Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Host auflösen" ... extrem langsame Internetdienste

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.01.2015, 14:23   #1
Munich089
 
"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



Hallo zusammen,

ich bin mal wieder nahe an der Verzweiflung. Trotz Avast, wöchentlichem TFC und Anti-malewarebytes-Durchläufen, zickt mein Laptop seit 1 Woche in Bezug auf "Internetdienste".

Im Browserfenster erscheint (unregelmäßig) links unten "Host auflösen", die Internetseiten werden dann entweder extrem langsam oder gar nicht geladen ("Webseite nicht verfügbar"). Ein Software-Update (bei einer Trading-Software) konnte auch nicht durchgeführt werden mit dem Hinweis meine Firewall und die Proxy-Einstellungen zu überprüfen.

Meine Firewall ist aktiviert, ein Proxyserver wird gemäß meinen Browsereinstellungen nicht verwendet.

Das Problem tritt bei allen 3 gängigen Browsern auf.

Auch das Mailabrufen via Windows Live Mailer führt zu häufigen Fehlermeldungen ("Zeitlimit überschritten"), auch das trat früher nie auf.

Meiner subjektiven Wahrnehmung nach "hakt" alles was mit Internet zu tun hat. Laut Service Provider (O2) wäre die Leitung OK.

Hinweisgebend ist bei meiner 6000er DSL-Leitung evtl. noch, dass via Speedtest der Download mit rund 7 MBpS zu Buche schlägt, der Upload aber nur zwischen 0,1 bis 0,4 MBps! Egal ob mit LAN oder WLAN.

CPU ist kaum ausgelastet, RAM zu 3/4; Anwendungen laufen eigentlich überhaupt keine (außer Browser und Windows Mail).

Vielen Dank im Voraus für Eure Hilfe!

Alt 09.01.2015, 14:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.01.2015, 14:50   #3
Munich089
 
"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



First:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by XXX (administrator) on XXX on 09-01-2015 15:44:19
Running from C:\Users\XXX\Downloads
Loaded Profile: XXX (Available profiles: XXX)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\Markus xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://remote.theacongroup.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Markus xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Markus xxxxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Markus xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\searchplugins\bing-avast.xml
FF Extension: Tradesignal Online Chart - C:\Users\Markus xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-09]
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-22]
FF HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2010-12-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google-Suche) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (AdBlock) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-22]
CHR Extension: (Avast Online Security) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Google Mail) - C:\Users\Markus xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-08-31] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-08-31] () [File not signed]
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited) [File not signed]
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
S3 catchme; \??\C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:44 - 2015-01-09 15:45 - 00019813 _____ () C:\Users\Markus xxxxx\Downloads\FRST.txt
2015-01-09 15:44 - 2015-01-09 15:44 - 00000000 ____D () C:\FRST
2015-01-09 15:42 - 2015-01-09 15:42 - 01115648 _____ (Farbar) C:\Users\Markus xxxxx\Downloads\FRST.exe
2015-01-09 13:51 - 2015-01-09 13:51 - 00001024 _____ () C:\.rnd
2014-12-18 09:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 22:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 07:44 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:44 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:44 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:44 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:44 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:44 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:44 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:44 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:44 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:44 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:44 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:44 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:44 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:44 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:44 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:44 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:44 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:43 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:43 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:43 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:43 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:43 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:43 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:43 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:43 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:43 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:43 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:43 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:43 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:43 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:43 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:43 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:42 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:42 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:42 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:42 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:42 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:42 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:31 - 2014-12-10 07:31 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:31 - 2012-04-07 19:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 15:00 - 2010-12-22 17:47 - 01946976 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 14:58 - 2010-12-24 16:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 14:57 - 2013-07-23 19:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2015-01-09 14:10 - 2009-07-21 06:30 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 13:58 - 2010-12-24 16:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 13:53 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 13:53 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 13:51 - 2014-06-01 21:09 - 00000000 ____D () C:\Users\Markus xxxxx\AppData\Local\FreePDF_XP
2015-01-09 13:51 - 2014-05-22 13:17 - 00001024 _____ () C:\Users\Markus xxxxx\.rnd
2015-01-09 13:45 - 2013-09-17 11:49 - 00037994 _____ () C:\Windows\setupact.log
2015-01-09 13:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 18:57 - 2013-07-23 19:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2015-01-07 16:40 - 2014-05-19 20:29 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 16:30 - 2014-10-20 19:11 - 00000000 ___RD () C:\Users\Markus xxxxx\Dropbox
2015-01-07 16:28 - 2012-08-04 14:24 - 00000000 ____D () C:\Users\Markus xxxxx\AppData\Roaming\Dropbox
2015-01-06 04:36 - 2010-12-23 20:25 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 23:00 - 2010-12-22 17:52 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-21 17:26 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 19:43 - 2012-04-07 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-18 19:42 - 2011-05-16 06:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-18 08:59 - 2014-10-20 19:10 - 00000000 ____D () C:\Users\Markus xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 17:46 - 2011-11-17 18:58 - 00000000 ____D () C:\Users\Markus xxxxx\Desktop\temp
2014-12-13 12:00 - 2010-12-24 17:44 - 00000000 ____D () C:\Users\Markus xxxxx\Salomon
2014-12-11 14:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-11 09:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 22:57 - 2011-06-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:54 - 2013-07-11 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:48 - 2010-12-24 11:20 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Markus xxxxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp2emio.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 19:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---





Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by XXX at 2015-01-09 15:45:34
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ActiveTrader Deutschland (HKLM\...\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}) (Version: 6.2.2 - Cortal Consors)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.111.07010 (HKLM\...\{CD9771C2-C65C-2112-0B6E-043346A27110}) (Version: 2.12.111.07010 - Sony)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sony PC Companion 2.10.228 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
TeamSIP 2go (HKLM\...\{B303639A-2CDF-42A1-8532-0E3338CE5A6D}) (Version: 2.5.14 - TeamFON GmbH)
TeamSIP 2go (Version: 2.5.14 - TeamFON GmbH) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{3FB043FD-4C4C-4E99-8678-BA00A465C3F8}) (Version: 7.3.0.15 - Tradesignal GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Markus xxxxxx\AppData\Local\Google\Chrome\Application\34.0.1847.137\delegate_execute.exe" (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Markus xxxxxx\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

30-12-2014 22:50:53 Windows Update
06-01-2015 19:22:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-05-21 07:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\Markus xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\Markus xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {991A0262-22F3-4D47-B83A-DE6D40A1E33E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D21F778A-2362-45CD-B314-E7E586A78701} - System32\Tasks\{40F352CF-C559-4815-BAB0-CA2184302B50} => pcalua.exe -a "C:\Users\Markus xxxxxx\Desktop\avira_antivir_personal_de609.exe" -d "C:\Users\Markus xxxxxx\Desktop"
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F7600EDB-E22B-4AE2-B48D-35C8A4139657} - System32\Tasks\{A6820A6A-B657-4BA2-A002-2F57E4DE222E} => pcalua.exe -a "C:\Users\Markus xxxxxx\Downloads\TeamSIP2go_2514.exe" -d "C:\Users\Markus xxxxxx\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\Markus xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\Markus xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-08-31 23:32 - 2009-08-31 23:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2015-01-09 09:10 - 2015-01-09 09:10 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010900\algo.dll
2014-06-01 21:08 - 2012-06-21 06:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 17:42 - 2009-08-23 19:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-11-24 13:46 - 2014-11-24 13:46 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TeamSIP 2go.lnk => C:\Windows\pss\TeamSIP 2go.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Markus xxxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Markus xxxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

========================= Accounts: ==========================

Administrator (S-1-5-21-1732376492-3782921457-3814634441-500 - Administrator - Disabled)
Gast (S-1-5-21-1732376492-3782921457-3814634441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1732376492-3782921457-3814634441-1003 - Limited - Enabled)
Markus xxxxxx (S-1-5-21-1732376492-3782921457-3814634441-1000 - Administrator - Enabled) => C:\Users\Markus xxxxxx

