-12-31
2014-12-23 09:40 - 2011-12-15 21:06 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-22 17:14 - 2011-12-11 00:06 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

==================== Files in the root of some directories =======
2012-06-28 09:20 - 2012-06-28 09:20 - 0033134 ____C () C:\Users\labuhn\AppData\Roaming\UserTile.png
2012-10-13 20:18 - 2012-10-13 20:18 - 0000438 ____C () C:\Users\labuhn\AppData\Local\WiDiLog.20121013.211832.txt
2012-10-13 20:18 - 2012-10-13 20:18 - 0018362 ____C () C:\Users\labuhn\AppData\Local\WiDiSetupLog.20121013.211803.txt

Files to move or delete:
====================
C:\Users\labuhn\Windows-KB890830-x64-V5.9.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 00:21

==================== End Of Log ============================
--- --- ---

--- --- ---

Addition.txt:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by labuhn at 2015-01-17 12:08:23
Running from C:\Users\labuhn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Apple Software Update (HKLM-x32\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fingerprint Software Patch (HKLM\...\{CFF603B5-8D80-45FB-906A-9ABFC05C8134}) (Version: 5.9.7.7261 - Authentec Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Live Radio Stations (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
OctetInspector (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version:  - AppMaster) <==== ATTENTION
PANTONE Color Calibrator 1.0 (HKLM-x32\...\PANTONE Color Calibrator_is1) (Version:  - X-Rite)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHOTOfunSTUDIO (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
QuickTime (HKLM-x32\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.23 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
uNNisAAlEs (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - )
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
X-Rite Device i1Display Service (HKLM-x32\...\{D2A53206-6A9E-4241-B21C-D94140EEF1CE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-01-2015 10:15:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-11-10 12:03 - 00450639 ____C C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        032439.com
127.0.0.1        032439.com
127.0.0.1        0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        Gadgets And More
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E64B757-F444-4522-A8AC-6E412A7A02D0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {1205F5DE-DFDC-4CE8-A182-1734B0EF8CD6} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {13EA9A5A-30BB-4C84-ABAC-D909BAF25649} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {27A14130-8F1B-40A8-95B5-8A900ECB9374} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {34A12EA4-144D-4CB0-933D-1809705ACBBE} - System32\Tasks\{3C8F45EC-F5FB-402A-8A26-55BC1B0B3AE5} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {37512D22-E517-4059-A3CE-74D7B3399FBB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {4A69786C-D02F-48E7-B05D-F9898810053A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {542CAD51-3C64-4736-B4A5-3E048039FB10} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {55358189-A0EE-450A-839E-7D9D64A46670} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {7FD6222F-8ACC-41B1-933F-EA9DF1E34A83} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {809A2ED3-D9FD-4AEC-9CFC-3F9743DA993C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {86BCCB31-4EC6-4F57-A8AE-ED8DF366DB07} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {903BD336-D0C9-406A-B82B-F05BB2E1632B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {9A8C820D-D6D1-4808-873C-C869D9EE1A04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A567C105-7E5C-4ED0-895C-02B147D1EA9A} - System32\Tasks\{F7F9A972-929F-4257-AEFC-13ED440C4071} => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [2011-02-23] (shbox.de)
Task: {A9FE8395-1DC7-47F8-A7CF-33ECE0EADBCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B45BD918-30EB-46EF-8373-4378EB67A0EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {BACA9D0D-5FFD-4456-B888-2E8C295AD664} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {C9884205-4702-4D83-BD0B-078E8CA9618F} - System32\Tasks\{4EF7FF4F-3300-4392-AB7F-F3809BC022EA} => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [2011-02-23] (shbox.de)
Task: {D2565D6B-B41C-41B7-A78E-A0604C195DC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DCAFF2CB-6EEA-41F0-88C5-EC330BE393F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.)
Task: {DDCD4437-F67A-42B1-9116-5B9A58505E99} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {E9A9A214-2E7B-4CB6-A8F1-8B3FD05EE324} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-04-09 17:36 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-10-13 20:20 - 2012-10-02 20:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-11 08:35 - 2011-05-19 13:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-12-10 23:54 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-12-10 23:58 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-11 00:00 - 2011-08-31 19:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 ____C () C:\Program Files\CCleaner\lang\lang-1031.dll
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2015-01-11 10:01 - 2015-01-11 10:01 - 04182016 ____C () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2013-11-10 11:50 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-10 11:50 - 2013-05-16 10:55 - 00113496 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-10 11:50 - 2013-05-16 10:55 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-10 11:50 - 2013-05-16 10:55 - 00161112 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-10 11:50 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-12-11 00:00 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-12-11 00:00 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-01-13 18:23 - 2015-01-13 18:23 - 03925104 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1102651152-2822926887-2028513216-500 - Administrator - Disabled)
Gast (S-1-5-21-1102651152-2822926887-2028513216-501 - Limited - Disabled)
labuhn (S-1-5-21-1102651152-2822926887-2028513216-1001 - Administrator - Enabled) => C:\Users\labuhn
UpdatusUser (S-1-5-21-1102651152-2822926887-2028513216-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 00:07:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 00:07:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 00:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:30:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (01/17/2015 00:04:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2015 00:04:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/17/2015 11:32:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2015 11:32:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/17/2015 11:14:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2015 11:14:30 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/17/2015 11:13:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/17/2015 11:13:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (01/17/2015 10:07:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2015 10:07:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (01/17/2015 00:07:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/17/2015 00:07:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/17/2015 00:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:30:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/17/2015 11:13:32 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8075.23 MB
Available physical RAM: 5117.81 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13074.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:102.15 GB) (Free:28.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 006873D0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---
Gruß
Energie2000

schrauber 17.01.2015 18:12
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Google Update Helper

    OctetInspector

    youtubeadblocker


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Energie2000 17.01.2015 21:01
Hallo Schrauber,

bin wie aufgefordert vorgegangen, aber
Google Update Helper war nicht vorhanden, trotz beider Revo Uninstaller. Bin dann weitergegangen und hier der Combofix Log-File

