Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Tbupdater.dll konnte nicht gefunden werden. (https://www.trojaner-board.de/151352-tbupdater-dll-konnte-gefunden.html)

pauligauli 22.03.2014 13:57
Tbupdater.dll konnte nicht gefunden werden.
 
Hallo - habe Anit malwarebytes installiert und sämtliche Auffälligkeiten nach dem Scan gelöscht. Jetzt kommt bei jedem Neustart.
C:\ Program Files \ Home Tab \ TBUpdater.dll
Das angegebene Modul wurde nicht gefunden.
Ich wäre ganz froh, wenn ich diese Meldung aus meinem Rechner bekommen würde.
Wer kann helfen ?

Hier meine FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by pr (administrator) on RENNHOFER-PC on 22-03-2014 10:37:22
Running from C:\Users\pr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LCWYRLY
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
() C:\Windows\System32\rpcnetp.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [TPWAUDAP] - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [946176 2007-05-31] (Authentec,Inc)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-01-08] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [Application Restart #2] - C:\Windows\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = My Yahoo
Home
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
SearchScopes: HKLM - {A00F4552-237C-4C4F-A225-EB7D6CCBD700} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120506131955152&tb_oid=06-05-2012&tb_mrud=06-05-2012
SearchScopes: HKCU - DefaultScope {FBC7529C-7DD7-4005-8A45-2E70AC0C2B9E} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
SearchScopes: HKCU - {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {8D8EB429-1F17-4E82-90A5-2A3258B34BBA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=10148&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=AB6A65AF-E1EF-4057-93AF-0984D95545D4&apn_sauid=6B498F3E-D547-415E-AD82-1D5866B72EE3
SearchScopes: HKCU - {A00F4552-237C-4C4F-A225-EB7D6CCBD700} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
SearchScopes: HKCU - {EF6E5A56-23CB-420D-8BFD-312F9DBFAFA4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863
SearchScopes: HKCU - {FBC7529C-7DD7-4005-8A45-2E70AC0C2B9E} URL = hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {000E148C-F7A7-445A-9044-93BF6CE09ECB} -  No File
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default
FF user.js: detected! => C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\user.js
FF NewTab: about:home
FF DefaultSearchEngine: FindWide
FF Homepage: about:home
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: searchya.com - C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\Extensions\ffxtlbr@searchya.com [2012-02-10]
FF Extension: Toolbar fuer eBay - C:\Program Files\Mozilla Firefox\extensions\ebay.xpi [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-16]

========================== Services (Whitelisted) =================

S3 AllShare; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2007-04-09] (Lenovo.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [24992 2011-07-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-07-16] (Samsung Electronics Co., Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [13312 2007-06-07] (Lenovo Group Limited)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-01-08] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 PRISM_USB; C:\Windows\System32\DRIVERS\PRISMUSB.sys [666624 2003-10-02] (GlobespanVirata, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S1 cnbqnjgv; \??\C:\Windows\system32\drivers\cnbqnjgv.sys [X]
S1 evzimgfj; \??\C:\Windows\system32\drivers\evzimgfj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jffcavgd; \??\C:\Windows\system32\drivers\jffcavgd.sys [X]
S1 lyttuzax; \??\C:\Windows\system32\drivers\lyttuzax.sys [X]
S1 mymbzouu; \??\C:\Windows\system32\drivers\mymbzouu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S1 pzibtxsf; \??\C:\Windows\system32\drivers\pzibtxsf.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:36 - 2014-03-22 10:37 - 00000000 ____D () C:\FRST
2014-03-22 10:22 - 2014-03-22 10:22 - 00000550 _____ () C:\Windows\PFRO.log
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:18 - 2014-03-15 11:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:31 - 2014-03-09 09:32 - 00000000 ____D () C:\Intel
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:16 - 2014-03-08 19:20 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:13 - 2014-03-08 19:16 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:05 - 2014-03-08 19:07 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:08 - 2014-03-08 15:08 - 00000828 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-08 15:05 - 2014-03-08 15:05 - 00000000 ___HD () C:\$AVG
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-02-22 19:09 - 2014-02-22 19:09 - 00001054 _____ () C:\Users\pr\Desktop\Amazon Cloud Player.lnk
2014-02-22 19:08 - 2014-02-22 19:11 - 00000000 ____D () C:\Users\pr\AppData\Local\Amazon Cloud Player
2014-02-22 19:08 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player

==================== One Month Modified Files and Folders =======

2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:37 - 2014-03-22 10:36 - 00000000 ____D () C:\FRST
2014-03-22 10:36 - 2008-06-24 10:13 - 01294818 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 10:26 - 2007-08-16 11:28 - 00025334 _____ () C:\Windows\system32\PROCDB.INI
2014-03-22 10:25 - 2013-03-31 10:53 - 00000000 ____D () C:\Users\pr\Desktop\CCleaner
2014-03-22 10:23 - 2014-01-18 09:00 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2014-03-22 10:22 - 2014-03-22 10:22 - 00000550 _____ () C:\Windows\PFRO.log
2014-03-22 10:22 - 2014-01-10 08:19 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-03-22 10:22 - 2007-08-16 11:28 - 00000000 _____ () C:\Windows\system32\IPSCtrl.INI
2014-03-22 10:22 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 10:22 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 10:22 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 10:17 - 2008-06-24 10:15 - 00003204 _____ () C:\Windows\bthservsdp.dat
2014-03-22 10:17 - 2006-11-02 13:58 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 10:14 - 2013-05-16 15:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
2014-03-22 09:39 - 2013-09-28 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-22 09:19 - 2012-05-23 22:42 - 00000774 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-22 09:19 - 2012-05-23 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-22 09:12 - 2013-05-01 12:36 - 00000000 ____D () C:\Windows\pss
2014-03-19 10:16 - 2010-08-27 14:34 - 00043008 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2014-03-19 08:29 - 2006-11-02 11:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 08:10 - 2008-11-07 18:49 - 00000000 ____D () C:\Users\sr\Sayeeda
2014-03-16 17:13 - 2013-05-16 15:42 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-16 08:52 - 2013-12-20 11:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 08:46 - 2013-10-10 14:52 - 00000000 ____D () C:\Users\pr\AppData\Roaming\HomeTab
2014-03-15 22:07 - 2013-10-10 14:53 - 00000000 ____D () C:\Users\pr\AppData\Roaming\SimplyTech
2014-03-15 22:04 - 2008-09-18 21:03 - 00000000 ____D () C:\Programme_download
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:19 - 2014-03-15 11:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-14 21:09 - 2013-05-20 11:23 - 00000000 ____D () C:\Users\pr\Documents\888poker
2014-03-09 15:21 - 2013-10-01 19:17 - 00000000 ____D () C:\Windows\system32\cache
2014-03-09 10:00 - 2013-09-28 16:57 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:32 - 2014-03-09 09:31 - 00000000 ____D () C:\Intel
2014-03-08 19:33 - 2014-03-08 19:16 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:20 - 2014-03-08 19:16 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:13 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:07 - 2014-03-08 19:05 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 17:15 - 2012-01-11 20:52 - 00000000 __SHD () C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}
2014-03-08 17:06 - 2013-12-20 11:43 - 00000000 ____D () C:\Users\pr\AppData\Local\genienext
2014-03-08 15:37 - 2011-06-16 07:25 - 00000000 ____D () C:\Program Files\FoxTab3GPConverter
2014-03-08 15:14 - 2013-10-09 07:13 - 00000000 ____D () C:\Users\sr\AppData\Local\Avg2014
2014-03-08 15:09 - 2013-09-29 13:55 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\Avg2014
2014-03-08 15:08 - 2014-03-08 15:08 - 00000828 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-08 15:08 - 2013-09-28 16:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-08 15:08 - 2012-09-30 11:52 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\TuneUp Software
2014-03-08 15:05 - 2014-03-08 15:05 - 00000000 ___HD () C:\$AVG
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-03-07 15:25 - 2011-01-09 17:17 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Skype
2014-03-07 15:23 - 2011-01-07 22:45 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\Skype
2014-03-07 14:41 - 2008-08-13 13:22 - 00270384 _____ () C:\Users\rennhofer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 09:52 - 2011-05-08 14:55 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Mozilla
2014-02-25 10:46 - 2008-11-08 15:27 - 00270384 _____ () C:\Users\sr\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-02-23 13:12 - 2013-04-09 15:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-22 19:19 - 2013-08-23 08:03 - 00000000 ____D () C:\Users\pr\Desktop\Musik
2014-02-22 19:11 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Local\Amazon Cloud Player
2014-02-22 19:09 - 2014-02-22 19:09 - 00001054 _____ () C:\Users\pr\Desktop\Amazon Cloud Player.lnk
2014-02-22 19:08 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-22 14:58 - 2008-09-13 17:38 - 00000000 ____D () C:\Users\pr
2014-02-20 16:30 - 2012-08-30 15:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

ZeroAccess:
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}\L\00000004.@

Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe


Some content of TEMP:
====================
C:\Users\pr\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\rennhofer\AppData\Local\Temp\oi_{AE75ED35-11E3-4AAB-AB08-20AD67C48EE1}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 10:33