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 00:38:53 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/09/2015 00:31:59 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/07/2015 09:34:07 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/07/2015 09:27:43 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/06/2015 07:55:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/06/2015 07:48:43 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/31/2014 00:59:26 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/31/2014 00:52:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2014 11:38:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2014 11:31:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (01/09/2015 01:45:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (01/09/2015 01:45:53 PM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/09/2015 01:45:53 PM) (Source: amdkmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/09/2015 01:43:43 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/09/2015 09:08:12 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (01/09/2015 09:08:09 AM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/09/2015 09:08:09 AM) (Source: amdkmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/09/2015 01:34:53 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/08/2015 10:26:56 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse 30-A8-DB-C4-A9-3E ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (01/08/2015 09:02:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 09:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 10:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (05/24/2012 05:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 2520.03 MB
Available physical RAM: 1070.24 MB
Total Pagefile: 6298.32 MB
Available Pagefile: 4161.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.54 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:56.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:4.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 09.01.2015, 15:07   #4
schrauber
/// the machine
/// TB-Ausbilder
 

"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 10:35   #5
Munich089
 
"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.01.2015
Suchlauf-Zeit: 10:23:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.10.10
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Markus XXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 373484
Verstrichene Zeit: 13 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         



AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 11:04:14
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Markus XXx - MARKUSXXX
# Gestartet von : C:\Users\Markus XXX\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\insm.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.insm.de

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [1120 octets] - [10/01/2015 10:54:35]
AdwCleaner[S0].txt - [1042 octets] - [10/01/2015 11:04:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1102 octets] ##########
         


JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by Markus XXX on 10.01.2015 at 11:22:00,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 11:24:00,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Markus XXX (administrator) on MARKUSXXX on 10-01-2015 11:28:00
Running from C:\Users\Markus XXX\Downloads
Loaded Profile: Markus XXX (Available profiles: Markus XXX)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://remote.theacongroup.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\searchplugins\bing-avast.xml
FF Extension: Tradesignal Online Chart - C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-09]
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-22]
FF HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2010-12-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google-Suche) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (AdBlock) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-22]
CHR Extension: (Avast Online Security) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Google Mail) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-08-31] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-08-31] () [File not signed]
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited) [File not signed]
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
S3 catchme; \??\C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:28 - 2015-01-10 11:28 - 00019527 _____ () C:\Users\Markus XXX\Downloads\FRST.txt
2015-01-10 11:26 - 2015-01-10 11:26 - 00000686 _____ () C:\Users\Markus XXX\Downloads\JRT.txt
2015-01-10 11:16 - 2015-01-10 11:17 - 00001170 _____ () C:\Users\Markus XXX\Downloads\AdwCleaner[S0].txt
2015-01-10 11:15 - 2015-01-10 11:15 - 00001024 _____ () C:\.rnd
2015-01-10 10:54 - 2015-01-10 11:04 - 00000000 ____D () C:\AdwCleaner
2015-01-10 10:53 - 2015-01-10 10:53 - 02191360 _____ () C:\Users\Markus XXX\Downloads\AdwCleaner_4.107.exe
2015-01-10 10:53 - 2015-01-10 10:53 - 01707939 _____ (Thisisu) C:\Users\Markus XXX\Downloads\JRT.exe
2015-01-10 10:38 - 2015-01-10 11:18 - 00001208 _____ () C:\Users\Markus XXX\Downloads\mbam.txt
2015-01-09 15:44 - 2015-01-10 11:28 - 00000000 ____D () C:\FRST
2015-01-09 15:42 - 2015-01-09 15:42 - 01115648 _____ (Farbar) C:\Users\Markus XXX\Downloads\FRST.exe
2014-12-18 09:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:15 - 2014-06-01 21:09 - 00000000 ____D () C:\Users\Markus XXX\AppData\Local\FreePDF_XP
2015-01-10 11:15 - 2014-05-22 13:17 - 00001024 _____ () C:\Users\Markus XXX\.rnd
2015-01-10 11:15 - 2010-12-24 16:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 11:12 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:12 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:10 - 2010-12-22 17:47 - 01979978 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 11:05 - 2013-09-17 11:49 - 00038162 _____ () C:\Windows\setupact.log
2015-01-10 11:05 - 2010-12-22 17:42 - 00117944 _____ () C:\Windows\PFRO.log
2015-01-10 11:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 10:58 - 2010-12-24 16:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 10:57 - 2013-07-23 19:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2015-01-10 10:31 - 2012-04-07 19:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 10:23 - 2014-05-19 20:29 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 14:10 - 2009-07-21 06:30 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 18:57 - 2013-07-23 19:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 16:30 - 2014-10-20 19:11 - 00000000 ___RD () C:\Users\Markus XXX\Dropbox
2015-01-07 16:28 - 2012-08-04 14:24 - 00000000 ____D () C:\Users\Markus XXX\AppData\Roaming\Dropbox
2015-01-06 04:36 - 2010-12-23 20:25 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 23:00 - 2010-12-22 17:52 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-21 17:26 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 19:43 - 2012-04-07 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-18 19:42 - 2011-05-16 06:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-18 08:59 - 2014-10-20 19:10 - 00000000 ____D () C:\Users\Markus XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 17:46 - 2011-11-17 18:58 - 00000000 ____D () C:\Users\Markus XXX\Desktop\temp
2014-12-13 12:00 - 2010-12-24 17:44 - 00000000 ____D () C:\Users\Markus XXX\Salomon
2014-12-11 14:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-11 09:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Markus XXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp2emio.dll
C:\Users\Markus XXX\AppData\Local\Temp\Quarantine.exe
C:\Users\Markus XXX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 19:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Markus XXX at 2015-01-10 11:28:58
Running from C:\Users\Markus XXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ActiveTrader Deutschland (HKLM\...\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}) (Version: 6.2.2 - Cortal Consors)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.111.07010 (HKLM\...\{CD9771C2-C65C-2112-0B6E-043346A27110}) (Version: 2.12.111.07010 - Sony)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sony PC Companion 2.10.228 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
TeamSIP 2go (HKLM\...\{B303639A-2CDF-42A1-8532-0E3338CE5A6D}) (Version: 2.5.14 - TeamFON GmbH)
TeamSIP 2go (Version: 2.5.14 - TeamFON GmbH) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{3FB043FD-4C4C-4E99-8678-BA00A465C3F8}) (Version: 7.3.0.15 - Tradesignal GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Chrome\Application\34.0.1847.137\delegate_execute.exe" (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

