Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Zombie Invasion eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2015, 22:37   #1
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,

ich habe mir Zombie Invasion eingefangen (Adware?) und bekomme es nicht deinstalliert. Wie werde ich den Quälgeist wieder los?
Danke
Kay

Alt 18.01.2015, 23:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.01.2015, 21:34   #3
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,

vielen Dank für deine Hilfe.
In den letzten Tage ist der Virenscanner nicht angesprungen und fündig geworden.

Vielen Dank

Gusi


hier die beiden Dateien:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lenovo (administrator) on IDEA-PC on 19-01-2015 21:26:36
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available profiles: Lenovo)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\rcore.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Time Lapse Solutions) C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Abengine) C:\Program Files (x86)\Flwsrf\abengine.exe
() C:\Program Files (x86)\Flwsrf\ijs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-09-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-09-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_107] => [X]
HKLM-x32\...\Run: [mbot_de_434] => [X]
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk -> C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402332431&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9FC911059&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402332431&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9FC911059&q={searchTerms}
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://tikotin.com
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-29]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 abengine; C:\Program Files (x86)\Flwsrf\abengine.exe [1348168 2014-12-05] (Abengine) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 InjectorService; C:\Program Files (x86)\Flwsrf\ijs.exe [164352 2014-11-29] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PtLhhVMgweX; C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe [2734384 2015-01-17] (Time Lapse Solutions)
R2 rcores; C:\WINDOWS\rcore.exe [4686848 2015-01-15] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:26 - 2015-01-19 21:27 - 00017722 _____ () C:\Users\Lenovo\Desktop\FRST.txt
2015-01-19 21:26 - 2015-01-19 21:26 - 02126848 _____ (Farbar) C:\Users\Lenovo\Desktop\FRST64.exe
2015-01-19 21:26 - 2015-01-19 21:26 - 00000000 ____D () C:\FRST
2015-01-19 21:20 - 2015-01-19 21:20 - 00000002 _____ () C:\END
2015-01-19 21:20 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2015-01-19 21:20 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2015-01-18 22:32 - 2015-01-18 22:32 - 00000000 ____D () C:\ProgramData\Browser
2015-01-18 22:11 - 2015-01-18 22:11 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}
2015-01-17 23:15 - 2015-01-17 23:15 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\ZombieInvasion
2015-01-17 23:04 - 2015-01-19 21:20 - 00004768 _____ () C:\WINDOWS\SysWOW64\abengine.ini
2015-01-17 23:04 - 2015-01-19 21:20 - 00002672 _____ () C:\WINDOWS\SysWOW64\abengineOff.ini
2015-01-17 23:04 - 2015-01-19 21:20 - 00002672 _____ () C:\WINDOWS\system32\abengineOff.ini
2015-01-17 23:04 - 2015-01-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Flwsrf
2015-01-17 23:04 - 2015-01-17 23:04 - 00003936 _____ () C:\WINDOWS\System32\Tasks\amiupdaterExi
2015-01-17 23:04 - 2015-01-17 23:04 - 00003730 _____ () C:\WINDOWS\System32\Tasks\amiupdaterExd
2015-01-17 23:04 - 2015-01-17 23:04 - 00003088 _____ () C:\WINDOWS\System32\Tasks\upfs7235
2015-01-17 23:04 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll.rlwrgkr
2015-01-17 23:04 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll.rlwrgkr
2015-01-17 21:04 - 2015-01-18 22:11 - 00000000 ____D () C:\ProgramData\ZombieInvasion
2015-01-17 21:04 - 2015-01-17 23:14 - 00000000 ____D () C:\ProgramData\WdZGDGSBB
2015-01-17 19:53 - 2015-01-17 19:53 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-17 19:52 - 2015-01-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2015-01-17 19:48 - 2015-01-17 19:48 - 00000000 ____D () C:\ProgramData\1c2d7a9e00000880