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



und meine Addition

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by pr at 2014-03-22 10:42:04
Running from C:\Users\pr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LCWYRLY
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

888poker (HKLM\...\888poker) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.7 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.03 - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.06 - Broadcom Corporation)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.1 (HKLM\...\MP Navigator EX 1.1) (Version:  - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Setup Utility 2.3 (HKLM\...\Canon Setup Utility 2.3) (Version:  - )
Casio SMF Conveter (HKLM\...\InstallShield_{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}) (Version: 1.00.0000 - Your Company Name)
Casio SMF Conveter (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Client Security Solution (HKLM\...\{0F4EFCE8-E358-4430-A504-F55F32BA1816}) (Version: 8.0.0311.00 - Lenovo Group Limited)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dawn (HKLM\...\{459E0590-ECD4-490E-9E52-3EF1F1782225}) (Version: 5.4.0 - \)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Forte Free 2.0 (HKLM\...\Forte Free) (Version: 2.0 - Lugert Verlag)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hallmark Card Studio 2005 (HKLM\...\{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}) (Version: 6.0.0.0 - SierraHome)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00c - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
iPhoto Plus 4 (HKLM\...\iPhoto Plus 4) (Version:  - )
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo Fingerprint Software (HKLM\...\{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}) (Version: 1.1.0.21 - Ihr Firmenname)
Lenovo PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.00 - )
Maintenance Manager (HKLM\...\AwayTask) (Version: 3.0.5.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4SP2 (HKLM\...\InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}) (Version: 1.00.0000 - Sierra Entertainment, Inc.)
msxml4SP2 (Version: 1.00.0000 - Sierra Entertainment, Inc.) Hidden
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.00.11130 - Sony Corporation)
Network Magic (HKLM\...\{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}) (Version: 4.1.7082.0 - Pure Networks)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC-Doctor 5 für Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4565.08 - PC-Doctor, Inc.)
PixiePack Codec Pack (HKLM\...\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}) (Version: 0.10.6.0 - None)
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.63.1.6 - Lenovo)
PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 3.04 - )
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.00.0117.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.33.01 - )
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
SA32xx Device Manager (HKCU\...\{7CDC26F7-D6BF-442A-B599-0075A48310F7}) (Version: 01.01.00.1024 - Philips)
Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.11072_11 - Samsung Electronics Co., Ltd.)
Samsung AllShare (Version: 2.1.0.11072_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG PC Share Manager (HKLM\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (Version: 4.0 - SAMSUNG) Hidden
Secure Download Manager (HKLM\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version:  - Microsoft Corporation)
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
STRATO HiDrive (remove only) (HKLM\...\STRATO HiDrive) (Version:  - STRATO AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.00.0030 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 4.42 - )
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
Tiefpreisalarm 1.0 (HKLM\...\{3414EDA4-FA2E-4C24-83CE-E40BD6F47087}_is1) (Version:  - e-load)
TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wallpapers (Version:  - ) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WordPerfect Office X3 (Version: 13.2 - Corel Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1629A389-C9BD-4982-BFF2-AB796C7A30F8} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22C92C31-CF59-45DD-8BC7-8EDF4441BF54} - System32\Tasks\9317i31 => C:\Users\pr\AppData\Local\Temp\0.8598648385159425.exe <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {5AFF33DC-174D-4C6E-8616-6935C16C11D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {5F475CE1-27BA-4DBA-A99F-929A345AA58C} - System32\Tasks\{04D46EE2-3604-4477-B626-9EF0D9DDDC69} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {6558B681-9A77-451C-BC48-13352F0CC1A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08] (Adobe Systems Incorporated)
Task: {689D1068-5E2F-4828-9896-C1C452F21BF2} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files\HomeTab\TBUpdater.dll",TBCheckForUpdate
Task: {6EA9F42D-5C80-4133-BA49-FE15B6365272} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {89ACB852-F931-462F-A9A4-BD5A3AACAC28} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8D4778C4-65B5-44C6-9AA3-82CA1D9BAE56} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {C3B6A447-DFA7-437A-B5B6-E35A7FA67155} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - pr => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {CED79402-40F3-4742-A984-15B9622D170F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
Task: {EC2EBDA8-312C-4BB6-A585-55E185230165} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe <==== ATTENTION
Task: {F0A8EB5A-E16B-4A18-9435-54406F4426E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {F3848F5B-D092-414C-9800-567D26064A32} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - sr => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job => C:\Users\sr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-06-24 10:28 - 2007-05-08 08:06 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-05-11 03:23 - 2006-09-06 08:38 - 00054824 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
2007-05-11 03:23 - 2006-09-06 08:38 - 00063016 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAud32.dll
2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 ____N () C:\Windows\system32\PSIService.exe
2014-01-10 08:19 - 2014-03-22 10:22 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe
2014-01-18 09:00 - 2014-03-22 10:23 - 00017408 _____ () C:\Windows\System32\rpcnetp.dll
2007-01-08 18:08 - 2007-01-08 18:08 - 00110592 ____N () C:\Program Files\Common Files\Lenovo\XML4CMessages5_5.DLL
2011-07-13 14:43 - 2011-07-13 14:43 - 01102848 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00641536 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00105472 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00093696 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00077312 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00520234 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\sqlite3.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00450560 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2010-12-16 12:09 - 2010-12-16 12:09 - 05717504 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00028672 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00147456 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00012800 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 04671488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00070656 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00686080 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00152064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00028160 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00063488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2010-12-16 12:09 - 2010-12-16 12:09 - 00366592 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\tag.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00022528 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00018432 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00132608 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00023040 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\photoDriver.dll
2010-12-15 13:13 - 2010-12-15 13:13 - 00399826 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00013824 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00031232 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\Autobackup.dll
2011-07-13 14:43 - 2011-07-13 14:43 - 00054784 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2011-02-01 11:01 - 2011-02-01 11:01 - 00044032 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\us.dll
2007-01-08 18:49 - 2007-04-14 14:30 - 00139264 ____N () C:\Program Files\Common Files\Lenovo\CDRecord.dll
2007-05-11 03:22 - 2007-03-02 06:07 - 00055936 ____N () C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
2007-01-08 19:03 - 2007-01-08 19:03 - 00569344 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 10:25:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 08:42:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 03:05:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\4> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (03/22/2014 10:30:00 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/22/2014 10:26:48 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (03/22/2014 10:26:48 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (03/22/2014 10:25:15 AM) (Source: Service Control Manager) (User: )
Description: TVT Backup Service%%1053

Error: (03/22/2014 10:25:15 AM) (Source: Service Control Manager) (User: )
Description: 30000TVT Backup Service

Error: (03/22/2014 10:25:15 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/22/2014 08:54:04 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/22/2014 08:50:40 AM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (03/22/2014 08:50:23 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (03/22/2014 08:49:40 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053


Microsoft Office Sessions:
=========================
Error: (03/22/2014 10:25:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 08:42:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 03:05:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\7

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\7

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\6

Error: (03/21/2014 00:39:18 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\6

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\5

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\5

Error: (03/21/2014 00:39:17 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\SR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\K8O4DFNK.DEFAULT\CACHE\4


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 10:39:41.651
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:40.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:39.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:38.571
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:36.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:35.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:34.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 10:39:33.721
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 14:52:56.089
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 14:52:55.159
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3061.69 MB
Available physical RAM: 1358.97 MB
Total Pagefile: 6331.77 MB
Available Pagefile: 4251.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.2 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:143.95 GB) (Free:58.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 55F61990)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---

mort 22.03.2014 14:58
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld :)

pauligauli 22.03.2014 17:20
Hi Mort, bin wieder online

mort 22.03.2014 17:32
Hallo, pauligauli und
:hallo:

TBUpdater ist hier eher nebensächlich. Das Problem hier ist etwas größer.

Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

pauligauli 23.03.2014 12:39
Hi und danke für deine Hilfe

habe soeben combofis laufen lassen. Ist ohne Probleme durchgelaufen

Hier die combofix.txt sowie die Datei im Anhang.