30-12-2014 22:50:53 Windows Update
06-01-2015 19:22:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-05-21 07:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {991A0262-22F3-4D47-B83A-DE6D40A1E33E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D21F778A-2362-45CD-B314-E7E586A78701} - System32\Tasks\{40F352CF-C559-4815-BAB0-CA2184302B50} => pcalua.exe -a "C:\Users\Markus XXX\Desktop\avira_antivir_personal_de609.exe" -d "C:\Users\Markus XXX\Desktop"
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F7600EDB-E22B-4AE2-B48D-35C8A4139657} - System32\Tasks\{A6820A6A-B657-4BA2-A002-2F57E4DE222E} => pcalua.exe -a "C:\Users\Markus XXX\Downloads\TeamSIP2go_2514.exe" -d "C:\Users\Markus XXX\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-08-31 23:32 - 2009-08-31 23:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2015-01-10 09:55 - 2015-01-10 09:55 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll
2014-06-01 21:08 - 2012-06-21 06:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 13:46 - 2014-11-24 13:46 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TeamSIP 2go.lnk => C:\Windows\pss\TeamSIP 2go.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Markus XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Markus XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

========================= Accounts: ==========================

Administrator (S-1-5-21-1732376492-3782921457-3814634441-500 - Administrator - Disabled)
Gast (S-1-5-21-1732376492-3782921457-3814634441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1732376492-3782921457-3814634441-1003 - Limited - Enabled)
Markus XXX (S-1-5-21-1732376492-3782921457-3814634441-1000 - Administrator - Enabled) => C:\Users\Markus XXX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/10/2013 09:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 10:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (05/24/2012 05:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 56%
Total physical RAM: 2520.03 MB
Available physical RAM: 1098.93 MB
Total Pagefile: 6298.32 MB
Available Pagefile: 4602.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.04 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:56.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:4.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 10.01.2015, 12:11   #6
schrauber
/// the machine
/// TB-Ausbilder
 

"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> "Host auflösen" ... extrem langsame Internetdienste