Code:
ComboFix 15-01-08.01 - labuhn 17.01.2015  20:48:57.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8075.5053 [GMT 1:00]
ausgeführt von:: c:\users\labuhn\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uNNisAAlEs
c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.dat
c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.dll
c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.exe
c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.tlb
c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.x64.dll
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\17058789219343606795
c:\programdata\17058789219343606795\cd5b15e575e1c3d0aee6ec53de15e389.ini
c:\programdata\3872871776
c:\programdata\3872871776\BITCD9F.tmp
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\users\labuhn\AppData\Local\Temp\7zS424C\HPSLPSVC64.DLL
c:\users\labuhn\AppData\Roaming\Microsoft\Windows\Recent\Unterstütze PDFCreator.url
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com\bootstrap.js
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com\chrome.manifest
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com\content\bg.js
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com\install.rdf
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu\bootstrap.js
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu\chrome.manifest
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu\content\bg.js
c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu\install.rdf
c:\windows\IsUn0407.exe
c:\windows\tmp
c:\windows\tmp\dd_vcredist_x86_20141002110537.log
c:\windows\tmp\dd_vcredist_x86_20141002110537_0_vcRuntimeMinimum_x86.log
c:\windows\tmp\dd_vcredist_x86_20141002110537_1_vcRuntimeAdditional_x86.log
c:\windows\tmp\dd_vcredistMSI37E3.txt
c:\windows\tmp\dd_vcredistMSI3AF0.txt
c:\windows\tmp\dd_vcredistUI37E3.txt
c:\windows\tmp\dd_vcredistUI3AF0.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\wininit.ini
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-17 bis 2015-01-17  ))))))))))))))))))))))))))))))
.
.
2015-01-17 19:53 . 2015-01-17 19:53        --------        dc----w-        c:\users\Default\AppData\Local\temp
2015-01-17 19:14 . 2015-01-17 19:14        --------        dc----w-        c:\program files (x86)\VS Revo Group
2015-01-17 11:07 . 2015-01-17 11:08        --------        dc----w-        C:\FRST
2015-01-17 09:52 . 2015-01-17 09:53        --------        dc----w-        c:\program files\CCleaner
2015-01-13 06:18 . 2015-01-13 07:49        6584320        ----a-w-        c:\windows\system32\mstscax.dll
2015-01-13 06:18 . 2015-01-13 07:49        5703168        ----a-w-        c:\windows\SysWow64\mstscax.dll
2015-01-12 20:58 . 2015-01-12 20:58        773        -c--a-w-        c:\windows\removeep.cmd
2015-01-12 20:51 . 2015-01-12 20:58        --------        dc----w-        c:\users\labuhn\AppData\Roaming\Solvusoft
2015-01-12 20:51 . 2012-10-15 16:02        19888        -c--a-w-        c:\windows\system32\roboot64.exe
2015-01-12 20:41 . 2015-01-12 20:41        --------        dc----w-        c:\users\labuhn\AppData\Roaming\reaper
2015-01-12 19:55 . 2015-01-12 19:55        --------        dc----w-        c:\users\Public\Lenovo
2015-01-11 09:00 . 2015-01-11 09:00        --------        dc----w-        c:\program files (x86)\Live Radio Stations
2015-01-11 08:59 . 2015-01-11 08:59        --------        dc----w-        c:\program files (x86)\uNiisales
2014-12-26 17:28 . 2014-12-26 17:28        --------        dc----w-        c:\users\labuhn\AppData\Roaming\MAGIX
2014-12-26 17:28 . 2014-12-26 17:28        --------        dc----w-        c:\program files\Common Files\MAGIX Shared
2014-12-26 17:28 . 2014-12-26 17:28        --------        dc----w-        c:\program files (x86)\Common Files\MAGIX Shared
2014-12-26 17:27 . 2015-01-12 20:57        --------        dc----w-        c:\program files (x86)\Common Files\MAGIX Services
2014-12-26 17:27 . 2015-01-12 20:56        --------        dc----w-        c:\programdata\MAGIX
2014-12-26 17:16 . 2014-12-26 17:16        --------        dc----w-        c:\users\labuhn\AppData\Local\Apple Computer
2014-12-26 17:16 . 2014-12-26 17:16        --------        dc-h--r-        c:\users\Public\Libraries
2014-12-26 17:07 . 2014-12-26 17:07        --------        dcsh--w-        c:\users\labuhn\AppData\Local\EmieUserList
2014-12-26 17:07 . 2014-12-26 17:07        --------        dcsh--w-        c:\users\labuhn\AppData\Local\EmieSiteList
2014-12-26 17:07 . 2014-12-26 17:07        --------        dcsh--w-        c:\users\labuhn\AppData\Local\EmieBrowserModeList
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 09:18 . 2013-02-27 14:06        701616        -c--a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-16 09:18 . 2011-12-25 18:43        71344        -c--a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 07:23 . 2011-12-18 18:12        113365784        -c--a-w-        c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2010-11-21 03:27        298120        -c----w-        c:\windows\system32\MpSigStub.exe
2014-12-18 19:57 . 2014-12-18 15:15        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-18 19:57 . 2014-12-18 15:15        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-10 09:11 . 2014-12-10 08:38        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-10 09:11 . 2014-12-10 08:38        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-10 09:11 . 2014-12-10 08:38        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-10 09:11 . 2014-12-10 08:38        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-10 09:11 . 2014-12-10 08:38        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-10 09:11 . 2014-12-10 08:38        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-10 09:11 . 2014-12-10 08:38        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-12-10 09:11 . 2014-12-10 08:38        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-10 09:08 . 2014-12-10 08:38        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-12-10 09:08 . 2014-12-10 08:38        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 09:08 . 2014-12-10 08:38        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-10 09:07 . 2014-12-10 08:37        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-12-10 09:07 . 2014-12-10 08:37        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 09:07 . 2014-12-10 08:37        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-12-10 09:07 . 2014-12-10 08:37        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-12-10 09:07 . 2014-12-10 08:37        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-12-10 09:07 . 2014-12-10 08:37        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-12-10 09:07 . 2014-12-10 08:37        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-12-10 09:07 . 2014-12-10 08:37        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-12-10 09:07 . 2014-12-10 08:37        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-12-10 09:07 . 2014-12-10 08:37        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-12-10 09:07 . 2014-12-10 08:37        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-12-10 09:07 . 2014-12-10 08:37        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-12-10 09:07 . 2014-12-10 08:37        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-12-10 09:07 . 2014-12-10 08:37        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-12-10 09:07 . 2014-12-10 08:37        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-12-10 09:07 . 2014-12-10 08:37        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-12-10 09:07 . 2014-12-10 08:37        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-12-10 09:07 . 2014-12-10 08:37        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-12-10 09:07 . 2014-12-10 08:37        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-12-10 09:07 . 2014-12-10 08:37        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-12-10 09:07 . 2014-12-10 08:37        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-12-10 09:07 . 2014-12-10 08:37        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-12-10 09:07 . 2014-12-10 08:37        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-12-10 09:07 . 2014-12-10 08:37        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-10 09:07 . 2014-12-10 08:37        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-12-10 09:07 . 2014-12-10 08:37        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-12-10 09:07 . 2014-12-10 08:37        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-12-10 09:07 . 2014-12-10 08:37        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 09:07 . 2014-12-10 08:37        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-12-10 09:07 . 2014-12-10 08:37        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-12-10 09:07 . 2014-12-10 08:37        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-12-10 09:07 . 2014-12-10 08:37        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-12-10 09:07 . 2014-12-10 08:37        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-12-10 09:07 . 2014-12-10 08:37        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-12-10 09:07 . 2014-12-10 08:37        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-12-10 09:07 . 2014-12-10 08:37        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-12-10 09:07 . 2014-12-10 08:37        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-12-10 09:07 . 2014-12-10 08:37        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-12-10 09:07 . 2014-12-10 08:37        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-12-10 09:07 . 2014-12-10 08:37        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-12-10 09:07 . 2014-12-10 09:07        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-10 09:07 . 2014-12-10 09:07        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2014-12-10 09:07 . 2014-12-10 09:07        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-12-10 09:07 . 2014-12-10 09:07        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-10 09:07 . 2014-12-10 09:07        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2014-12-10 09:07 . 2014-12-10 09:07        206848        ----a-w-        c:\windows\system32\mfps.dll
2014-12-10 09:07 . 2014-12-10 09:07        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2014-12-10 09:07 . 2014-12-10 09:07        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-10 09:07 . 2014-12-10 09:07        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2014-12-10 09:07 . 2014-12-10 09:07        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-10 09:06 . 2014-12-10 08:34        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-12-10 09:06 . 2014-12-10 08:34        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-12-10 09:06 . 2014-12-10 08:34        2020352        ----a-w-        c:\windows\system32\WsmSvc.dll
2014-12-10 09:06 . 2014-12-10 08:34        346624        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:06 . 2014-12-10 08:34        310272        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2014-12-10 09:06 . 2014-12-10 08:34        266240        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 09:06 . 2014-12-10 08:34        248832        ----a-w-        c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 09:06 . 2014-12-10 08:34        214016        ----a-w-        c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 09:06 . 2014-12-10 08:34        198656        ----a-w-        c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 09:06 . 2014-12-10 08:34        181248        ----a-w-        c:\windows\system32\WsmAuto.dll
2014-12-10 09:06 . 2014-12-10 08:34        145920        ----a-w-        c:\windows\SysWow64\WsmAuto.dll
2014-12-10 09:06 . 2014-12-10 08:34        1177088        ----a-w-        c:\windows\SysWow64\WsmSvc.dll
2014-12-10 09:06 . 2014-12-10 08:34        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-12-10 09:06 . 2014-12-10 08:34        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-12-04 06:23 . 2014-12-04 04:41        73880        ----a-w-        c:\windows\system32\mscories.dll
2014-12-04 06:23 . 2014-12-04 04:41        156312        ----a-w-        c:\windows\system32\mscorier.dll
2014-12-04 06:23 . 2014-12-04 04:41        1131664        ----a-w-        c:\windows\SysWow64\dfshim.dll
2014-12-04 06:23 . 2014-12-04 04:41        81560        ----a-w-        c:\windows\SysWow64\mscories.dll
2014-12-04 06:23 . 2014-12-04 04:41        1943696        ----a-w-        c:\windows\system32\dfshim.dll
2014-12-04 06:23 . 2014-12-04 04:41        156824        ----a-w-        c:\windows\SysWow64\mscorier.dll
2014-12-04 06:23 . 2014-12-04 04:41        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-12-04 06:23 . 2014-12-04 04:41        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-12-04 06:23 . 2014-12-04 04:41        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-12-04 06:23 . 2014-12-04 04:41        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-12-04 06:23 . 2014-12-04 04:41        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-12-04 06:22 . 2014-12-04 04:37        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2014-12-04 06:22 . 2014-12-04 04:37        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2014-12-04 06:22 . 2014-12-04 04:37        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2014-12-04 06:22 . 2014-12-04 04:37        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2014-12-04 06:22 . 2014-12-04 04:37        878080        ----a-w-        c:\windows\system32\IMJP10K.DLL
2014-12-04 06:22 . 2014-12-04 04:37        701440        ----a-w-        c:\windows\SysWow64\IMJP10K.DLL
2014-12-04 06:22 . 2014-12-04 04:37        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-12-04 06:22 . 2014-12-04 04:37        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"X-Rite Legacy Device"="c:\program files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe" [2010-09-28 105984]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-03-28 413696]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
S2 i1 Display Service;X-Rite Device i1 Display;c:\program files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe;c:\program files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 xritedeviced;X-Rite Device Manager;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 09:18]
.
2014-12-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2015-01-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-07-10 63776]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com/?pc=COSP&ptag=D120814-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d7b173e2-2274-4119-89d1-396c57691e07} - c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKLM-Run-PDFVPrinter - c:\program files (x86)\Classic PDF Editor\PDFVPrinter.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{d7b173e2-2274-4119-89d1-396c57691e07} - c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.x64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E} - c:\program files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-17  20:55:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-17 19:55
.
Vor Suchlauf: 15 Verzeichnis(se), 30.828.900.352 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 30.245.515.264 Bytes frei
.
- - End Of File - - 8C491F0B709C07B1ED9E47CA344DD0B3