2015-01-17 19:47 - 2015-01-17 23:09 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-17 19:47 - 2015-01-17 19:47 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\com
2015-01-17 19:46 - 2015-01-17 19:46 - 00004014 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-01-17 19:45 - 2015-01-19 21:19 - 00001354 _____ () C:\WINDOWS\Tasks\SDPQ.job
2015-01-17 19:45 - 2015-01-18 19:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-17 19:45 - 2015-01-17 19:45 - 02001888 _____ (MDplay+version) C:\Users\Lenovo\AppData\Roaming\SDPQ.exe
2015-01-17 19:45 - 2015-01-17 19:45 - 00004360 _____ () C:\WINDOWS\System32\Tasks\SDPQ
2015-01-17 19:45 - 2015-01-17 19:45 - 00002406 _____ () C:\WINDOWS\patsearch.bin
2015-01-17 19:45 - 2015-01-17 19:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-17 19:45 - 2015-01-17 19:45 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\globalUpdate
2015-01-17 19:44 - 2015-01-17 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-01-17 19:44 - 2015-01-15 12:29 - 04686848 _____ () C:\WINDOWS\rcore.exe
2015-01-14 19:17 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:17 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:17 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:17 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:17 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:17 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:17 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:17 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:17 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:17 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 23:24 - 2015-01-10 23:25 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-10 23:24 - 2015-01-10 23:24 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-01-10 23:24 - 2015-01-10 23:24 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\pdfforge
2015-01-10 23:24 - 2015-01-10 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-10 23:24 - 2014-12-16 20:01 - 00114872 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-12-26 16:19 - 2014-12-26 16:19 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 19:58 - 2014-12-22 19:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:24 - 2014-06-11 16:13 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FB719F3-98F7-4FA1-A9DC-36B8CBECE281}
2015-01-19 21:24 - 2012-12-10 21:55 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4192971916-827652232-1351803540-1002
2015-01-19 21:23 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 21:23 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-19 21:23 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-19 21:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 23:02 - 2013-01-03 15:08 - 00000000 ____D () C:\Users\Lenovo\Documents\Outlook-Dateien
2015-01-18 22:16 - 2013-01-13 12:41 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 22:15 - 2013-01-13 12:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 21:42 - 2014-06-09 22:02 - 01180277 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-18 14:50 - 2013-08-22 15:46 - 00351610 _____ () C:\WINDOWS\setupact.log
2015-01-18 14:40 - 2014-06-10 06:01 - 00000000 __RDO () C:\Users\Lenovo\OneDrive
2015-01-17 19:56 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 19:55 - 2014-03-18 02:50 - 00022780 _____ () C:\WINDOWS\PFRO.log
2015-01-17 19:55 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 23:24 - 2013-01-03 22:02 - 00000000 ____D () C:\Users\Lenovo\Documents\Kay
2015-01-16 19:27 - 2013-08-21 17:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-16 19:20 - 2013-01-01 13:50 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 19:27 - 2014-06-13 16:56 - 00002055 _____ () C:\WINDOWS\SecuniaPackage.log
2015-01-06 01:08 - 2014-12-12 21:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-06 01:08 - 2014-11-12 22:53 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-31 12:14 - 2013-01-01 13:23 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Lenovo\AppData\Roaming\SDPQ
2015-01-17 19:45 - 2015-01-17 19:45 - 2001888 _____ (MDplay+version) C:\Users\Lenovo\AppData\Roaming\SDPQ.exe
2013-01-20 13:17 - 2013-01-20 13:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-21 23:26 - 2012-09-21 23:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 20:11