Alt 12.01.2015, 13:58   #7
Munich089
 
"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	16.0.0.235  
 Mozilla Firefox (for.) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Markus XXX (administrator) on MARKUSXXX on 12-01-2015 14:34:13
Running from C:\Users\Markus XXX\Downloads
Loaded Profile: Markus XXX (Available profiles: Markus XXX)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\57ec8775-2c33-4253-81e3-2dd3e6e51182.exe [183232 2015-01-12] (AVAST Software)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> {A95222CF-BCDF-49E9-8CA6-B58BF7C0BD80} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://remote.theacongroup.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B43337D8-2D2F-4799-AC69-6A1C09B0F500}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1732376492-3782921457-3814634441-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\searchplugins\bing-avast.xml
FF Extension: Tradesignal Online Chart - C:\Users\Markus XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ru8zppbh.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-09]
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-22]
FF HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2010-12-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google-Suche) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (AdBlock) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-22]
CHR Extension: (Avast Online Security) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Google Mail) - C:\Users\Markus XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-08-31] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-08-31] () [File not signed]
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited) [File not signed]
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
S3 catchme; \??\C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 14:34 - 2015-01-12 14:34 - 00019804 _____ () C:\Users\Markus XXX\Downloads\FRST.txt
2015-01-12 14:33 - 2015-01-12 14:33 - 00000896 _____ () C:\Users\Markus XXX\Downloads\checkup.txt
2015-01-12 14:28 - 2015-01-12 14:28 - 00852505 _____ () C:\Users\Markus XXX\Downloads\SecurityCheck.exe
2015-01-12 12:02 - 2015-01-12 12:02 - 00000000 ____D () C:\Program Files\ESET
2015-01-12 12:00 - 2015-01-12 12:00 - 02347384 _____ (ESET) C:\Users\Markus XXX\Downloads\esetsmartinstaller_deu.exe
2015-01-12 10:15 - 2015-01-12 10:15 - 00001024 _____ () C:\.rnd
2015-01-11 18:09 - 2015-01-11 18:12 - 94438414 _____ () C:\Users\Markus XXX\Downloads\vuplus-image-vuduo2-20141128135541_vti_8-0-0_usb.zip
2015-01-11 16:37 - 2015-01-11 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-01-11 16:37 - 2015-01-11 16:37 - 00000000 ____D () C:\Program Files\CPUID
2015-01-10 11:26 - 2015-01-10 11:26 - 00000686 _____ () C:\Users\Markus XXX\Downloads\JRT.txt
2015-01-10 11:16 - 2015-01-10 11:17 - 00001170 _____ () C:\Users\Markus XXX\Downloads\AdwCleaner[S0].txt
2015-01-10 10:54 - 2015-01-10 11:04 - 00000000 ____D () C:\AdwCleaner
2015-01-10 10:53 - 2015-01-10 10:53 - 02191360 _____ () C:\Users\Markus XXX\Downloads\AdwCleaner_4.107.exe
2015-01-10 10:53 - 2015-01-10 10:53 - 01707939 _____ (Thisisu) C:\Users\Markus XXX\Downloads\JRT.exe
2015-01-10 10:38 - 2015-01-10 11:18 - 00001208 _____ () C:\Users\Markus XXX\Downloads\mbam.txt
2015-01-09 15:44 - 2015-01-12 14:34 - 00000000 ____D () C:\FRST
2015-01-09 15:42 - 2015-01-09 15:42 - 01115648 _____ (Farbar) C:\Users\Markus XXX\Downloads\FRST.exe
2014-12-18 09:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 14:31 - 2012-04-07 19:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 14:02 - 2010-12-22 17:47 - 02025886 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 13:58 - 2010-12-24 16:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 13:58 - 2010-12-24 16:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 13:57 - 2013-07-23 19:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2015-01-12 10:22 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 10:22 - 2009-07-14 05:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 10:15 - 2014-06-01 21:09 - 00000000 ____D () C:\Users\Markus XXX\AppData\Local\FreePDF_XP
2015-01-12 10:15 - 2014-05-22 13:17 - 00001024 _____ () C:\Users\Markus XXX\.rnd
2015-01-12 10:14 - 2013-09-17 11:49 - 00038330 _____ () C:\Windows\setupact.log
2015-01-12 10:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 20:58 - 2011-11-17 18:58 - 00000000 ____D () C:\Users\Markus XXX\Desktop\temp
2015-01-11 20:16 - 2009-07-21 06:30 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 18:57 - 2013-07-23 19:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2015-01-10 11:05 - 2010-12-22 17:42 - 00117944 _____ () C:\Windows\PFRO.log
2015-01-10 10:23 - 2014-05-19 20:29 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 16:33 - 2014-05-19 20:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 16:30 - 2014-10-20 19:11 - 00000000 ___RD () C:\Users\Markus XXX\Dropbox
2015-01-07 16:28 - 2012-08-04 14:24 - 00000000 ____D () C:\Users\Markus XXX\AppData\Roaming\Dropbox
2015-01-06 04:36 - 2010-12-23 20:25 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 23:00 - 2010-12-22 17:52 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-21 17:26 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 19:43 - 2012-04-07 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-18 19:42 - 2011-05-16 06:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-18 08:59 - 2014-10-20 19:10 - 00000000 ____D () C:\Users\Markus XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 12:00 - 2010-12-24 17:44 - 00000000 ____D () C:\Users\Markus XXX\Salomon