Combofix Logfile:
Code:
ComboFix 14-03-23.01 - pr 23/03/2014  11:42:30.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.3062.1607 [GMT 1:00]
ausgeführt von:: c:\users\pr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\programdata\pswi_preloaded.exe
c:\programdata\Taskmgr
c:\programdata\Taskmgr\SP01.int
c:\programdata\Taskmgr\WPO13.int
c:\users\rennhofer\%appda~1
c:\users\rennhofer\%appda~1\Microsoft\Internet Explorer\UserData\index.dat
c:\users\rennhofer\AppData\Roaming\Desktopicon
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\140d29af71fd910d.fb
c:\windows\system32\Cache\1f7c4a5d1c659695.fb
c:\windows\system32\Cache\2562c70b510b2664.fb
c:\windows\system32\Cache\2c3d170f4aab4379.fb
c:\windows\system32\Cache\34c9ffe549bc9db1.fb
c:\windows\system32\Cache\45ea5b065ea8d1e3.fb
c:\windows\system32\Cache\50525eac9db0d399.fb
c:\windows\system32\Cache\5087aaac78c27919.fb
c:\windows\system32\Cache\58ee69107c63daa2.fb
c:\windows\system32\Cache\6c97f95c1bfb33ec.fb
c:\windows\system32\Cache\78ccf58f4871292c.fb
c:\windows\system32\Cache\917cc4024410ac08.fb
c:\windows\system32\Cache\b796870199d40fdf.fb
c:\windows\system32\Cache\c03e2376eabd4ba6.fb
c:\windows\system32\Cache\c71199748cf93508.fb
c:\windows\system32\Cache\d3eaddb37c3b84d1.fb
c:\windows\system32\Cache\facf079a7b504f42.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-02-23 bis 2014-03-23  ))))))))))))))))))))))))))))))
.
.
2014-03-23 10:56 . 2014-03-23 10:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-03-23 10:56 . 2014-03-23 11:02        --------        d-----w-        c:\users\pr\AppData\Local\temp
2014-03-22 11:18 . 2014-03-22 11:18        --------        d-----w-        c:\windows\ERUNT
2014-03-22 11:13 . 2009-03-09 19:06        15688        ----a-w-        c:\windows\system32\lsdelete.exe
2014-03-22 10:54 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{466A6067-B38B-4E4E-8E24-B3AC7D9F82AC}\mpengine.dll
2014-03-22 10:27 . 2014-03-22 10:27        --------        dc----w-        c:\windows\system32\DRVSTORE
2014-03-22 10:27 . 2009-03-09 19:06        64160        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2014-03-22 10:27 . 2014-03-22 10:27        --------        dc-h--w-        c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 10:26 . 2014-03-22 10:27        --------        d-----w-        c:\programdata\Lavasoft
2014-03-22 10:26 . 2014-03-22 10:26        --------        d-----w-        c:\program files\Lavasoft
2014-03-22 09:36 . 2014-03-22 09:44        --------        d-----w-        C:\FRST
2014-03-21 09:53 . 2014-02-22 08:01        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEFC960B-E640-4D8E-8198-50B7323EBA49}\gapaengine.dll
2014-03-21 09:51 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-16 08:44 . 2014-03-16 08:44        --------        d-----w-        c:\users\sr\AppData\Roaming\STRATO
2014-03-15 10:18 . 2013-04-04 13:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-03-15 10:18 . 2014-03-15 10:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2014-03-09 08:35 . 2014-03-09 08:35        --------        d-----w-        c:\users\pr\AppData\Roaming\AVG
2014-03-09 08:31 . 2014-03-09 08:32        --------        d-----w-        C:\Intel
2014-03-08 18:28 . 2014-03-08 18:28        --------        d-----w-        c:\users\sr\AppData\Roaming\AVG
2014-03-08 18:18 . 2014-03-08 18:18        --------        d-----w-        c:\users\rennhofer\AppData\Roaming\AVG
2014-03-08 18:16 . 2014-03-08 18:20        --------        d-----w-        c:\programdata\AVG
2014-03-08 18:16 . 2014-03-08 18:33        --------        d-sh--w-        c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 14:00 . 2014-03-08 14:00        --------        d-----w-        c:\users\rennhofer\AppData\Local\MFAData
2014-02-22 18:08 . 2014-02-22 18:11        --------        d-----w-        c:\users\pr\AppData\Local\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 10:34 . 2010-08-27 13:34        43008        ----a-w-        c:\windows\system32\agremove.exe
2014-03-23 10:16 . 2014-01-18 08:00        17408        ----a-w-        c:\windows\system32\rpcnetp.dll
2014-03-23 10:15 . 2014-01-10 07:19        17408        ----a-w-        c:\windows\system32\rpcnetp.exe
2014-02-22 08:01 . 2012-11-29 15:50        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2010-03-06 13:12        231584        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart F26A8E757B56692038F0ADEDA9B84D0D6121F9F97E2E64B402CC03CD"="c:\windows\System32\conime.exe" [2009-04-10 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06        1822720        ----a-w-        c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35        202240        ------w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"AMSG"=c:\program files\ThinkVantage\AMSG\Amsg.exe /startup
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"mobilegeni daemon"=c:\program files\Mobogenie\DaemonProcess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-17 10:57]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-30 14:13]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
- c:\users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 21:46]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
- c:\users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 21:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:newtab
mSearch Bar = hxxp://www.google.com
Trusted Zone: jetztspielen.de\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\PixiePack Codec Pack\InstallerHelper.exe
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-iPhoto Plus 4 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-23 12:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5864)
c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\StkASv2K.exe
c:\program files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-23  12:13:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-23 11:13
.
Vor Suchlauf: 24 Verzeichnis(se), 63,391,227,904 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 63,201,300,480 Bytes frei
.
- - End Of File - - DA8E79B89BEB6AF044FB2261C1818BE2
--- --- ---
2FBDB590C850C30B43FD547FCADFC124

pauligauli 23.03.2014 13:53
Hi mort, möchte ja nicht drängen - aber wie geht es jetzt weiter ?

Code:
ComboFix 14-03-23.01 - pr 23/03/2014  11:42:30.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.3062.1607 [GMT 1:00]
ausgeführt von:: c:\users\pr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\programdata\pswi_preloaded.exe
c:\programdata\Taskmgr
c:\programdata\Taskmgr\SP01.int
c:\programdata\Taskmgr\WPO13.int
c:\users\rennhofer\%appda~1
c:\users\rennhofer\%appda~1\Microsoft\Internet Explorer\UserData\index.dat
c:\users\rennhofer\AppData\Roaming\Desktopicon
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\140d29af71fd910d.fb
c:\windows\system32\Cache\1f7c4a5d1c659695.fb
c:\windows\system32\Cache\2562c70b510b2664.fb
c:\windows\system32\Cache\2c3d170f4aab4379.fb
c:\windows\system32\Cache\34c9ffe549bc9db1.fb
c:\windows\system32\Cache\45ea5b065ea8d1e3.fb
c:\windows\system32\Cache\50525eac9db0d399.fb
c:\windows\system32\Cache\5087aaac78c27919.fb
c:\windows\system32\Cache\58ee69107c63daa2.fb
c:\windows\system32\Cache\6c97f95c1bfb33ec.fb
c:\windows\system32\Cache\78ccf58f4871292c.fb
c:\windows\system32\Cache\917cc4024410ac08.fb
c:\windows\system32\Cache\b796870199d40fdf.fb
c:\windows\system32\Cache\c03e2376eabd4ba6.fb
c:\windows\system32\Cache\c71199748cf93508.fb
c:\windows\system32\Cache\d3eaddb37c3b84d1.fb
c:\windows\system32\Cache\facf079a7b504f42.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-02-23 bis 2014-03-23  ))))))))))))))))))))))))))))))
.
.
2014-03-23 10:56 . 2014-03-23 10:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-03-23 10:56 . 2014-03-23 11:02        --------        d-----w-        c:\users\pr\AppData\Local\temp
2014-03-22 11:18 . 2014-03-22 11:18        --------        d-----w-        c:\windows\ERUNT
2014-03-22 11:13 . 2009-03-09 19:06        15688        ----a-w-        c:\windows\system32\lsdelete.exe
2014-03-22 10:54 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{466A6067-B38B-4E4E-8E24-B3AC7D9F82AC}\mpengine.dll
2014-03-22 10:27 . 2014-03-22 10:27        --------        dc----w-        c:\windows\system32\DRVSTORE
2014-03-22 10:27 . 2009-03-09 19:06        64160        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2014-03-22 10:27 . 2014-03-22 10:27        --------        dc-h--w-        c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 10:26 . 2014-03-22 10:27        --------        d-----w-        c:\programdata\Lavasoft
2014-03-22 10:26 . 2014-03-22 10:26        --------        d-----w-        c:\program files\Lavasoft
2014-03-22 09:36 . 2014-03-22 09:44        --------        d-----w-        C:\FRST
2014-03-21 09:53 . 2014-02-22 08:01        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEFC960B-E640-4D8E-8198-50B7323EBA49}\gapaengine.dll
2014-03-21 09:51 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-16 08:44 . 2014-03-16 08:44        --------        d-----w-        c:\users\sr\AppData\Roaming\STRATO
2014-03-15 10:18 . 2013-04-04 13:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-03-15 10:18 . 2014-03-15 10:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2014-03-09 08:35 . 2014-03-09 08:35        --------        d-----w-        c:\users\pr\AppData\Roaming\AVG
2014-03-09 08:31 . 2014-03-09 08:32        --------        d-----w-        C:\Intel
2014-03-08 18:28 . 2014-03-08 18:28        --------        d-----w-        c:\users\sr\AppData\Roaming\AVG
2014-03-08 18:18 . 2014-03-08 18:18        --------        d-----w-        c:\users\rennhofer\AppData\Roaming\AVG
2014-03-08 18:16 . 2014-03-08 18:20        --------        d-----w-        c:\programdata\AVG
2014-03-08 18:16 . 2014-03-08 18:33        --------        d-sh--w-        c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 14:00 . 2014-03-08 14:00        --------        d-----w-        c:\users\rennhofer\AppData\Local\MFAData
2014-02-22 18:08 . 2014-02-22 18:11        --------        d-----w-        c:\users\pr\AppData\Local\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 10:34 . 2010-08-27 13:34        43008        ----a-w-        c:\windows\system32\agremove.exe
2014-03-23 10:16 . 2014-01-18 08:00        17408        ----a-w-        c:\windows\system32\rpcnetp.dll
2014-03-23 10:15 . 2014-01-10 07:19        17408        ----a-w-        c:\windows\system32\rpcnetp.exe
2014-02-22 08:01 . 2012-11-29 15:50        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2010-03-06 13:12        231584        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart F26A8E757B56692038F0ADEDA9B84D0D6121F9F97E2E64B402CC03CD"="c:\windows\System32\conime.exe" [2009-04-10 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06        1822720        ----a-w-        c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35        202240        ------w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"AMSG"=c:\program files\ThinkVantage\AMSG\Amsg.exe /startup
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"mobilegeni daemon"=c:\program files\Mobogenie\DaemonProcess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-17 10:57]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-30 14:13]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
- c:\users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 21:46]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
- c:\users\sr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 21:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:newtab
mSearch Bar = hxxp://www.google.com
Trusted Zone: jetztspielen.de\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\PixiePack Codec Pack\InstallerHelper.exe
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-iPhoto Plus 4 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-23 12:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5864)
c:\users\pr\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\StkASv2K.exe
c:\program files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-23  12:13:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-23 11:13
.
Vor Suchlauf: 24 Verzeichnis(se), 63,391,227,904 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 63,201,300,480 Bytes frei
.
- - End Of File - - DA8E79B89BEB6AF044FB2261C1818BE2
2FBDB590C850C30B43FD547FCADFC124