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Lenovo at 2015-01-19 21:27:30
Running from C:\Users\Lenovo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.15.45 - CyberViewX)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Flwsrf (HKLM-x32\...\Flwsrf) (Version: 3.0.0.2 - Flwsrf) <==== ATTENTION!
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Hilfe (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1519 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OneKey Recovery (Version: 5.70.0000 - CyberLink Corp.) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.38 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.38 - Saal Digital Fotoservice GmbH) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.54 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4192971916-827652232-1351803540-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

28-12-2014 14:54:05 Geplanter Prüfpunkt
10-01-2015 14:20:10 Geplanter Prüfpunkt
16-01-2015 19:18:00 Windows Modules Installer
17-01-2015 19:48:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
18-01-2015 22:12:55 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00F484E0-6D6E-4088-9892-AFCC3D38F9A8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {033833CA-1718-44FA-A117-A60D156EA7C0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A49A750-6F39-4347-BEE0-BF99AB5CFFEA} - System32\Tasks\SDPQ => C:\Users\Lenovo\AppData\Roaming\SDPQ.exe [2015-01-17] (MDplay+version) <==== ATTENTION
Task: {1D43AE1F-7322-425F-B5E7-41618A92FA06} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {23CF9A36-30A1-400C-8E45-B276FB765B76} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {26AB3E2C-C239-4D55-BAD7-AB4C37BF4A25} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {2AD2C5B0-ECC6-415D-A1D5-5EE73F6AA761} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {3B53D1BD-4BC7-49F4-BA75-AAF381B7FC61} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high hxxp://d17xr4aw9ok0me.cloudfront.net/Updater.exe "C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe"
Task: {428E2899-2FAA-4221-A712-F0645E09626C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {4718AE03-E5D3-41F7-B991-ED2FAA33FD0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4E49186B-4687-4CFD-8499-EBA8277133E0} - System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E} => pcalua.exe -a C:\ProgramData\ZombieInvasion\uninstall.exe -c /kb=y /ic=1
Task: {68470D00-F7E8-4147-8FE6-B9B87976D11E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {6BBE111B-EBB8-438A-AC4F-69B93F4ED8F7} - System32\Tasks\amiupdaterExi => C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe [2015-01-17] () <==== ATTENTION
Task: {83660DC7-0332-4490-92EC-56F8E3BFC966} - System32\Tasks\upfs7235 => C:\Program Files (x86)\Flwsrf\upfs7235.exe [2014-12-05] ()
Task: {BFC95A00-0294-4B34-96F1-503DBCF31532} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation)
Task: {D04B844F-63C2-42E2-9CC1-CC0C0F92FFE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FA01F1DC-AC5A-4A9F-A5FA-055A342D37C8} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\WINDOWS\Tasks\SDPQ.job => C:\Users\Lenovo\AppData\Roaming\SDPQ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 14:48 - 2012-08-26 14:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-01-17 19:44 - 2015-01-15 12:29 - 04686848 _____ () C:\WINDOWS\rcore.exe
2014-04-19 19:01 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-09 22:02 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-25 18:25 - 2014-11-25 18:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-29 13:26 - 2014-11-29 13:26 - 00164352 _____ () C:\Program Files (x86)\Flwsrf\ijs.exe
2012-09-21 23:16 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-19 19:01 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Lenovo\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

========================= Accounts: ==========================

Administrator (S-1-5-21-4192971916-827652232-1351803540-500 - Administrator - Disabled)
Gast (S-1-5-21-4192971916-827652232-1351803540-501 - Limited - Disabled)
Lenovo (S-1-5-21-4192971916-827652232-1351803540-1002 - Administrator - Enabled) => C:\Users\Lenovo

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:05:44 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/18/2015 11:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.323.0, Zeitstempel: 0x533c0ef6
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec0b4
ID des fehlerhaften Prozesses: 0x2ea4
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (01/17/2015 11:17:31 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/17/2015 08:03:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4bc

Startzeit: 01d0328781817393

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 78fc6aa8-9e7b-11e4-bebb-c0143dc95576

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/17/2015 07:56:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x7a0
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (01/16/2015 11:17:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm StarChart.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 120c

Startzeit: 01d031da144c12c1

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66\StarChart.exe

Berichts-ID: 625991c0-9dcd-11e4-beba-c0143dc95576

Vollständiger Name des fehlerhaften Pakets: EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (01/16/2015 11:16:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: IDEA-PC)
Description: Die App „EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66+App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (01/16/2015 11:15:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6c0

Startzeit: 01d031d93a8f0ba9

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 2ec602f6-9dcd-11e4-beba-c0143dc95576

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/16/2015 11:09:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x72c
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5

Error: (01/16/2015 07:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ac4

Startzeit: 01d031b92722101a

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 1b14f43b-9dad-11e4-beb9-c0143dc95576

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (01/18/2015 11:05:43 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/18/2015 10:12:22 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: {BF6D8439-BAC1-4E73-94FE-9910D098AE00}

Error: (01/17/2015 08:03:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (01/17/2015 07:56:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/17/2015 07:55:44 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.

Error: (01/17/2015 07:45:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SWUpdaterSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/17/2015 07:45:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SWUpdaterSvc erreicht.