Some content of TEMP:
====================
C:\Users\Markus XXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp2emio.dll
C:\Users\Markus XXX\AppData\Local\Temp\Quarantine.exe
C:\Users\Markus XXX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 19:47

==================== End Of Log ============================
         
--- --- ---




Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Markus XXX at 2015-01-12 14:35:09
Running from C:\Users\Markus XXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ActiveTrader Deutschland (HKLM\...\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}) (Version: 6.2.2 - Cortal Consors)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.111.07010 (HKLM\...\{CD9771C2-C65C-2112-0B6E-043346A27110}) (Version: 2.12.111.07010 - Sony)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sony PC Companion 2.10.228 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
TeamSIP 2go (HKLM\...\{B303639A-2CDF-42A1-8532-0E3338CE5A6D}) (Version: 2.5.14 - TeamFON GmbH)
TeamSIP 2go (Version: 2.5.14 - TeamFON GmbH) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{3FB043FD-4C4C-4E99-8678-BA00A465C3F8}) (Version: 7.3.0.15 - Tradesignal GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Chrome\Application\34.0.1847.137\delegate_execute.exe" (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1732376492-3782921457-3814634441-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Markus XXX\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

30-12-2014 22:50:53 Windows Update
06-01-2015 19:22:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-05-21 07:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {991A0262-22F3-4D47-B83A-DE6D40A1E33E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D21F778A-2362-45CD-B314-E7E586A78701} - System32\Tasks\{40F352CF-C559-4815-BAB0-CA2184302B50} => pcalua.exe -a "C:\Users\Markus XXX\Desktop\avira_antivir_personal_de609.exe" -d "C:\Users\Markus XXX\Desktop"
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F7600EDB-E22B-4AE2-B48D-35C8A4139657} - System32\Tasks\{A6820A6A-B657-4BA2-A002-2F57E4DE222E} => pcalua.exe -a "C:\Users\Markus XXX\Downloads\TeamSIP2go_2514.exe" -d "C:\Users\Markus XXX\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\Markus XXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-08-31 23:32 - 2009-08-31 23:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2015-01-12 10:15 - 2015-01-12 10:15 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
2014-06-01 21:08 - 2012-06-21 06:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 17:42 - 2009-08-23 19:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-11-24 13:46 - 2014-11-24 13:46 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 00:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TeamSIP 2go.lnk => C:\Windows\pss\TeamSIP 2go.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Markus XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Markus XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

========================= Accounts: ==========================

Administrator (S-1-5-21-1732376492-3782921457-3814634441-500 - Administrator - Disabled)
Gast (S-1-5-21-1732376492-3782921457-3814634441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1732376492-3782921457-3814634441-1003 - Limited - Enabled)
Markus XXX (S-1-5-21-1732376492-3782921457-3814634441-1000 - Administrator - Enabled) => C:\Users\Markus XXX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 09:24:27 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/11/2015 09:18:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/11/2015 08:37:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/11/2015 05:26:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (01/12/2015 10:14:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (01/12/2015 10:14:09 AM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/12/2015 10:14:09 AM) (Source: amdkmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/11/2015 11:08:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/11/2015 04:16:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (01/11/2015 04:16:34 PM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/11/2015 04:16:34 PM) (Source: amdkmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/10/2015 01:34:58 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/10/2015 00:06:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (01/10/2015 00:05:57 PM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (12/10/2013 09:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 02:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 10:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (05/24/2012 05:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 2520.03 MB
Available physical RAM: 1179.6 MB
Total Pagefile: 6298.32 MB
Available Pagefile: 4419.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.05 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:53.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:4.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Der ESET-Scanner hat 2 Stunden gescannt, aber keine Bedrohungen gefunden. Leider habe ich zuerst den Scanner deinstalliert und dann erst gesehen, dass das logfile laut Beschreibung im Ordner drin war :-( ... folglich kann ich das hier nicht posten, aber wie gesagt: es waren keine Bedrohungen angezeigt.