schrauber 17.01.2015 23:42
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Energie2000 18.01.2015 10:45
Hallo Schrauber,

noch vorab - ich habe meinen Virenscanner MS Essentials, wie gefordert, deinstalliert.
Würdest Du den wieder empfehlen oder einen anderen?
Hier die 4 Dateien:

Code:
----------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.01.2015
Suchlauf-Zeit: 10:00:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.18.05
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: labuhn

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353884
Verstrichene Zeit: 5 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, In Quarantäne, [8756e018d7b22610621802ffa75b649c],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 6
Trojan.Agent, C:\Program Files (x86)\uNiisales\uNiisales.exe, In Quarantäne, [b22bb048701971c5e09ae71a37cb6c94],
Trojan.Agent, C:\Program Files (x86)\Live Radio Stations\Live Radio Stations.exe, In Quarantäne, [8756e018d7b22610621802ffa75b649c],
PUP.Optional.RegCleanerPro, C:\Users\labuhn\Downloads\rcpsetup_softonic_new_de_ros_new.exe, In Quarantäne, [18c576821d6ca78f5c4d71bc8180b54b],
PUP.Optional.Softonic, C:\Users\labuhn\Downloads\SoftonicDownloader_for_classic-pdf-editor.exe, In Quarantäne, [ad30e3150089d46277f7260152af48b8],
PUP.Optional.Softonic.A, C:\Users\labuhn\Downloads\SoftonicDownloader_fuer_pdf-redirect.exe, In Quarantäne, [b429a65264256cca2aa2281ab94848b8],
PUP.Optional.Somoto.A, C:\Users\labuhn\Downloads\VLCVideoConverterSetup.exe, In Quarantäne, [d10c14e4bdcc0d295f12a98f57a92bd5],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)
----------------

Code:
----------------AdwCleaner Logfile:

       
Code:

       
# AdwCleaner v4.108 - Bericht erstellt am 18/01/2015 um 10:21:55
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : labuhn - LABUHN-THINK
# Gestartet von : C:\Users\labuhn\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\labuhn\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\labuhn\AppData\Roaming\Solvusoft
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd7b173e2_2274_4119_89d1_396c57691e07_.Pd7b173e2_2274_4119_89d1_396c57691e07_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd7b173e2_2274_4119_89d1_396c57691e07_.Pd7b173e2_2274_4119_89d1_396c57691e07_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{d7b173e2-2274-4119-89d1-396c57691e07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7b173e2-2274-4119-89d1-396c57691e07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d7b173e2-2274-4119-89d1-396c57691e07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v35.0 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R1].txt - [4647 octets] - [18/01/2015 10:18:47]
AdwCleaner[R2].txt - [4707 octets] - [18/01/2015 10:21:18]
AdwCleaner[S1].txt - [4284 octets] - [18/01/2015 10:21:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4344 octets] ##########

--- --- ---
----------------

Code:
----------------JRT Logfile:

       
Code:

       
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by labuhn on 18.01.2015 at 10:25:59,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\labuhn\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\prefetch\DRIVERINSTALLERUTILITY.EXE-58FE0B56.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\labuhn\AppData\Roaming\pcdr"
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{0FC9258D-424B-4225-A251-90002CC6466A}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{1590045A-4A65-46A4-BFB1-F8AE1895620E}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{1B52B66B-2EA9-4F18-865D-441D138A4923}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{1C436D92-1CEE-4BE5-9FA9-F13BEC705804}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{2838C558-6176-4648-B364-969F60983C0B}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{2C0329A4-F17D-40EA-8355-9A8E4F247338}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{33D2EFF2-24DC-492C-A343-ED77AF2EF8E9}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{41901703-0D31-4B14-ACC4-7E66C1A29D12}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{525453DB-A871-4220-914A-D7F917670AFD}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{5B6E9145-6268-4ED7-B71D-20E2AD8920E8}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{5EEC2651-B9B3-455A-809D-8617F2B9A0E5}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{603B241E-4C0F-4379-BCFC-6629F062D6E7}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{612F8AF9-6248-4FB7-862A-8864DB547239}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{6520D803-CE23-4BA9-9F93-2BDCF6BD7FF4}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{6676FBD9-1F3F-4193-96D6-5E5060D33D5F}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{6CEFA8ED-D54C-4128-A504-9F25EAD4B467}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{6EE9FFFB-2051-4344-AA0E-E2389AF63B65}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{6FCCB274-D888-4F56-9900-21A4BFCB88A7}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{702FEFB7-81F3-4CD4-BDD1-2BEE289ACDF0}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{70D53656-9BF2-41CD-825B-D1C74A5E7849}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{75A2A55C-ED9C-4749-B800-79EE3F1F6D6F}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{798AD570-B6ED-4858-9BEC-1B0BAEC0BFD5}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{7B3FCCF6-E81D-49C5-BF81-80A71481FBA0}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{9543B6D4-36A8-454E-82B7-F3D48D183432}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{96058351-1103-4445-BD73-62DBFF2A8F48}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{B289609A-4F3E-4A67-B469-1AB520DC9AAB}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{B5D32317-40AA-4167-88CD-FEE4465CF362}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{C3D1BB86-D0C0-4D26-8E95-14D590809145}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{C700976D-770F-4E83-93E3-00FDB1ECF7BE}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{C8CEB996-76E4-46D8-8581-3ED096B2080D}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{CB4E57A8-E359-4544-A64A-00E8FB181EFF}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{CD1C7B9C-EBD0-4413-B7BA-2B4DA883467E}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{CE6C7E97-DAA6-44B2-937F-6488851B8179}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{CFCCAB34-98C7-496D-92F6-DE5763EBBDC6}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{D170AA75-7EF0-4A5A-845D-2D4CB3A6B6F5}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{D2693611-654E-44CF-ADCB-66C6D8D96043}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{D62A84DA-A8CA-4988-A8D7-B046F14F8417}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{E0AD3550-E14B-43F8-87D6-E76B154F4AF9}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{E28A6FC9-9D8B-40D3-AA46-02738C4D9C5A}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{ECA27AFF-9BDC-4384-999D-2796E446D0D3}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{ED08F12A-4C20-4662-87DF-F9064C45EA76}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{EEB95024-3F3F-47DA-9A08-1CE69E4A26B4}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{F4BEC5AE-58A5-45CF-9952-C53718F7D524}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{F70F8B9D-6510-4E81-B20F-B506DAA4A784}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{F8C8C3FB-6E12-4193-B0AF-155A1E3CD127}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{FC58236B-EDB0-43DC-99EF-E4014B0FE59B}
Successfully deleted: [Empty Folder] C:\Users\labuhn\appdata\local\{FD22A05C-890D-4B88-B21E-1FC27E913661}



~~~ FireFox

Successfully deleted the following from C:\Users\labuhn\AppData\Roaming\mozilla\firefox\profiles\sbb75ta0.default\prefs.js

user_pref("extensions.guL2r1PD6Gt3PTzf.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.yUPYt5aFjCeWPuIB.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.yUPYt5aFjCeWPuIB.url", "hxxp://json-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rTw6qHrMg708BNmGWj8wmihGheDUojw8rdwFrja5qjU9qGhIC7n0rjkErjwFrdUErdsFtNhVCT94tMVKhd9
Emptied folder: C:\Users\labuhn\AppData\Roaming\mozilla\firefox\profiles\sbb75ta0.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.01.2015 at 10:29:23,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
----------------

Code:
----------------
FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by labuhn (administrator) on LABUHN-THINK on 18-01-2015 10:35:49
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE462
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default
FF NewTab: www.google.de
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-maps.xml
FF Extension: Flashblock - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-17]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-17]
FF Extension: Flash Block - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF Extension: Adblock Edge - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ofbhmgdnoeallignocbmcpnpondfanip] - C:\ProgramData\SaveByclick\ofbhmgdnoeallignocbmcpnpondfanip.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 10:34 - 2015-01-18 10:34 - 00000000 ___DC () C:\Users\labuhn\Desktop\FRST-OlderVersion
2015-01-18 10:29 - 2015-01-18 10:29 - 00006786 ____C () C:\Users\labuhn\Desktop\JRT.txt
2015-01-18 10:25 - 2015-01-18 10:25 - 01707939 ____C (Thisisu) C:\Users\labuhn\Downloads\JRT.exe
2015-01-18 10:25 - 2015-01-18 10:25 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-18 10:23 - 2015-01-18 10:23 - 00004464 ____C () C:\Users\labuhn\Desktop\AdwCleaner[S1].txt
2015-01-18 10:18 - 2015-01-18 10:21 - 00000000 ___DC () C:\AdwCleaner
2015-01-18 10:17 - 2015-01-18 10:17 - 02186752 ____C () C:\Users\labuhn\Downloads\AdwCleaner_4.108.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00002123 ____C () C:\Users\labuhn\Desktop\mbam.txt
2015-01-18 09:58 - 2015-01-18 10:30 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:57 - 2015-01-18 09:57 - 00001117 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 09:55 - 2015-01-18 09:56 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\labuhn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 20:55 - 2015-01-17 20:55 - 00032317 ____C () C:\ComboFix.txt
2015-01-17 20:48 - 2015-01-17 20:55 - 00000000 ___DC () C:\Qoobox
2015-01-17 20:48 - 2015-01-17 20:54 - 00000000 ___DC () C:\Windows\erdnt
2015-01-17 20:48 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-01-17 20:48 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-01-17 20:48 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-01-17 20:45 - 2015-01-18 10:22 - 00005618 ____C () C:\Windows\PFRO.log
2015-01-17 20:29 - 2015-01-17 20:29 - 05609736 ___RC (Swearware) C:\Users\labuhn\Desktop\ComboFix.exe
2015-01-17 20:26 - 2015-01-17 20:27 - 00000000 ___DC () C:\Users\labuhn\Downloads\RevoUninstallerPortable
2015-01-17 20:25 - 2015-01-17 20:25 - 02785665 ____C (PortableApps.com) C:\Users\labuhn\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-17 20:14 - 2015-01-17 20:14 - 00001279 ____C () C:\Users\labuhn\Desktop\Revo Uninstaller.lnk
2015-01-17 20:14 - 2015-01-17 20:14 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-01-17 20:13 - 2015-01-17 20:13 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\labuhn\Downloads\revosetup95.exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00035717 ____C () C:\Users\labuhn\Desktop\Addition.txt
2015-01-17 12:07 - 2015-01-18 10:35 - 00019793 ____C () C:\Users\labuhn\Desktop\FRST.txt
2015-01-17 12:07 - 2015-01-18 10:35 - 00000000 ___DC () C:\FRST
2015-01-17 12:07 - 2015-01-18 10:34 - 02126336 ____C (Farbar) C:\Users\labuhn\Desktop\FRST64.exe
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 ____C () C:\autoexec.bat
2015-01-17 11:12 - 2015-01-18 10:30 - 00001249 ____C () C:\Windows\setupact.log
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-17 10:53 - 2015-01-17 10:53 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-17 10:53 - 2015-01-17 10:53 - 00000833 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-17 10:52 - 2015-01-17 10:53 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-17 10:51 - 2015-01-17 10:51 - 04188536 ____C (Piriform Ltd) C:\Users\labuhn\Downloads\ccsetup501_slim.exe