Error: (01/17/2015 07:35:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/17/2015 07:35:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/17/2015 07:35:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 11:05:44 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/18/2015 11:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.8.323.0533c0ef6KERNELBASE.dll6.3.9600.1727853eebd22c000014200000000000ec0b42ea401d0336ae75f2359C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll250e11a4-9f5e-11e4-bebb-c0143dc95576

Error: (01/17/2015 11:17:31 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/17/2015 08:03:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206894bc01d03287818173934294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe78fc6aa8-9e7b-11e4-bebb-c0143dc95576microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/17/2015 07:56:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c7a001d0328751e58cc1C:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll96f2a1bc-9e7a-11e4-bebb-c0143dc95576

Error: (01/16/2015 11:17:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: StarChart.exe0.0.0.0120c01d031da144c12c14294967295C:\Program Files\WindowsApps\EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66\StarChart.exe625991c0-9dcd-11e4-beba-c0143dc95576EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66App

Error: (01/16/2015 11:16:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: IDEA-PC)
Description: EscapistGamesLimited.StarChart_3.0.8.0_x64__bxnn6rhny0m66+App

Error: (01/16/2015 11:15:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206896c001d031d93a8f0ba94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2ec602f6-9dcd-11e4-beba-c0143dc95576microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/16/2015 11:09:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c72c01d031d90290ccfcC:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll456a753b-9dcc-11e4-beba-c0143dc95576

Error: (01/16/2015 07:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891ac401d031b92722101a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1b14f43b-9dad-11e4-beb9-c0143dc95576microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2015-01-17 20:39:10.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 20:39:10.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 20:14:47.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:54.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:54.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8057.77 MB
Available physical RAM: 5935.21 MB
Total Pagefile: 16761.77 MB
Available Pagefile: 14093.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:883.74 GB) (Free:792.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05BC0038)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 20.01.2015, 09:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Bitte ein Log mit MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 07:24   #5
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,

ich habe mbar.exe gedownloaded und Malwarebites nach Anweisung (mit Aktualisierung) gestartet. Dabei gab es eine Meldung ( ....dll wurde gefunden und es wurde gefragt, ob ich weitermachen oder abbrechen möchte. Ich habe weitermachen gewählt). Der Scan lief durch und es gab Funde. Das Clean up lief durch. Danach habe ich einen Neustart zugelassen. Ich habe den mbar Ordner auf meinem Desktop. Als ich dann auf diese Seite ins Internet wollte, hatte ich kein Internet-Zugang mehr, obwohl entsprechendes in der Taskleiste angezeigt wurde. Ich bin nun von einem anderen Rechner mit dem identischen LAN-Kabel im Netz. Ich habe auch im Task Manager und in der Systemsteuerung geschaut, ob die Malware-Programme vorhanden sind - ja (ich habe nichts gelöscht, nur geschaut!). Ich habe probiert Malwarebytes nochmal zu starten, aber es gab einen DNS Fehler (Update ist ohne Internet nicht möglich). Ich habe trotzdem einen zweiten Scan gestartet. Dabei habe ich auf die Dateien geachtet, die gescannt werden. Als dann eine Datei, die im ersten Scan als "Fund" identifiziert wurde nun nicht mehr als solche identifiziert wurde, habe ich abgebrochen.
Nun bin ich ein wenig aufgeschmissen...
Kein Internet-Zugang auf dem infizierten Rechner, immernoch die Schadprogramme auf dem Rechner und keine Idee, was ich machen kann.
Kann ich die Files, die ihr braucht um mir zu helfen mit einem Stick vom infizierten Rechner auf diesen Rechner kopieren? Wie kann ich nun Malwarebytes nochmal laufen lassen?

Danke für eure Hilfe

Kay


Alt 21.01.2015, 09:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Ohne das Logfile kann dir niemand auch nur irgendwas dazu sagen...
__________________
--> Zombie Invasion eingefangen

Alt 21.01.2015, 22:55   #7
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,
anbei das logfile
Gruß

Gusi

[CODE]
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.01.20.10
rootkit: v2015.01.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Lenovo :: IDEA-PC [administrator]