Das Problem ist leider immer noch nicht gelöst. Es erfolgt erratisch eine extrem langsame Internetdatenverarbeitung (immer wieder die Meldung: "Host auflösen"), auch sehr schön am Speedtest zu sehen. Ich hab den DNS-Server auch mal auf google umgestellt, bringt aber auch nix. Jetzt gerade wurde die WLAN-Verbindung urplötzlich getrennt und nach ca. 10 min erst wieder aufgenommen.

Sehr seltsam?! Kann da evtl. der O2-Standard-Router diese Probleme verursachen? Weil die Leitung wäre laut O2 in Ordnung. Das DSL- und WLAN-Licht am Router leuchtet allerdings auch durchgängig.

Alt 12.01.2015, 15:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

"Host auflösen" ... extrem langsame Internetdienste - Standard

"Host auflösen" ... extrem langsame Internetdienste



Router mal auf Werkseinstellungen zurücksetzen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "Host auflösen" ... extrem langsame Internetdienste
anwendungen, ausgelastet, avast, dienst, download, fehlermeldungen, firewall, gen, hallo zusammen, hilfe!, internetseite, langsam, laptop, links, live, nicht geladen, problem, ram, seite, seiten, service, speedtest, upload, windows, windows live, überschritten



Ähnliche Themen: "Host auflösen" ... extrem langsame Internetdienste


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 7: verzögertes Herunterfahren, Meldung "Task Host Window"
    Log-Analyse und Auswertung - 14.12.2014 (37)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Langsame Internetverbindung, MalwareBytes liefert "pup.vshareredir"
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (17)
  5. PC nach Befall durch "TR/Crypt.XPACK.Gen" und "TR/Crypt.ZPACK.Gen2" extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (7)
  6. "Generic Host Process for Win32 service"-Fehler nach Start und kein Ton/Sound
    Log-Analyse und Auswertung - 17.07.2011 (33)
  7. Host application& WTR Loader funktioniert nicht mehr (Catalyst Control Centre),Daten "weg"
    Log-Analyse und Auswertung - 10.05.2011 (1)
  8. Ip-Adresse wechselt täglich, langsame Internetverbindung, kein Zugriff auf "ipconfig"
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (5)
  9. "Generic Host Process" Problem auf Win XP SP3
    Log-Analyse und Auswertung - 23.09.2010 (29)
  10. "Generic Host Process for Win32 Services" Problem (Service Pack 2)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  11. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  12. "generic host process" lädt permanent herunter
    Plagegeister aller Art und deren Bekämpfung - 10.10.2009 (1)
  13. "Generic Host Process for Win32 Services hat ein Problem festgestellt ..."
    Log-Analyse und Auswertung - 01.10.2008 (0)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. "Generic Host Prozess for Win 32 Services" - Virus?
    Log-Analyse und Auswertung - 01.01.2008 (3)
  16. HILFE!!! Computerprofis, hilfe! "Windows sript host" KEIN ZUGRIFF MEHR!?
    Alles rund um Windows - 30.07.2007 (11)
  17. Zone Alarm-Einstellung: "Generic Host" auf eigenen Router zulassen?
    Antiviren-, Firewall- und andere Schutzprogramme - 29.06.2007 (9)

Zum Thema "Host auflösen" ... extrem langsame Internetdienste - Hallo zusammen, ich bin mal wieder nahe an der Verzweiflung. Trotz Avast, wöchentlichem TFC und Anti-malewarebytes-Durchläufen, zickt mein Laptop seit 1 Woche in Bezug auf "Internetdienste". Im Browserfenster erscheint (unregelmäßig) - "Host auflösen" ... extrem langsame Internetdienste...
Archiv
Du betrachtest: "Host auflösen" ... extrem langsame Internetdienste auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.