2015-01-15 20:29 - 2015-01-18 10:17 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:29 - 2015-01-16 10:18 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:26 - 2015-01-14 08:32 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:26 - 2015-01-14 08:32 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:23 - 2015-01-13 18:23 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 07:18 - 2015-01-13 08:49 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-12 21:58 - 2015-01-12 21:58 - 00000773 ____C () C:\Windows\removeep.cmd
2015-01-12 21:41 - 2015-01-12 21:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\reaper
2015-01-12 20:55 - 2015-01-12 20:55 - 00000000 ___DC () C:\Users\Public\Lenovo
2015-01-12 20:30 - 2015-01-12 20:30 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 20:30 - 2015-01-12 20:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\Live Radio Stations
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNiisales
2015-01-07 12:44 - 2015-01-07 12:47 - 00000000 ___DC () C:\Users\labuhn\Documents\2015 Bewerbungen
2014-12-27 11:29 - 2015-01-08 09:52 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-01-28 Kontenklärung
2014-12-27 10:25 - 2014-12-27 11:19 - 00000000 __RDC () C:\Users\labuhn\Documents\Scannen
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\MAGIX
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Program Files\Common Files\MAGIX Shared
2014-12-26 18:27 - 2015-01-12 21:57 - 00000000 __RDC () C:\Users\labuhn\Documents\MAGIX
2014-12-26 18:27 - 2015-01-12 21:56 - 00000000 ___DC () C:\ProgramData\MAGIX
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Apple Computer
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieUserList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieSiteList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieBrowserModeList
2014-12-26 18:04 - 2014-12-26 18:04 - 01174352 ____C () C:\Users\labuhn\Downloads\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe
2014-12-24 08:44 - 2014-12-24 08:44 - 00003886 ____C () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 10:34 - 2011-12-11 08:37 - 00699682 ____C () C:\Windows\system32\perfh007.dat
2015-01-18 10:34 - 2011-12-11 08:37 - 00149790 ____C () C:\Windows\system32\perfc007.dat
2015-01-18 10:34 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 10:33 - 2011-12-11 00:04 - 01556596 ____C () C:\Windows\WindowsUpdate.log
2015-01-18 10:31 - 2011-12-26 16:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Temp
2015-01-18 10:30 - 2011-12-10 23:58 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-18 10:30 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-18 10:29 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:29 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:06 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Web
2015-01-17 20:54 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-17 20:53 - 2009-07-14 03:34 - 93847552 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 19398656 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-17 20:45 - 2013-11-10 11:50 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-17 20:45 - 2011-12-15 21:06 - 00000466 ____C () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-17 20:44 - 2013-11-10 11:50 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 20:44 - 2012-01-15 20:48 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-17 20:33 - 2011-12-15 21:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-17 14:12 - 2014-07-11 07:46 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Windows Live
2015-01-17 13:00 - 2011-12-11 00:06 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-17 11:47 - 2011-12-15 21:05 - 00000000 ___DC () C:\Users\labuhn
2015-01-17 10:55 - 2012-11-17 18:03 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\CrashDumps
2015-01-17 10:55 - 2012-01-07 19:15 - 00000000 ___DC () C:\Windows\Minidump
2015-01-17 10:55 - 2011-02-15 10:42 - 00000000 ___DC () C:\Windows\Panther
2015-01-16 20:07 - 2014-12-05 17:23 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-10_bis_12 Neuseeland & Sydney
2015-01-16 10:18 - 2013-02-27 15:06 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 10:18 - 2011-12-25 19:43 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 20:37 - 2011-12-15 21:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Adobe
2015-01-15 20:28 - 2014-01-19 15:53 - 00000000 ___DC () C:\ProgramData\McAfee Security Scan
2015-01-14 08:32 - 2013-08-15 20:27 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 08:23 - 2011-12-18 19:12 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 19:07 - 2012-04-29 20:08 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 18:33 - 2014-04-14 17:39 - 00000000 ___DC () C:\EFW 2014-04-14
2015-01-12 21:58 - 2014-04-27 09:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Lenovo
2015-01-12 21:58 - 2011-12-10 23:54 - 00000000 ___DC () C:\Program Files (x86)\Lenovo
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ___DC () C:\Windows\Downloaded Installations
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-01-12 20:55 - 2012-10-13 18:45 - 00000000 __HDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:03 - 2013-02-10 18:27 - 00011861 _____ () C:\Users\labuhn\Documents\Silberhochzeitsliste.xlsx
2015-01-05 10:54 - 2013-07-28 07:44 - 00000000 ___DC () C:\Users\labuhn\Documents\2013-07-27 Silberhochzeit
2015-01-05 10:47 - 2014-02-23 19:05 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-02-23 Natalie beim Griechen
2015-01-04 19:07 - 2011-12-28 18:50 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-12-29 09:53 - 2014-08-15 18:39 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-07-26 Vater und Torsten
2014-12-28 22:41 - 2014-02-23 19:34 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-06-17 Dichtschlemme
2014-12-27 10:18 - 2014-01-28 13:39 - 00000000 ___DC () C:\Users\labuhn\Documents\Scanner
2014-12-26 18:52 - 2011-12-15 21:06 - 00152288 ____C () C:\Users\labuhn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:52 - 2009-07-14 05:45 - 00481912 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-26 18:27 - 2014-10-02 10:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-12-26 18:27 - 2011-12-16 20:00 - 00000000 ___DC () C:\Program Files (x86)\MSXML 4.0
2014-12-26 18:14 - 2012-10-13 18:37 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\vlc
2014-12-24 14:15 - 2011-12-26 16:57 - 00000000 ___DC () C:\Dateien 2014-12-31
2014-12-23 09:40 - 2011-12-15 21:06 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-22 17:14 - 2011-12-11 00:06 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

==================== Files in the root of some directories =======
2012-06-28 09:20 - 2012-06-28 09:20 - 0033134 ____C () C:\Users\labuhn\AppData\Roaming\UserTile.png
2012-10-13 20:18 - 2012-10-13 20:18 - 0000438 ____C () C:\Users\labuhn\AppData\Local\WiDiLog.20121013.211832.txt
2012-10-13 20:18 - 2012-10-13 20:18 - 0018362 ____C () C:\Users\labuhn\AppData\Local\WiDiSetupLog.20121013.211803.txt

Files to move or delete:
====================
C:\Users\labuhn\Windows-KB890830-x64-V5.9.exe


Some content of TEMP:
====================
C:\Users\labuhn\AppData\Local\Temp\Quarantine.exe
C:\Users\labuhn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 19:27

==================== End Of Log ============================

--- --- ---
----------------

Gruß
Energie2000

schrauber 18.01.2015 15:03
Ich empfehle immer Emsisoft, aber ich arbeite da auch ;)



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Energie2000 18.01.2015 17:53
Hallo Schrauber,

hier die 3 Dateien:

Code:
-----------
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b721dd2a721274485914409b469b24f
# engine=22025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 04:36:23
# local_time=2015-01-18 05:36:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 23957 173228833 0 0
# scanned=140381
# found=14
# cleaned=0
# scan_time=2491
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=33E5392D35B724ECF66AA36489157C066FDDC8F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AdwCleaner\Quarantine\C\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js.vir"
sh=3F1E3FEADF5EC6EE628449CBC22C5D985386C18F ft=1 fh=e743fc859d55bcb1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F50F71B9E6BF8564B187F601C4A19072FC1454B4 ft=1 fh=c71c00115ef13320 vn="Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.dll.vir"
sh=513A1CE746B7F9B39AB7049DC2CDB9BCAFDEC84F ft=1 fh=02e66a7f0d73e0bb vn="Variante von Win64/Adware.MultiPlug.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\uNNisAAlEs\YavYSmv6Yag7QB.x64.dll.vir"
sh=D7CBBD943C9ED15686A1202BF157933691D9DDCC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\F1ZWLpcU@4.com\content\bg.js.vir"
sh=CDCEE6B3756D8DC49E510662A50356F518E55897 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\extensions\rr7G7@h.edu\content\bg.js.vir"
sh=753033120B8C5A16F25C6F85B03510B762757008 ft=1 fh=7c13345a1dd21668 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\labuhn\Downloads\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe"
sh=2E170BEC1EB091730AD5A4520BE14C2A1495CCF0 ft=1 fh=f2bdc9334a1a5b8b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\labuhn\Downloads\PDF24 Creator - CHIP-Installer.exe"