mort 23.03.2014 14:12
Ich habe es schon gesehen.
So, machen wir uns an TBUpdater und die anderen.

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

pauligauli 23.03.2014 22:42
So nu is endlich durch mit dem scanning


Nr. 1 ADW Cleaner

Code:
MSG [1864] 2014/03/23 15:29:59: Configure new scan with profile: smart
MSG [1864] 2014/03/23 15:29:59:  -> scanning critical objects
MSG [1864] 2014/03/23 15:29:59:  -> scanning running processes
MSG [1864] 2014/03/23 15:29:59:  -> scanning registry
MSG [1864] 2014/03/23 15:29:59:  -> scanning lsp
MSG [1864] 2014/03/23 15:29:59:  -> scanning browser hijacks
MSG [1864] 2014/03/23 15:29:59:  -> scanning cookies
MSG [1864] 2014/03/23 15:29:59:  -> neutralizing rootkits
MSG [1864] 2014/03/23 15:29:59:  -> use spyware heuristics
MSG [1864] 2014/03/23 15:29:59:  -> scan only executables
MSG [1864] 2014/03/23 15:29:59:  -> file size limit = 20480 kB (0 = unlimited)
MSG [21476] 2014/03/23 15:32:32: Scan was completed in 152 seconds
MSG [21476] 2014/03/23 15:32:32: Objects processed: 69077, infections detected: 32
MSG [6472] 2014/03/23 15:34:28: Remediating 32 infections
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adserv*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adserve*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *advertising*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adfarm1.adition*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *mediaplex*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *.adform*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *2o7*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *ivwbox*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adserver*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adserv*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adserve*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *adtech*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *tradedoubler*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *doubleclick*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *serving-sys*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *casalemedia*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *advertis*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *advertising*
MSG [6472] 2014/03/23 15:34:31: Clean failed for: *revsci*
MSG [6472] 2014/03/23 15:34:31: Infections quarantined: 0, removed: 32, repaired: 0
MSG [6472] 2014/03/23 15:34:31: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [1864] 2014/03/23 15:34:31: Dumping scan report:
>>> Logfile created: 23.03.2014 15:30:0
>>> Lavasoft Ad-Aware version: 8.0.3
>>> Extended engine version: 8.1
>>> User performing scan: pr
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 146.0
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Intelligenter Scan  (ID: smart)
>>> Objects scanned: 69077
>>> Objects detected: 32
>>>
>>>
>>> Type              Detected
>>> ==========================
>>> Processes.......:        0
>>> Registry entries:        0
>>> Hostfile entries:        0
>>> Files...........:        0
>>> Folders.........:        0
>>> LSPs............:        0
>>> Cookies.........:      32
>>> Browser hijacks.:        0
>>> MRU objects.....:        0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *adfarm1.adition* Family Name: Cookies Clean status: Success Item ID: 409171 Family ID: 0
>>> Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
>>> Description: *.adform* Family Name: Cookies Clean status: Success Item ID: 409300 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
>>> Description: *ivwbox* Family Name: Cookies Clean status: Success Item ID: 409247 Family ID: 0
>>> Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
>>> Description: *adserv* Family Name: Cookies Clean status: Failed Item ID: 408921 Family ID: 0
>>> Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
>>> Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
>>> Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
>>> Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
>>> Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
>>> Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
>>> Description: *revsci* Family Name: Cookies Clean status: Success Item ID: 409137 Family ID: 0
>>> Description: *adfarm1.adition* Family Name: Cookies Clean status: Failed Item ID: 409171 Family ID: 0
>>> Description: *mediaplex* Family Name: Cookies Clean status: Failed Item ID: 408991 Family ID: 0
>>> Description: *.adform* Family Name: Cookies Clean status: Failed Item ID: 409300 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Failed Item ID: 408943 Family ID: 0
>>> Description: *ivwbox* Family Name: Cookies Clean status: Failed Item ID: 409247 Family ID: 0
>>> Description: *adserver* Family Name: Cookies Clean status: Failed Item ID: 408737 Family ID: 0
>>> Description: *adserv* Family Name: Cookies Clean status: Failed Item ID: 408921 Family ID: 0
>>> Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
>>> Description: *adtech* Family Name: Cookies Clean status: Failed Item ID: 409018 Family ID: 0
>>> Description: *tradedoubler* Family Name: Cookies Clean status: Failed Item ID: 408964 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Clean status: Failed Item ID: 408875 Family ID: 0
>>> Description: *serving-sys* Family Name: Cookies Clean status: Failed Item ID: 409130 Family ID: 0
>>> Description: *casalemedia* Family Name: Cookies Clean status: Failed Item ID: 409152 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Clean status: Failed Item ID: 408918 Family ID: 0
>>> Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
>>> Description: *revsci* Family Name: Cookies Clean status: Failed Item ID: 409137 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 152 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Intelligenter Scan
>>>  ID: scancriticalareas, enabled:1, value: true
>>>  ID: scanrunningapps, enabled:1, value: true
>>>  ID: scanregistry, enabled:1, value: true
>>>  ID: scanlsp, enabled:1, value: true
>>>  ID: scanads, enabled:1, value: false
>>>  ID: scanhostsfile, enabled:1, value: false
>>>  ID: scanmru, enabled:1, value: false
>>>  ID: scanbrowserhijacks, enabled:1, value: true
>>>  ID: scantrackingcookies, enabled:1, value: true
>>>    ID: closebrowsers, enabled:1, value: false
>>>  ID: folderstoscan, enabled:1, value:
>>>  ID: scanrootkits, enabled:1, value: true
>>>  ID: usespywareheuristics, enabled:1, value: true
>>>  ID: extendedengine, enabled:0, value: true
>>>    ID: useheuristics, enabled:0, value: true
>>>      ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>>  ID: filescanningoptions, enabled:1
>>>    ID: archives, enabled:1, value: false
>>>    ID: onlyexecutables, enabled:1, value: true
>>>    ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>>  ID: addtocontextmenu, enabled:1, value: true
>>>  ID: playsoundoninfection, enabled:1, value: false
>>>    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>>  ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>>  ID: displaystatus, enabled:1, value: false
>>>  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>>  ID: autodetectproxy, enabled:1, value: false
>>>  ID: useautoconfigscript, enabled:1, value: false
>>>    ID: autoconfigurl, enabled:0, value:
>>>  ID: useproxy, enabled:1, value: false
>>>    ID: proxyserver, enabled:0, value:
>>>  ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>>  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>>  ID: schedules, enabled:1, value: true
>>>    ID: updatedaily, enabled:1, value: Daily
>>>      ID: time, enabled:1, value: Sat Mar 22 11:27:00 2014
>>>      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>>      ID: weekdays, enabled:1
>>>        ID: monday, enabled:1, value: false
>>>        ID: tuesday, enabled:1, value: false
>>>        ID: wednesday, enabled:1, value: false
>>>        ID: thursday, enabled:1, value: false
>>>        ID: friday, enabled:1, value: false
>>>        ID: saturday, enabled:1, value: false
>>>        ID: sunday, enabled:1, value: false
>>>      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>>      ID: scanprofile, enabled:1, value:
>>>      ID: auto_deal_with_infections, enabled:1, value: false
>>>    ID: updateweekly, enabled:1, value: Weekly
>>>      ID: time, enabled:1, value: Sat Mar 22 11:27:00 2014
>>>      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>>      ID: weekdays, enabled:1
>>>        ID: monday, enabled:1, value: true
>>>        ID: tuesday, enabled:1, value: false
>>>        ID: wednesday, enabled:1, value: false
>>>        ID: thursday, enabled:1, value: false
>>>        ID: friday, enabled:1, value: false
>>>        ID: saturday, enabled:1, value: true
>>>        ID: sunday, enabled:1, value: false
>>>      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>>      ID: scanprofile, enabled:1, value:
>>>      ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>>  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>>  ID: showtrayicon, enabled:1, value: true
>>>  ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>>  ID: processprotection, enabled:1, value: true
>>>  ID: registryprotection, enabled:0, value: false
>>>  ID: networkprotection, enabled:0, value: false
>>>  ID: loadatstartup, enabled:1, value: true
>>>  ID: usespywareheuristics, enabled:0, value: false
>>>  ID: extendedengine, enabled:0, value: false
>>>    ID: useheuristics, enabled:0, value: false
>>>      ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>>  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: RENNHOFER-PC
>>> Processor name: Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz
>>> Processor identifier: x86 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 1639215104 bytes
>>> Physical memory total: 3210416128 bytes
>>> Virtual memory available: 2010509312 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 48%
>>> Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 500 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 576 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 620 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 628 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 676 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 720 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 728 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 876 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 940 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 1016 name: C:\Program Files\Microsoft Security Client\MsMpEng.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1084 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 1152 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1164 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1260 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1396 name: C:\Windows\System32\SLsvc.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 1412 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 1544 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 1684 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1804 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1848 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1876 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 228 name: C:\Windows\System32\IPSSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 316 name: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 376 name: C:\Windows\System32\agrsmsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 512 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 540 name: C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 12 name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 1944 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 528 name: C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1276 name: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 1732 name: C:\Program Files\Microsoft LifeCam\MSCamS32.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 832 name: C:\Program Files\Lenovo\PM Driver\PMSveH.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2064 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 2076 name: C:\Windows\System32\PSIService.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2104 name: C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2244 name: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2296 name: C:\Windows\System32\dwm.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2424 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 2432 name: C:\Windows\System32\taskeng.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2468 name: C:\Windows\System32\StkASv2K.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2520 name: C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2564 name: C:\Program Files\Lenovo\System Update\SUService.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2680 name: C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2732 name: C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2756 name: C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 2792 name: C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2892 name: C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3060 name: C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3096 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3116 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3180 name: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3228 name: C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3904 name: C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3512 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 3800 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 4092 name: C:\Windows\System32\conime.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2196 name: C:\Windows\System32\wuauclt.exe owner: pr domain: RENNHOFER-PC