sh=2A59544244BB2BDDEA8A3088CF0C0BC1DEB81429 ft=1 fh=0d3716407cb68361 vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\labuhn\Downloads\ZipOpenerSetup.exe"
sh=68CE3A6F1348021B51292EDF344DB5D632CA84BD ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="Q:\LABUHN-THINK\Backup Set 2012-11-22 132612\Backup Files 2012-11-22 132612\Backup files 1.zip"
sh=8231328857D05D28CE96CFF316D3A1FDC529E62D ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.F evtl. unerwünschte Anwendung" ac=I fn="Q:\LABUHN-THINK\Backup Set 2012-11-22 132612\Backup Files 2012-11-22 132612\Backup files 4.zip"
sh=F92AB855DB160EFB651E717CA4539C025A9D78AD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="Q:\LABUHN-THINK\Backup Set 2015-01-15 195504\Backup Files 2015-01-15 195504\Backup files 1.zip"
sh=9EC4BD7360F1D03671CC7F1DB0434B8A7E2E6748 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="Q:\LABUHN-THINK\Backup Set 2015-01-15 195504\Backup Files 2015-01-15 195504\Backup files 2.zip"
----------

Code:
-----------
 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.257 
 Adobe Reader XI 
 Mozilla Firefox (35.0)
 Google Chrome 12.0.742.112 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
----------

Code:
-----------
FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by labuhn (administrator) on LABUHN-THINK on 18-01-2015 17:46:38
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\labuhn\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE462
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default
FF NewTab: www.google.de
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\searchplugins\google-maps.xml
FF Extension: Flashblock - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-17]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-17]
FF Extension: Flash Block - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF Extension: Adblock Edge - C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\sbb75ta0.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ofbhmgdnoeallignocbmcpnpondfanip] - C:\ProgramData\SaveByclick\ofbhmgdnoeallignocbmcpnpondfanip.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 17:41 - 2015-01-18 17:41 - 00852504 ____C () C:\Users\labuhn\Desktop\SecurityCheck.exe
2015-01-18 16:48 - 2015-01-18 16:48 - 00000000 ___DC () C:\Program Files (x86)\ESET
2015-01-18 16:46 - 2015-01-18 16:46 - 02347384 ____C (ESET) C:\Users\labuhn\Desktop\esetsmartinstaller_deu.exe
2015-01-18 11:32 - 2015-01-18 11:32 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{88BB5101-9A6D-4005-8748-ECAF1670213A}
2015-01-18 11:29 - 2015-01-18 11:29 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\PCDr
2015-01-18 11:28 - 2015-01-18 16:43 - 00000000 ___DC () C:\ProgramData\PCDr
2015-01-18 10:34 - 2015-01-18 17:46 - 00000000 ___DC () C:\Users\labuhn\Desktop\FRST-OlderVersion
2015-01-18 10:29 - 2015-01-18 10:29 - 00006786 ____C () C:\Users\labuhn\Desktop\JRT.txt
2015-01-18 10:25 - 2015-01-18 10:25 - 01707939 ____C (Thisisu) C:\Users\labuhn\Downloads\JRT.exe
2015-01-18 10:25 - 2015-01-18 10:25 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-18 10:23 - 2015-01-18 10:23 - 00004464 ____C () C:\Users\labuhn\Desktop\AdwCleaner[S1].txt
2015-01-18 10:18 - 2015-01-18 10:21 - 00000000 ___DC () C:\AdwCleaner
2015-01-18 10:17 - 2015-01-18 10:17 - 02186752 ____C () C:\Users\labuhn\Downloads\AdwCleaner_4.108.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00002123 ____C () C:\Users\labuhn\Desktop\mbam.txt
2015-01-18 09:58 - 2015-01-18 16:05 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:57 - 2015-01-18 09:57 - 00001117 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 09:55 - 2015-01-18 09:56 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\labuhn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 20:55 - 2015-01-17 20:55 - 00032317 ____C () C:\ComboFix.txt
2015-01-17 20:48 - 2015-01-17 20:55 - 00000000 ___DC () C:\Qoobox
2015-01-17 20:48 - 2015-01-17 20:54 - 00000000 ___DC () C:\Windows\erdnt
2015-01-17 20:48 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-01-17 20:48 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-01-17 20:48 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-01-17 20:45 - 2015-01-18 10:22 - 00005618 ____C () C:\Windows\PFRO.log
2015-01-17 20:29 - 2015-01-17 20:29 - 05609736 ___RC (Swearware) C:\Users\labuhn\Desktop\ComboFix.exe
2015-01-17 20:26 - 2015-01-17 20:27 - 00000000 ___DC () C:\Users\labuhn\Downloads\RevoUninstallerPortable
2015-01-17 20:25 - 2015-01-17 20:25 - 02785665 ____C (PortableApps.com) C:\Users\labuhn\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-17 20:14 - 2015-01-17 20:14 - 00001279 ____C () C:\Users\labuhn\Desktop\Revo Uninstaller.lnk
2015-01-17 20:14 - 2015-01-17 20:14 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-01-17 20:13 - 2015-01-17 20:13 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\labuhn\Downloads\revosetup95.exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00035717 ____C () C:\Users\labuhn\Desktop\Addition.txt
2015-01-17 12:07 - 2015-01-18 17:46 - 02126848 ____C (Farbar) C:\Users\labuhn\Desktop\FRST64.exe
2015-01-17 12:07 - 2015-01-18 17:46 - 00020043 ____C () C:\Users\labuhn\Desktop\FRST.txt
2015-01-17 12:07 - 2015-01-18 17:46 - 00000000 ___DC () C:\FRST
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 ____C () C:\autoexec.bat
2015-01-17 11:12 - 2015-01-18 10:57 - 00001603 ____C () C:\Windows\setupact.log
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-17 10:53 - 2015-01-17 10:53 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-17 10:53 - 2015-01-17 10:53 - 00000833 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-17 10:52 - 2015-01-17 10:53 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-17 10:51 - 2015-01-17 10:51 - 04188536 ____C (Piriform Ltd) C:\Users\labuhn\Downloads\ccsetup501_slim.exe
2015-01-15 20:29 - 2015-01-18 17:17 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:29 - 2015-01-16 10:18 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:26 - 2015-01-14 08:32 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:26 - 2015-01-14 08:32 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:23 - 2015-01-13 18:23 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 07:18 - 2015-01-13 08:49 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-12 21:58 - 2015-01-12 21:58 - 00000773 ____C () C:\Windows\removeep.cmd
2015-01-12 21:41 - 2015-01-12 21:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\reaper
2015-01-12 20:55 - 2015-01-12 20:55 - 00000000 ___DC () C:\Users\Public\Lenovo
2015-01-12 20:30 - 2015-01-12 20:30 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 20:30 - 2015-01-12 20:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\Live Radio Stations
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNiisales
2015-01-07 12:44 - 2015-01-07 12:47 - 00000000 ___DC () C:\Users\labuhn\Documents\2015 Bewerbungen
2014-12-27 11:29 - 2015-01-08 09:52 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-01-28 Kontenklärung
2014-12-27 10:25 - 2014-12-27 11:19 - 00000000 __RDC () C:\Users\labuhn\Documents\Scannen
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\MAGIX
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Program Files\Common Files\MAGIX Shared
2014-12-26 18:27 - 2015-01-12 21:57 - 00000000 __RDC () C:\Users\labuhn\Documents\MAGIX
2014-12-26 18:27 - 2015-01-12 21:56 - 00000000 ___DC () C:\ProgramData\MAGIX
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Apple Computer
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieUserList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieSiteList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieBrowserModeList
2014-12-26 18:04 - 2014-12-26 18:04 - 01174352 ____C () C:\Users\labuhn\Downloads\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe
2014-12-24 08:44 - 2014-12-24 08:44 - 00003886 ____C () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 16:43 - 2011-12-15 21:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-18 16:35 - 2011-12-11 00:04 - 01573855 ____C () C:\Windows\WindowsUpdate.log
2015-01-18 13:00 - 2011-12-15 21:06 - 00000466 ____C () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-18 13:00 - 2011-12-11 00:06 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-18 12:54 - 2011-12-11 08:37 - 00699682 ____C () C:\Windows\system32\perfh007.dat
2015-01-18 12:54 - 2011-12-11 08:37 - 00149790 ____C () C:\Windows\system32\perfc007.dat
2015-01-18 12:54 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 10:54 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:54 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:47 - 2011-12-10 23:58 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-18 10:47 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-18 10:31 - 2011-12-26 16:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Temp
2015-01-18 10:07 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Web
2015-01-17 20:54 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-17 20:53 - 2009-07-14 03:34 - 93847552 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 19398656 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-17 20:45 - 2013-11-10 11:50 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-17 20:44 - 2013-11-10 11:50 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 20:44 - 2012-01-15 20:48 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-17 14:12 - 2014-07-11 07:46 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Windows Live