>>> PID: 176 name: C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2656 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: pr domain: RENNHOFER-PC
>>> PID: 2144 name: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4108 name: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4196 name: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4212 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4236 name: C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4264 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4328 name: C:\Windows\System32\hkcmd.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4344 name: C:\Windows\System32\igfxpers.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4352 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4744 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4760 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
>>> PID: 4812 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
>>> PID: 5444 name: C:\Windows\System32\igfxsrvc.exe owner: pr domain: RENNHOFER-PC
>>> PID: 1376 name: C:\Program Files\Google\Update\GoogleUpdate.exe owner: SYSTEM domain: NT-AUTORITÄT
>>> PID: 2012 name: C:\Windows\explorer.exe owner: pr domain: RENNHOFER-PC
>>> PID: 5256 name: C:\Program Files\Internet Explorer\iexplore.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4924 name: C:\Program Files\Internet Explorer\iexplore.exe owner: pr domain: RENNHOFER-PC
>>> PID: 6096 name: C:\Windows\System32\wbem\unsecapp.exe owner: pr domain: RENNHOFER-PC
>>> PID: 4872 name: C:\Program Files\Internet Explorer\iexplore.exe owner: pr domain: RENNHOFER-PC
>>> PID: 5408 name: C:\Program Files\Internet Explorer\iexplore.exe owner: pr domain: RENNHOFER-PC
>>> PID: 3244 name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe owner: pr domain: RENNHOFER-PC
>>> PID: 7100 name: C:\Programme_download\PRINTKEY2000\PRINTKEY2000\PRINTKEY2000.EXE owner: pr domain: RENNHOFER-PC
>>> PID: 18972 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: pr domain: RENNHOFER-PC
>>>
>>> Startup items:
>>> Name: Application Restart #2
>>>          imagepath: C:\Windows\System32\conime.exe C:\Windows\system32\conime.exe
>>> Name: TPWAUDAP
>>>          imagepath: C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
>>> Name: IAAnotif
>>>          imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
>>> Name: FingerPrintSoftware
>>>          imagepath: "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
>>> Name: ACTray
>>>          imagepath: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
>>> Name: ACWLIcon
>>>          imagepath: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
>>> Name: cssauth
>>>          imagepath: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
>>> Name: SynTPEnh
>>>          imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
>>> Name: TVT Scheduler Proxy
>>>          imagepath: C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
>>> Name: MSC
>>>          imagepath: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
>>> Name: IgfxTray
>>>          imagepath: C:\Windows\system32\igfxtray.exe
>>> Name: HotKeysCmds
>>>          imagepath: C:\Windows\system32\hkcmd.exe
>>> Name: Persistence
>>>          imagepath: C:\Windows\system32\igfxpers.exe
>>> Name: Ad-Watch
>>>          imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
>>> Name: WebCheck
>>>          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>>          imagepath: Component Categories cache daemon
>>> Name:
>>>          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>>          imagepath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>>          imagepath: autocheck autochk *
>>> Name:
>>>          imagepath: lsdelete
>>>
>>> Running services:
>>> Name: AcPrfMgrSvc
>>>          displayname: Ac Profile Manager Service
>>> Name: AcSvc
>>>          displayname: Access Connections Main Service
>>> Name: AeLookupSvc
>>>          displayname: Anwendungserfahrung
>>> Name: AgereModemAudio
>>>          displayname: Agere Modem Call Progress Audio
>>> Name: Appinfo
>>>          displayname: Anwendungsinformationen
>>> Name: AudioEndpointBuilder
>>>          displayname: Windows-Audio-Endpunkterstellung
>>> Name: Audiosrv
>>>          displayname: Windows-Audio
>>> Name: BFE
>>>          displayname: Basisfiltermodul
>>> Name: BITS
>>>          displayname: Intelligenter Hintergrundübertragungsdienst
>>> Name: Browser
>>>          displayname: Computerbrowser
>>> Name: BthServ
>>>          displayname: Bluetooth-Unterstützungsdienst
>>> Name: CryptSvc
>>>          displayname: Kryptografiedienste
>>> Name: DcomLaunch
>>>          displayname: DCOM-Server-Prozessstart
>>> Name: Dhcp
>>>          displayname: DHCP-Client
>>> Name: Dnscache
>>>          displayname: DNS-Client
>>> Name: DPS
>>>          displayname: Diagnoserichtliniendienst
>>> Name: EapHost
>>>          displayname: Extensible Authentication-Protokoll
>>> Name: EMDMgmt
>>>          displayname: ReadyBoost
>>> Name: Eventlog
>>>          displayname: Windows-Ereignisprotokoll
>>> Name: EventSystem
>>>          displayname: COM+-Ereignissystem
>>> Name: fdPHost
>>>          displayname: Funktionssuchanbieter-Host
>>> Name: FDResPub
>>>          displayname: Funktionssuche-Ressourcenveröffentlichung
>>> Name: FNF5SVC
>>>          displayname: Fn+F5 Service
>>> Name: FontCache
>>>          displayname: Windows-Dienst für Schriftartencache
>>> Name: FontCache3.0.0.0
>>>          displayname: Windows Presentation Foundation-Schriftartcache 3.0.0.0
>>> Name: gpsvc
>>>          displayname: Gruppenrichtlinienclient
>>> Name: hidserv
>>>          displayname: Zugriff auf Eingabegeräte
>>> Name: IAANTMON
>>>          displayname: Intel(R) Matrix Storage Event Monitor
>>> Name: IPBusEnum
>>>          displayname: PnP-X-IP-Busauflistung
>>> Name: iphlpsvc
>>>          displayname: IP-Hilfsdienst
>>> Name: IPSSVC
>>>          displayname: IPS-Basisservice
>>> Name: KeyIso
>>>          displayname: CNG-Schlüsselisolation
>>> Name: KtmRm
>>>          displayname: KtmRm für Distributed Transaction Coordinator
>>> Name: LanmanServer
>>>          displayname: Server
>>> Name: LanmanWorkstation
>>>          displayname: Arbeitsstationsdienst
>>> Name: Lavasoft Ad-Aware Service
>>>          displayname: Lavasoft Ad-Aware Service
>>> Name: lmhosts
>>>          displayname: TCP/IP-NetBIOS-Hilfsdienst
>>> Name: MBAMScheduler
>>>          displayname: MBAMScheduler
>>> Name: MBAMService
>>>          displayname: MBAMService
>>> Name: MMCSS
>>>          displayname: Multimediaklassenplaner
>>> Name: MpsSvc
>>>          displayname: Windows-Firewall
>>> Name: MSCamSvc
>>>          displayname: MSCamSvc
>>> Name: MsMpSvc
>>>          displayname: Microsoft Antimalware Service
>>> Name: Netman
>>>          displayname: Netzwerkverbindungen
>>> Name: netprofm
>>>          displayname: Netzwerklistendienst
>>> Name: NlaSvc
>>>          displayname: NLA (Network Location Awareness)
>>> Name: nmservice
>>>          displayname: Pure Networks Network Magic Service
>>> Name: nsi
>>>          displayname: Netzwerkspeicher-Schnittstellendienst
>>> Name: PcaSvc
>>>          displayname: Programmkompatibilitäts-Assistent-Dienst
>>> Name: PlugPlay
>>>          displayname: Plug & Play
>>> Name: PMSveH
>>>          displayname: PMSveH
>>> Name: PolicyAgent
>>>          displayname: IPsec-Richtlinien-Agent
>>> Name: ProfSvc
>>>          displayname: Benutzerprofildienst
>>> Name: ProtexisLicensing
>>>          displayname: ProtexisLicensing
>>> Name: RasMan
>>>          displayname: RAS-Verbindungsverwaltung
>>> Name: RpcSs
>>>          displayname: Remoteprozeduraufruf (RPC)
>>> Name: SamSs
>>>          displayname: Sicherheitskonto-Manager
>>> Name: SamsungAllShareV2.0
>>>          displayname: Samsung AllShare PC
>>> Name: Schedule
>>>          displayname: Aufgabenplanung
>>> Name: seclogon
>>>          displayname: Sekundäre Anmeldung
>>> Name: SENS
>>>          displayname: Benachrichtigungsdienst für Systemereignisse
>>> Name: ShellHWDetection
>>>          displayname: Shellhardwareerkennung
>>> Name: slsvc
>>>          displayname: Softwarelizenzierung
>>> Name: Spooler
>>>          displayname: Druckwarteschlange
>>> Name: SSDPSRV
>>>          displayname: SSDP-Suche
>>> Name: SstpSvc
>>>          displayname: SSTP-Dienst
>>> Name: stisvc
>>>          displayname: Windows-Bilderfassung
>>> Name: StkASSrv
>>>          displayname: Syntek STK1150 Service
>>> Name: STRATO HiDrive Service
>>>          displayname: STRATO HiDrive Service
>>> Name: SUService
>>>          displayname: System Update
>>> Name: SysMain
>>>          displayname: Superfetch
>>> Name: TapiSrv
>>>          displayname: Telefonie
>>> Name: TermService
>>>          displayname: Terminaldienste
>>> Name: Themes
>>>          displayname: Designs
>>> Name: ThinkVantage Registry Monitor Service
>>>          displayname: ThinkVantage Registry Monitor Service
>>> Name: TPHKSVC
>>>          displayname: Anzeige am Bildschirm
>>> Name: TrkWks
>>>          displayname: Überwachung verteilter Verknüpfungen (Client)
>>> Name: TSSCoreService
>>>          displayname: TSS Core Service
>>> Name: TVT Backup Protection Service
>>>          displayname: TVT Backup Protection Service
>>> Name: TVT Backup Service
>>>          displayname: TVT Backup Service
>>> Name: TVT Scheduler
>>>          displayname: TVT Scheduler
>>> Name: upnphost
>>>          displayname: UPnP-Gerätehost
>>> Name: UxSms
>>>          displayname: Sitzungs-Manager für Desktopfenster-Manager
>>> Name: W32Time
>>>          displayname: Windows-Zeitgeber
>>> Name: WdiSystemHost
>>>          displayname: Diagnosesystemhost
>>> Name: WerSvc
>>>          displayname: Windows-Fehlerberichterstattungsdienst
>>> Name: Winmgmt
>>>          displayname: Windows-Verwaltungsinstrumentation
>>> Name: Wlansvc
>>>          displayname: Automatische WLAN-Konfiguration
>>> Name: WMPNetworkSvc
>>>          displayname: Windows Media Player-Netzwerkfreigabedienst
>>> Name: WPDBusEnum
>>>          displayname: Enumeratordienst für tragbare Geräte
>>> Name: wscsvc
>>>          displayname: Sicherheitscenter
>>> Name: WSearch
>>>          displayname: Windows Search
>>> Name: wuauserv
>>>          displayname: Windows Update
>>> Name: wudfsvc
>>>          displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
>>>
>>>

Nr. 2 Anti Malware Bytes

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
pr :: RENNHOFER-PC [Administrator]

23/03/2014 15:35:33
mbam-log-2014-03-23 (15-35-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286929
Laufzeit: 15 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nr. 3 ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5fa9f89ca3b5f94db988045b71073560
# engine=17567
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 07:29:58
# local_time=2014-03-23 08:29:58 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 46592896 233135770 0 0
# compatibility_mode=9730 16764926 0 8 37616143 103519587 0 0
# scanned=235866
# found=0
# cleaned=0
# scan_time=14587

Nr. 4 FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by pr (administrator) on RENNHOFER-PC on 23-03-2014 20:35:55
Running from C:\Users\pr\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPWAUDAP] - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [946176 2007-05-31] (Authentec,Inc)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-01-08] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Ad-Watch] - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [515416 2009-03-09] (Lavasoft)
HKU\.DEFAULT\...\RunOnce: [Application Restart #2] - C:\Windows\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-08-22] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {A00F4552-237C-4C4F-A225-EB7D6CCBD700} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
SearchScopes: HKCU - {EF6E5A56-23CB-420D-8BFD-312F9DBFAFA4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default
FF NewTab: about:home
FF DefaultSearchEngine: FindWide
FF Homepage: about:home
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Toolbar fuer eBay - C:\Program Files\Mozilla Firefox\extensions\ebay.xpi [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-16]

========================== Services (Whitelisted) =================

S3 AllShare; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2007-04-09] (Lenovo.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [24992 2011-07-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-07-16] (Samsung Electronics Co., Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [13312 2007-06-07] (Lenovo Group Limited)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-01-08] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 PRISM_USB; C:\Windows\System32\DRIVERS\PRISMUSB.sys [666624 2003-10-02] (GlobespanVirata, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cnbqnjgv; \??\C:\Windows\system32\drivers\cnbqnjgv.sys [X]
S1 evzimgfj; \??\C:\Windows\system32\drivers\evzimgfj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jffcavgd; \??\C:\Windows\system32\drivers\jffcavgd.sys [X]
S1 lyttuzax; \??\C:\Windows\system32\drivers\lyttuzax.sys [X]
S1 MpKslfde0b468; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{466A6067-B38B-4E4E-8E24-B3AC7D9F82AC}\MpKslfde0b468.sys [X]
S1 mymbzouu; \??\C:\Windows\system32\drivers\mymbzouu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S1 pzibtxsf; \??\C:\Windows\system32\drivers\pzibtxsf.sys [X]
U3 mbr; \??\C:\Users\pr\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 20:35 - 2014-03-23 20:35 - 00015832 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:29 - 2014-03-23 20:32 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 11:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-23 11:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-23 11:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-23 11:36 - 2014-03-23 12:19 - 00000000 ____D () C:\Qoobox
2014-03-23 11:36 - 2014-03-23 12:10 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 11:30 - 2014-03-23 11:31 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 12:59 - 2014-03-23 11:58 - 00000892 _____ () C:\aaw7boot.log
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 12:13 - 2009-03-09 20:06 - 00015688 _____ () C:\Windows\system32\lsdelete.exe
2014-03-22 11:28 - 2014-03-22 11:30 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2009-03-09 20:06 - 00064160 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-03-22 11:26 - 2014-03-22 11:27 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 10:51 - 2014-03-22 12:57 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:36 - 2014-03-23 20:35 - 00000000 ____D () C:\FRST
2014-03-22 10:22 - 2014-03-23 11:58 - 00009498 _____ () C:\Windows\PFRO.log
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:18 - 2014-03-15 11:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:31 - 2014-03-09 09:32 - 00000000 ____D () C:\Intel
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:16 - 2014-03-08 19:20 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:13 - 2014-03-08 19:16 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:05 - 2014-03-08 19:07 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-02-22 19:09 - 2014-02-22 19:09 - 00001054 _____ () C:\Users\pr\Desktop\Amazon Cloud Player.lnk
2014-02-22 19:08 - 2014-02-22 19:11 - 00000000 ____D () C:\Users\pr\AppData\Local\Amazon Cloud Player
2014-02-22 19:08 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player