2015-01-17 11:47 - 2011-12-15 21:05 - 00000000 ___DC () C:\Users\labuhn
2015-01-17 10:55 - 2012-11-17 18:03 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\CrashDumps
2015-01-17 10:55 - 2012-01-07 19:15 - 00000000 ___DC () C:\Windows\Minidump
2015-01-17 10:55 - 2011-02-15 10:42 - 00000000 ___DC () C:\Windows\Panther
2015-01-16 20:07 - 2014-12-05 17:23 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-10_bis_12 Neuseeland & Sydney
2015-01-16 10:18 - 2013-02-27 15:06 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 10:18 - 2011-12-25 19:43 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 20:37 - 2011-12-15 21:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Adobe
2015-01-15 20:28 - 2014-01-19 15:53 - 00000000 ___DC () C:\ProgramData\McAfee Security Scan
2015-01-14 08:32 - 2013-08-15 20:27 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 08:23 - 2011-12-18 19:12 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 19:07 - 2012-04-29 20:08 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 18:33 - 2014-04-14 17:39 - 00000000 ___DC () C:\EFW 2014-04-14
2015-01-12 21:58 - 2014-04-27 09:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Lenovo
2015-01-12 21:58 - 2011-12-10 23:54 - 00000000 ___DC () C:\Program Files (x86)\Lenovo
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ___DC () C:\Windows\Downloaded Installations
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-01-12 20:55 - 2012-10-13 18:45 - 00000000 __HDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:03 - 2013-02-10 18:27 - 00011861 _____ () C:\Users\labuhn\Documents\Silberhochzeitsliste.xlsx
2015-01-05 10:54 - 2013-07-28 07:44 - 00000000 ___DC () C:\Users\labuhn\Documents\2013-07-27 Silberhochzeit
2015-01-05 10:47 - 2014-02-23 19:05 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-02-23 Natalie beim Griechen
2015-01-04 19:07 - 2011-12-28 18:50 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-12-29 09:53 - 2014-08-15 18:39 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-07-26 Vater und Torsten
2014-12-28 22:41 - 2014-02-23 19:34 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-06-17 Dichtschlemme
2014-12-27 10:18 - 2014-01-28 13:39 - 00000000 ___DC () C:\Users\labuhn\Documents\Scanner
2014-12-26 18:52 - 2011-12-15 21:06 - 00152288 ____C () C:\Users\labuhn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:52 - 2009-07-14 05:45 - 00481912 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-26 18:27 - 2014-10-02 10:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-12-26 18:27 - 2011-12-16 20:00 - 00000000 ___DC () C:\Program Files (x86)\MSXML 4.0
2014-12-26 18:14 - 2012-10-13 18:37 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\vlc
2014-12-24 14:15 - 2011-12-26 16:57 - 00000000 ___DC () C:\Dateien 2014-12-31
2014-12-23 09:40 - 2011-12-15 21:06 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-22 17:14 - 2011-12-11 00:06 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

==================== Files in the root of some directories =======
2012-06-28 09:20 - 2012-06-28 09:20 - 0033134 ____C () C:\Users\labuhn\AppData\Roaming\UserTile.png
2012-10-13 20:18 - 2012-10-13 20:18 - 0000438 ____C () C:\Users\labuhn\AppData\Local\WiDiLog.20121013.211832.txt
2012-10-13 20:18 - 2012-10-13 20:18 - 0018362 ____C () C:\Users\labuhn\AppData\Local\WiDiSetupLog.20121013.211803.txt

Files to move or delete:
====================
C:\Users\labuhn\Windows-KB890830-x64-V5.9.exe


Some content of TEMP:
====================
C:\Users\labuhn\AppData\Local\Temp\Quarantine.exe
C:\Users\labuhn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 19:27

==================== End Of Log ============================

--- --- ---
----------
Seit letzter Woche keine Parallelansicht mit 2tem Monitor an meinem Laptop. Nur noch einer funktioniert (entweder oder). Angeblich fehlt mfc100.dll.
Wo kriege ich die sicher her?
Danke wieder im Voraus.

Gruß

schrauber 18.01.2015 19:49
Grafiktreiber neu installieren.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Download Ordner und Backup auf Q löschen.

Frisches FRST log bitte.

Energie2000 18.01.2015 21:19
Ich habe Firefox, nicht Chrome.
Soll ich Firefox mit Revo Uninstaller deinstallieren?

schrauber 19.01.2015 10:57
Sicher das kein Chrome installiert ist?

Für FF ist es ähnlich:

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Energie2000 19.01.2015 18:41
Hallo Schrauber,

habe getan.
Vorab: Soll ich die installierten Sachen, wie Revo Unsinstaller, Malwarebytes.. etc. deinstallieren und löschen?

Hier erstmal FST

Code:
--------------
FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by labuhn (administrator) on LABUHN-THINK on 19-01-2015 18:29:55
Running from C:\Users\labuhn\Desktop
Loaded Profiles: labuhn (Available profiles: UpdatusUser & labuhn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1102651152-2822926887-2028513216-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE462
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1102651152-2822926887-2028513216-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\labuhn\AppData\Roaming\Mozilla\Firefox\Profiles\ncc1avcd.default-1421688447215
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\labuhn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [ofbhmgdnoeallignocbmcpnpondfanip] - C:\ProgramData\SaveByclick\ofbhmgdnoeallignocbmcpnpondfanip.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\labuhn\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:27 - 2015-01-19 18:27 - 00000000 ___DC () C:\Users\labuhn\Desktop\Alte Firefox-Daten
2015-01-19 18:24 - 2015-01-19 18:24 - 00001174 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 18:24 - 2015-01-19 18:24 - 00001162 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 18:24 - 2015-01-19 18:24 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 18:24 - 2015-01-19 18:24 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 21:13 - 2015-01-18 21:13 - 00003272 ____C () C:\Windows\System32\Tasks\{1242A189-364D-4123-A75E-83E64A5B352F}
2015-01-18 21:10 - 2015-01-18 21:10 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\labuhn\Desktop\revosetup95.exe
2015-01-18 19:05 - 2015-01-18 19:05 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{40915967-1A4F-4461-8AE9-CEA1C81EE4C7}
2015-01-18 17:41 - 2015-01-18 17:41 - 00852504 ____C () C:\Users\labuhn\Desktop\SecurityCheck.exe
2015-01-18 16:46 - 2015-01-18 16:46 - 02347384 ____C (ESET) C:\Users\labuhn\Desktop\esetsmartinstaller_deu.exe
2015-01-18 11:32 - 2015-01-18 11:32 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\{88BB5101-9A6D-4005-8748-ECAF1670213A}
2015-01-18 11:29 - 2015-01-18 11:29 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\PCDr
2015-01-18 11:28 - 2015-01-18 16:43 - 00000000 ___DC () C:\ProgramData\PCDr
2015-01-18 10:34 - 2015-01-18 17:46 - 00000000 ___DC () C:\Users\labuhn\Desktop\FRST-OlderVersion
2015-01-18 10:29 - 2015-01-18 10:29 - 00006786 ____C () C:\Users\labuhn\Desktop\JRT.txt
2015-01-18 10:25 - 2015-01-18 10:25 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-18 10:23 - 2015-01-18 10:23 - 00004464 ____C () C:\Users\labuhn\Desktop\AdwCleaner[S1].txt
2015-01-18 10:18 - 2015-01-18 10:21 - 00000000 ___DC () C:\AdwCleaner
2015-01-18 10:13 - 2015-01-18 10:13 - 00002123 ____C () C:\Users\labuhn\Desktop\mbam.txt
2015-01-18 09:58 - 2015-01-19 18:12 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:57 - 2015-01-18 09:57 - 00001117 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-18 09:57 - 2015-01-18 09:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 09:57 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 09:57 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 20:55 - 2015-01-17 20:55 - 00032317 ____C () C:\ComboFix.txt
2015-01-17 20:48 - 2015-01-17 20:55 - 00000000 ___DC () C:\Qoobox
2015-01-17 20:48 - 2015-01-17 20:54 - 00000000 ___DC () C:\Windows\erdnt
2015-01-17 20:48 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-01-17 20:48 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-01-17 20:48 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-01-17 20:48 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-01-17 20:45 - 2015-01-18 19:00 - 00006436 ____C () C:\Windows\PFRO.log
2015-01-17 20:29 - 2015-01-17 20:29 - 05609736 ___RC (Swearware) C:\Users\labuhn\Desktop\ComboFix.exe
2015-01-17 20:14 - 2015-01-19 18:13 - 00001279 ____C () C:\Users\labuhn\Desktop\Revo Uninstaller.lnk
2015-01-17 20:14 - 2015-01-19 18:13 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-01-17 12:08 - 2015-01-17 12:08 - 00035717 ____C () C:\Users\labuhn\Desktop\Addition.txt
2015-01-17 12:07 - 2015-01-19 18:29 - 00018354 ____C () C:\Users\labuhn\Desktop\FRST.txt
2015-01-17 12:07 - 2015-01-19 18:29 - 00000000 ___DC () C:\FRST
2015-01-17 12:07 - 2015-01-18 17:46 - 02126848 ____C (Farbar) C:\Users\labuhn\Desktop\FRST64.exe
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 ____C () C:\autoexec.bat
2015-01-17 11:12 - 2015-01-19 18:19 - 00002386 ____C () C:\Windows\setupact.log