==================== One Month Modified Files and Folders =======

2014-03-23 20:36 - 2014-03-23 20:35 - 00015832 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-23 20:35 - 2014-03-22 10:36 - 00000000 ____D () C:\FRST
2014-03-23 20:32 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 20:14 - 2013-05-16 15:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
2014-03-23 20:14 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:14 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:13 - 2013-05-16 15:42 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:47 - 2008-09-13 17:38 - 00000000 ____D () C:\Users\pr
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 13:02 - 2009-06-20 13:18 - 00000000 ____D () C:\Users\pr\Privat
2014-03-23 12:20 - 2008-06-24 10:13 - 01584289 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 12:19 - 2014-03-23 11:36 - 00000000 ____D () C:\Qoobox
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-23 12:10 - 2014-03-23 11:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 12:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-23 12:00 - 2007-08-16 11:28 - 00025334 _____ () C:\Windows\system32\PROCDB.INI
2014-03-23 11:59 - 2007-08-16 11:28 - 00000000 _____ () C:\Windows\system32\IPSCtrl.INI
2014-03-23 11:59 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 11:58 - 2014-03-22 12:59 - 00000892 _____ () C:\aaw7boot.log
2014-03-23 11:58 - 2014-03-22 10:22 - 00009498 _____ () C:\Windows\PFRO.log
2014-03-23 11:57 - 2008-06-24 10:15 - 00003204 _____ () C:\Windows\bthservsdp.dat
2014-03-23 11:57 - 2006-11-02 13:58 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 11:57 - 2006-11-02 11:22 - 42205184 _____ () C:\Windows\system32\config\software.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 28573696 _____ () C:\Windows\system32\config\system.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-23 11:55 - 2008-08-13 13:18 - 00000000 ____D () C:\Users\rennhofer
2014-03-23 11:34 - 2010-08-27 14:34 - 00043008 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2014-03-23 11:31 - 2014-03-23 11:30 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-23 11:16 - 2014-01-18 09:00 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2014-03-23 11:15 - 2014-01-10 08:19 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 14:31 - 2013-09-28 16:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-22 14:31 - 2013-09-28 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-22 12:57 - 2014-03-22 10:51 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 11:49 - 2011-01-07 22:45 - 00000000 ___RD () C:\Program Files\Skype
2014-03-22 11:30 - 2014-03-22 11:28 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2014-03-22 11:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 11:14 - 2008-09-18 21:03 - 00000000 ____D () C:\Programme_download
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:25 - 2013-03-31 10:53 - 00000000 ____D () C:\Users\pr\Desktop\CCleaner
2014-03-22 09:19 - 2012-05-23 22:42 - 00000774 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-22 09:19 - 2012-05-23 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-22 09:12 - 2013-05-01 12:36 - 00000000 ____D () C:\Windows\pss
2014-03-19 08:29 - 2006-11-02 11:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 08:10 - 2008-11-07 18:49 - 00000000 ____D () C:\Users\sr\Sayeeda
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-16 08:52 - 2013-12-20 11:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 08:46 - 2013-10-10 14:52 - 00000000 ____D () C:\Users\pr\AppData\Roaming\HomeTab
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:19 - 2014-03-15 11:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-14 21:09 - 2013-05-20 11:23 - 00000000 ____D () C:\Users\pr\Documents\888poker
2014-03-09 10:00 - 2013-09-28 16:57 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:32 - 2014-03-09 09:31 - 00000000 ____D () C:\Intel
2014-03-08 19:33 - 2014-03-08 19:16 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:20 - 2014-03-08 19:16 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:13 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:07 - 2014-03-08 19:05 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 17:15 - 2012-01-11 20:52 - 00000000 __SHD () C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}
2014-03-08 17:06 - 2013-12-20 11:43 - 00000000 ____D () C:\Users\pr\AppData\Local\genienext
2014-03-08 15:37 - 2011-06-16 07:25 - 00000000 ____D () C:\Program Files\FoxTab3GPConverter
2014-03-08 15:08 - 2012-09-30 11:52 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\TuneUp Software
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-03-07 15:25 - 2011-01-09 17:17 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Skype
2014-03-07 15:23 - 2011-01-07 22:45 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\Skype
2014-03-07 14:41 - 2008-08-13 13:22 - 00270384 _____ () C:\Users\rennhofer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 09:52 - 2011-05-08 14:55 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Mozilla
2014-02-25 10:46 - 2008-11-08 15:27 - 00270384 _____ () C:\Users\sr\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-02-23 13:12 - 2013-04-09 15:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-22 19:19 - 2013-08-23 08:03 - 00000000 ____D () C:\Users\pr\Desktop\Musik
2014-02-22 19:11 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Local\Amazon Cloud Player
2014-02-22 19:09 - 2014-02-22 19:09 - 00001054 _____ () C:\Users\pr\Desktop\Amazon Cloud Player.lnk
2014-02-22 19:08 - 2014-02-22 19:08 - 00000000 ____D () C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player

ZeroAccess:
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}\L\00000004.@

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 12:13

==================== End Of Log ============================
--- --- ---

--- --- ---



is nu alles wieder gut ???

Hi mort, habe gerade einen Neustart durchgeführt. Meldung TBUpdater.dll ........ kommt leider immer noch.
Un nu ?

mort 23.03.2014 22:46
Du bekommst schon noch eine Antwort.

mort 24.03.2014 08:48
Da müssen wir noch was entfernen. Ich sage dir schon, wenn wir fertig sind.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {A00F4552-237C-4C4F-A225-EB7D6CCBD700} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
FF DefaultSearchEngine: FindWide
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-08 17:06 - 2013-12-20 11:43 - 00000000 ____D () C:\Users\pr\AppData\Local\genienext
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Gibt es noch irgendwelche Probleme?

mort 27.03.2014 08:50
Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

pauligauli 27.03.2014 21:05
Hi, war leider nicht möglich früher die Sachen durchzuführen.

Hier die Fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by pr at 2014-03-27 20:58:42 Run:1
Running from C:\Users\pr\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {A00F4552-237C-4C4F-A225-EB7D6CCBD700} URL =
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
FF DefaultSearchEngine: FindWide
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={62DF0326-8311-450A-84EE-6934F8D86CF3}&action=default_search&serpv=22&k=
2014-03-15 11:00 - 2014-03-15 11:00 - 00000977 _____ () C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk
2014-03-15 10:59 - 2014-03-15 10:59 - 00688616 _____ ( ) C:\Users\pr\Downloads\ZipExtractorSetup.exe
2014-03-08 17:06 - 2013-12-20 11:43 - 00000000 ____D () C:\Users\pr\AppData\Local\genienext
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c}

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A00F4552-237C-4C4F-A225-EB7D6CCBD700} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A00F4552-237C-4C4F-A225-EB7D6CCBD700} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\pr\Desktop\Continue Zip Extractor Installation.lnk => Moved successfully.
C:\Users\pr\Downloads\ZipExtractorSetup.exe => Moved successfully.
C:\Users\pr\AppData\Local\genienext => Moved successfully.
C:\Users\pr\AppData\Local\{309a44b9-15db-bf3e-f0f1-27bbb5ad427c} => Moved successfully.

==== End of Fixlog ====
und hier die FRST
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by pr (administrator) on RENNHOFER-PC on 27-03-2014 21:02:47
Running from C:\Users\pr\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
() C:\Windows\System32\rpcnetp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPWAUDAP] - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [946176 2007-05-31] (Authentec,Inc)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-01-08] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Ad-Watch] - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [515416 2009-03-09] (Lavasoft)
HKU\.DEFAULT\...\RunOnce: [Application Restart #2] - C:\Windows\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-21-1391454227-742294692-1743814216-1005\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {46AEBB5B-294E-4000-810E-C1A1717B3F76} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {EF6E5A56-23CB-420D-8BFD-312F9DBFAFA4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\q9l74lqs.default
FF NewTab: about:home
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Toolbar fuer eBay - C:\Program Files\Mozilla Firefox\extensions\ebay.xpi [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-16]

========================== Services (Whitelisted) =================

S3 AllShare; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2007-04-09] (Lenovo.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [24992 2011-07-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-07-16] (Samsung Electronics Co., Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [13312 2007-06-07] (Lenovo Group Limited)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-01-08] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 PRISM_USB; C:\Windows\System32\DRIVERS\PRISMUSB.sys [666624 2003-10-02] (GlobespanVirata, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cnbqnjgv; \??\C:\Windows\system32\drivers\cnbqnjgv.sys [X]
S1 evzimgfj; \??\C:\Windows\system32\drivers\evzimgfj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jffcavgd; \??\C:\Windows\system32\drivers\jffcavgd.sys [X]
S1 lyttuzax; \??\C:\Windows\system32\drivers\lyttuzax.sys [X]
S1 MpKslfde0b468; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{466A6067-B38B-4E4E-8E24-B3AC7D9F82AC}\MpKslfde0b468.sys [X]
S1 mymbzouu; \??\C:\Windows\system32\drivers\mymbzouu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S1 pzibtxsf; \??\C:\Windows\system32\drivers\pzibtxsf.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 20:35 - 2014-03-27 21:02 - 00015861 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:29 - 2014-03-23 20:32 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 11:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-23 11:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-23 11:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-23 11:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-23 11:36 - 2014-03-23 12:19 - 00000000 ____D () C:\Qoobox
2014-03-23 11:36 - 2014-03-23 12:10 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 11:30 - 2014-03-23 11:31 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 12:59 - 2014-03-27 20:10 - 00002012 _____ () C:\aaw7boot.log
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 12:13 - 2009-03-09 20:06 - 00015688 _____ () C:\Windows\system32\lsdelete.exe
2014-03-22 11:28 - 2014-03-22 11:30 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2009-03-09 20:06 - 00064160 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-03-22 11:26 - 2014-03-22 11:27 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 10:51 - 2014-03-22 12:57 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:36 - 2014-03-27 21:02 - 00000000 ____D () C:\FRST
2014-03-22 10:22 - 2014-03-23 22:35 - 00010296 _____ () C:\Windows\PFRO.log
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:18 - 2014-03-15 11:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:31 - 2014-03-09 09:32 - 00000000 ____D () C:\Intel
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:16 - 2014-03-08 19:20 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:13 - 2014-03-08 19:16 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:05 - 2014-03-08 19:07 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg

==================== One Month Modified Files and Folders =======

2014-03-27 21:04 - 2014-03-23 20:35 - 00015861 _____ () C:\Users\pr\Downloads\FRST.txt
2014-03-27 21:04 - 2010-08-27 14:34 - 00043008 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2014-03-27 21:02 - 2014-03-22 10:36 - 00000000 ____D () C:\FRST
2014-03-27 20:21 - 2008-06-24 10:13 - 01761324 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 20:14 - 2013-05-16 15:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004UA.job
2014-03-27 20:11 - 2007-08-16 11:28 - 00025334 _____ () C:\Windows\system32\PROCDB.INI
2014-03-27 20:11 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 20:11 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 20:10 - 2014-03-22 12:59 - 00002012 _____ () C:\aaw7boot.log
2014-03-27 20:10 - 2014-01-18 09:00 - 00017408 _____ () C:\Windows\system32\rpcnetp.dll
2014-03-27 20:10 - 2014-01-10 08:19 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-03-27 20:10 - 2007-08-16 11:28 - 00000000 _____ () C:\Windows\system32\IPSCtrl.INI
2014-03-27 20:10 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 20:04 - 2008-06-24 10:15 - 00003204 _____ () C:\Windows\bthservsdp.dat
2014-03-27 20:04 - 2006-11-02 13:58 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 16:43 - 2011-05-08 14:55 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Mozilla
2014-03-23 22:35 - 2014-03-22 10:22 - 00010296 _____ () C:\Windows\PFRO.log
2014-03-23 20:32 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\pr\Desktop\Malware_aktuell
2014-03-23 17:13 - 2013-05-16 15:42 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391454227-742294692-1743814216-1004Core.job
2014-03-23 16:53 - 2014-03-23 16:53 - 01145856 _____ (Farbar) C:\Users\pr\Downloads\FRST.exe
2014-03-23 16:47 - 2014-03-23 16:47 - 00000699 _____ () C:\Users\pr\Desktop\Download - Verknüpfung.lnk
2014-03-23 16:47 - 2008-09-13 17:38 - 00000000 ____D () C:\Users\pr
2014-03-23 14:57 - 2014-03-23 14:57 - 00000905 _____ () C:\Users\pr\Documents\aawanna.txt
2014-03-23 13:02 - 2009-06-20 13:18 - 00000000 ____D () C:\Users\pr\Privat
2014-03-23 12:19 - 2014-03-23 11:36 - 00000000 ____D () C:\Qoobox
2014-03-23 12:13 - 2014-03-23 12:13 - 00016923 _____ () C:\ComboFix.txt
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-23 12:13 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-23 12:10 - 2014-03-23 11:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 12:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-23 11:57 - 2006-11-02 11:22 - 42205184 _____ () C:\Windows\system32\config\software.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 28573696 _____ () C:\Windows\system32\config\system.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-03-23 11:57 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-23 11:55 - 2008-08-13 13:18 - 00000000 ____D () C:\Users\rennhofer
2014-03-23 11:31 - 2014-03-23 11:30 - 05190773 ____R (Swearware) C:\Users\pr\Desktop\ComboFix.exe
2014-03-22 14:53 - 2014-03-22 14:53 - 00001185 _____ () C:\Windows\IE9_main.log
2014-03-22 14:31 - 2013-09-28 16:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-22 14:31 - 2013-09-28 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-22 12:57 - 2014-03-22 10:51 - 00000000 ____D () C:\Users\pr\Desktop\Malware
2014-03-22 12:18 - 2014-03-22 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 11:49 - 2011-01-07 22:45 - 00000000 ___RD () C:\Program Files\Skype
2014-03-22 11:30 - 2014-03-22 11:28 - 00000474 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-22 11:27 - 2014-03-22 11:27 - 00000985 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-22 11:27 - 2014-03-22 11:27 - 00000000 __HDC () C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2014-03-22 11:27 - 2014-03-22 11:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-22 11:14 - 2008-09-18 21:03 - 00000000 ____D () C:\Programme_download
2014-03-22 10:43 - 2014-03-22 10:43 - 00707006 _____ () C:\Users\pr\Downloads\delfix.exe
2014-03-22 10:40 - 2014-03-22 10:40 - 01037734 _____ (Thisisu) C:\Users\pr\Downloads\JRT.exe
2014-03-22 10:39 - 2014-03-22 10:39 - 01950720 _____ () C:\Users\pr\Downloads\adwcleaner.exe
2014-03-22 10:25 - 2013-03-31 10:53 - 00000000 ____D () C:\Users\pr\Desktop\CCleaner
2014-03-22 09:19 - 2012-05-23 22:42 - 00000774 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-22 09:19 - 2012-05-23 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-22 09:12 - 2013-05-01 12:36 - 00000000 ____D () C:\Windows\pss
2014-03-19 08:29 - 2006-11-02 11:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 08:10 - 2008-11-07 18:49 - 00000000 ____D () C:\Users\sr\Sayeeda
2014-03-16 09:44 - 2014-03-16 09:44 - 00000000 ____D () C:\Users\sr\AppData\Roaming\STRATO
2014-03-16 08:52 - 2013-12-20 11:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 08:46 - 2013-10-10 14:52 - 00000000 ____D () C:\Users\pr\AppData\Roaming\HomeTab
2014-03-15 11:19 - 2014-03-15 11:19 - 00000876 _____ () C:\Users\Public\Desktop\Anti-Malware.lnk
2014-03-15 11:19 - 2014-03-15 11:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-15 11:17 - 2014-03-15 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pr\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 21:09 - 2013-05-20 11:23 - 00000000 ____D () C:\Users\pr\Documents\888poker
2014-03-09 10:00 - 2013-09-28 16:57 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 09:35 - 2014-03-09 09:35 - 00000000 ____D () C:\Users\pr\AppData\Roaming\AVG
2014-03-09 09:32 - 2014-03-09 09:31 - 00000000 ____D () C:\Intel
2014-03-08 19:33 - 2014-03-08 19:16 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-08 19:28 - 2014-03-08 19:28 - 00000000 ____D () C:\Users\sr\AppData\Roaming\AVG
2014-03-08 19:20 - 2014-03-08 19:16 - 00000000 ____D () C:\ProgramData\AVG
2014-03-08 19:18 - 2014-03-08 19:18 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\AVG
2014-03-08 19:16 - 2014-03-08 19:13 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4(1).exe
2014-03-08 19:07 - 2014-03-08 19:05 - 78353832 _____ (AVG) C:\Users\sr\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
2014-03-08 15:37 - 2011-06-16 07:25 - 00000000 ____D () C:\Program Files\FoxTab3GPConverter
2014-03-08 15:08 - 2012-09-30 11:52 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\TuneUp Software
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Users\rennhofer\AppData\Local\MFAData
2014-03-08 14:50 - 2014-03-08 14:50 - 00064384 _____ () C:\Users\sr\Documents\cc_20140308_145020.reg
2014-03-07 15:25 - 2011-01-09 17:17 - 00000000 ____D () C:\Users\sr\AppData\Roaming\Skype
2014-03-07 15:23 - 2011-01-07 22:45 - 00000000 ____D () C:\Users\rennhofer\AppData\Roaming\Skype
2014-03-07 14:41 - 2008-08-13 13:22 - 00270384 _____ () C:\Users\rennhofer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-25 10:46 - 2008-11-08 15:27 - 00270384 _____ () C:\Users\sr\AppData\Roaming\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-27 20:18

==================== End Of Log ============================
--- --- ---

--- --- ---

mort 27.03.2014 22:02
Zitat:
Gibt es noch irgendwelche Probleme?
Was ist mit der Frage?

pauligauli 28.03.2014 15:30
Hi Mort, die Meldung mit dem TBUpdater.dll kommt beim Neustart immernoch. :confused:

mort 28.03.2014 16:31
Das sollten wir gleich haben.

Schritt 1

Starte noch einmal FRST.

  • Setze den Haken bei Additions.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131