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-17 10:53 - 2015-01-17 10:53 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-17 10:53 - 2015-01-17 10:53 - 00000833 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-17 10:52 - 2015-01-17 10:53 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-15 20:29 - 2015-01-19 18:17 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:29 - 2015-01-16 10:18 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:26 - 2015-01-14 08:32 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:26 - 2015-01-14 08:32 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:26 - 2015-01-14 08:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:26 - 2015-01-14 08:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 07:18 - 2015-01-13 08:49 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-12 21:58 - 2015-01-12 21:58 - 00000773 ____C () C:\Windows\removeep.cmd
2015-01-12 21:41 - 2015-01-12 21:41 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\reaper
2015-01-12 20:55 - 2015-01-12 20:55 - 00000000 ___DC () C:\Users\Public\Lenovo
2015-01-12 20:30 - 2015-01-12 20:30 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 20:30 - 2015-01-12 20:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 20:30 - 2015-01-12 20:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 20:30 - 2015-01-12 20:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-11 10:00 - 2015-01-11 10:00 - 00000000 ___DC () C:\Program Files (x86)\Live Radio Stations
2015-01-11 09:59 - 2015-01-11 09:59 - 00000000 ___DC () C:\Program Files (x86)\uNiisales
2015-01-07 12:44 - 2015-01-07 12:47 - 00000000 ___DC () C:\Users\labuhn\Documents\2015 Bewerbungen
2014-12-27 11:29 - 2015-01-08 09:52 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-01-28 Kontenklärung
2014-12-27 10:25 - 2014-12-27 11:19 - 00000000 __RDC () C:\Users\labuhn\Documents\Scannen
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\MAGIX
2014-12-26 18:28 - 2014-12-26 18:28 - 00000000 ___DC () C:\Program Files\Common Files\MAGIX Shared
2014-12-26 18:27 - 2015-01-12 21:57 - 00000000 __RDC () C:\Users\labuhn\Documents\MAGIX
2014-12-26 18:27 - 2015-01-12 21:56 - 00000000 ___DC () C:\ProgramData\MAGIX
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-12-26 18:16 - 2014-12-26 18:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Apple Computer
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieUserList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieSiteList
2014-12-26 18:07 - 2014-12-26 18:07 - 00000000 _SHDC () C:\Users\labuhn\AppData\Local\EmieBrowserModeList
2014-12-24 08:44 - 2014-12-24 08:44 - 00003886 ____C () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:25 - 2011-12-15 21:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-19 18:25 - 2011-12-15 21:06 - 00000466 ____C () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-19 18:25 - 2011-12-11 00:06 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-19 18:16 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:16 - 2009-07-14 05:45 - 00031296 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:13 - 2011-12-11 08:37 - 00699682 ____C () C:\Windows\system32\perfh007.dat
2015-01-19 18:13 - 2011-12-11 08:37 - 00149790 ____C () C:\Windows\system32\perfc007.dat
2015-01-19 18:13 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 18:12 - 2011-12-11 00:04 - 01632079 ____C () C:\Windows\WindowsUpdate.log
2015-01-19 18:10 - 2011-12-26 16:40 - 00000000 ___DC () C:\Users\labuhn\AppData\Temp
2015-01-19 18:09 - 2011-12-10 23:58 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-19 18:09 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-18 10:07 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Web
2015-01-17 20:54 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-17 20:53 - 2009-07-14 03:34 - 93847552 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 19398656 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-17 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-17 20:45 - 2013-11-10 11:50 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-17 20:44 - 2013-11-10 11:50 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 20:44 - 2012-01-15 20:48 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-17 14:12 - 2014-07-11 07:46 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Windows Live
2015-01-17 11:47 - 2011-12-15 21:05 - 00000000 ___DC () C:\Users\labuhn
2015-01-17 10:55 - 2012-11-17 18:03 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\CrashDumps
2015-01-17 10:55 - 2012-01-07 19:15 - 00000000 ___DC () C:\Windows\Minidump
2015-01-17 10:55 - 2011-02-15 10:42 - 00000000 ___DC () C:\Windows\Panther
2015-01-16 20:07 - 2014-12-05 17:23 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-10_bis_12 Neuseeland & Sydney
2015-01-16 10:18 - 2013-02-27 15:06 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 10:18 - 2011-12-25 19:43 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 20:37 - 2011-12-15 21:16 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Adobe
2015-01-15 20:28 - 2014-01-19 15:53 - 00000000 ___DC () C:\ProgramData\McAfee Security Scan
2015-01-14 08:32 - 2013-08-15 20:27 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 08:23 - 2011-12-18 19:12 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 18:33 - 2014-04-14 17:39 - 00000000 ___DC () C:\EFW 2014-04-14
2015-01-12 21:58 - 2014-04-27 09:50 - 00000000 ___DC () C:\Users\labuhn\AppData\Local\Lenovo
2015-01-12 21:58 - 2011-12-10 23:54 - 00000000 ___DC () C:\Program Files (x86)\Lenovo
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ___DC () C:\Windows\Downloaded Installations
2015-01-12 20:56 - 2011-12-11 00:04 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-01-12 20:55 - 2012-10-13 18:45 - 00000000 __HDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:03 - 2013-02-10 18:27 - 00011861 _____ () C:\Users\labuhn\Documents\Silberhochzeitsliste.xlsx
2015-01-05 10:54 - 2013-07-28 07:44 - 00000000 ___DC () C:\Users\labuhn\Documents\2013-07-27 Silberhochzeit
2015-01-05 10:47 - 2014-02-23 19:05 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-02-23 Natalie beim Griechen
2015-01-04 19:07 - 2011-12-28 18:50 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-12-29 09:53 - 2014-08-15 18:39 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-07-26 Vater und Torsten
2014-12-28 22:41 - 2014-02-23 19:34 - 00000000 ___DC () C:\Users\labuhn\Documents\2014-06-17 Dichtschlemme
2014-12-27 10:18 - 2014-01-28 13:39 - 00000000 ___DC () C:\Users\labuhn\Documents\Scanner
2014-12-26 18:52 - 2011-12-15 21:06 - 00152288 ____C () C:\Users\labuhn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:52 - 2009-07-14 05:45 - 00481912 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-26 18:27 - 2014-10-02 10:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-12-26 18:27 - 2011-12-16 20:00 - 00000000 ___DC () C:\Program Files (x86)\MSXML 4.0
2014-12-26 18:14 - 2012-10-13 18:37 - 00000000 ___DC () C:\Users\labuhn\AppData\Roaming\vlc
2014-12-24 14:15 - 2011-12-26 16:57 - 00000000 ___DC () C:\Dateien 2014-12-31
2014-12-23 09:40 - 2011-12-15 21:06 - 00000528 ____C () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-22 17:14 - 2011-12-11 00:06 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

==================== Files in the root of some directories =======
2012-06-28 09:20 - 2012-06-28 09:20 - 0033134 ____C () C:\Users\labuhn\AppData\Roaming\UserTile.png
2012-10-13 20:18 - 2012-10-13 20:18 - 0000438 ____C () C:\Users\labuhn\AppData\Local\WiDiLog.20121013.211832.txt
2012-10-13 20:18 - 2012-10-13 20:18 - 0018362 ____C () C:\Users\labuhn\AppData\Local\WiDiSetupLog.20121013.211803.txt

Files to move or delete:
====================
C:\Users\labuhn\Windows-KB890830-x64-V5.9.exe


Some content of TEMP:
====================
C:\Users\labuhn\AppData\Local\Temp\Quarantine.exe
C:\Users\labuhn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 19:27

==================== End Of Log ============================

--- --- ---
-------------
Gruß

schrauber 19.01.2015 20:31
Machen wir jetzt:

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Energie2000 22.01.2015 21:28
Hallo Schrauber,

Rechner läuft wieder. Danke schonmal.
Habe noch Fragen:

Woher bekomme ich sicher die Datei mfc100.dll ? Fehlt angeblich, deshalb keine Paralleleinstellung für 2. Monitor am Laptop (bzw. Laptopmonitor geht nicht, nur der externe).

Ist der CCCleaner ein Registery Cleaner? Habe ihn aber bereits deinstalliert.


Ich habe jetzt Emisoft VirenScanner und Firewall.
Nach dem Scannen ist immer noch eine schädliche Datei, die sich weder in Quarantäne bringen noch löschen lässt. Was wäre zu tun?
Hier der Scan-Report

Code:
-------------------
Emsisoft Internet Security - Version 9.0
Letztes Update: 20.01.2015 22:02:09
Benutzerkonto: labuhn-THINK\labuhn

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        20.01.2015 22:19:34
C:\Windows\system32\inf\        gefunden: Trojan.Win32.Agent (A)

Gescannt        59395
Gefunden        1

Scan Ende:        20.01.2015 22:20:11
Scan Zeit:        0:00:37
------------------


Gruß
Energie2000


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:53 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131