20.01.2015 21:44:49
mbar-log-2015-01-20 (21-44-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 361835
Time elapsed: 13 minute(s), 51 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Flwsrf\abengine.exe (Trojan.Agent) -> 1952 -> Delete on reboot. [426817e2fc8dfa3ce54fa1683bc7728e]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\abengine (Trojan.Agent) -> Delete on reboot. [426817e2fc8dfa3ce54fa1683bc7728e]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Program Files (x86)\Flwsrf\abengine.exe (Trojan.Agent) -> Delete on reboot. [426817e2fc8dfa3ce54fa1683bc7728e]
C:\Program Files (x86)\Flwsrf\abengine.dll (Trojan.Proxy) -> Delete on reboot. [e7c39762d8b1ad89bb7e0108f40ef808]
C:\Program Files (x86)\Flwsrf\abenginep.exe (Trojan.Agent) -> Delete on reboot. [baf0fbfee0a9a195fd379b6ea75b1ce4]
C:\Program Files (x86)\Flwsrf\abenginew.exe (Trojan.Agent) -> Delete on reboot. [b0faf10880094aec5fd534d55aa851af]
C:\Program Files (x86)\Flwsrf\abenginewd.dll (Trojan.Proxy) -> Delete on reboot. [5951d02992f70630ba800207da2827d9]
C:\Windows\SysWOW64\abengine.dll (Trojan.Proxy) -> Delete on reboot. [2b7fb8413e4be5511d1c22e780829769]
C:\Windows\SysWOW64\abengine.dll.bdb (Trojan.Proxy) -> Delete on reboot. [b4f6bb3e5633191d94a540c904fe60a0]
C:\Windows\SysWOW64\abengine.dll.rlwrgkr (Trojan.Proxy) -> Delete on reboot. [e3c7a653ec9d44f2e5541bee21e146ba]
C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[CODE]

Alt 21.01.2015, 23:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen






Falsche Proxy Einstellungen entfernen
  • Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
  • Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
    wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)





Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 23:31   #9
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,
ich habe da keinen Haken.
Soll ich den Rest trotzdem durchführen?
Dank und Gruß
Gusi

Alt 22.01.2015, 09:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Wenn kein Proxy drin ist, ist das doch gut. Dann einfach weitermachen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2015, 20:37   #11
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,
nach dem Suchlauf von AdwCleaner komme ich nun wieder vom infizierten Rechner ins Internet.
Die Ergebnisse:
AdwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 22/01/2015 um 20:06:35
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Local]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Lenovo - IDEA-PC
# Gestartet von : C:\Users\Lenovo\Desktop\adwcleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
Dienst Gelöscht : rcores
[#] Dienst Gelöscht : InjectorService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\1c2d7a9e00000880
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Flwsrf
Ordner Gelöscht : C:\Users\Lenovo\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Lenovo\AppData\Local\ZombieInvasion
Ordner Gelöscht : C:\Users\Lenovo\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Lenovo\AppData\Roaming\sweet-page
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\rcore.exe
Datei Gelöscht : C:\WINDOWS\SysWOW64\abengine.ini
Datei Gelöscht : C:\WINDOWS\SysWOW64\abengineOff.ini
Datei Gelöscht : C:\WINDOWS\System32\abengineOff.ini
Datei Gelöscht : C:\WINDOWS\System32\abengine64.dll

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\FlowSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flwsrf

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [714 octets] - [05/03/2014 19:13:08]
AdwCleaner[R1].txt - [7381 octets] - [22/01/2015 20:05:14]
AdwCleaner[S0].txt - [774 octets] - [05/03/2014 19:14:10]
AdwCleaner[S1].txt - [6596 octets] - [22/01/2015 20:06:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6656 octets] ##########
         
--- --- ---

[/CODE]

Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Lenovo on 22.01.2015 at 20:24:45,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\SPEEDUP_SOFT_PARTNER.TMP-C8E7F32E.pf



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browser"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.01.2015 at 20:26:27,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lenovo (administrator) on IDEA-PC on 22-01-2015 20:28:55
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available profiles: Lenovo)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Time Lapse Solutions) C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\ProgramData\Browser\prompt.exe
() C:\ProgramData\Browser\prompt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-09-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-09-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_107] => [X]
HKLM-x32\...\Run: [mbot_de_434] => [X]
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk -> C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-29]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PtLhhVMgweX; C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe [2734384 2015-01-17] (Time Lapse Solutions)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 20:28 - 2015-01-22 20:28 - 00006792 _____ () C:\Users\Lenovo\Desktop\AdwCleaner[S1].txt
2015-01-22 20:26 - 2015-01-22 20:26 - 00000759 _____ () C:\Users\Lenovo\Desktop\JRT.txt
2015-01-22 20:22 - 2015-01-22 20:25 - 00000000 ____D () C:\ProgramData\Browser
2015-01-22 20:22 - 2015-01-22 20:22 - 01707939 _____ (Thisisu) C:\Users\Lenovo\Desktop\JRT.exe
2015-01-22 20:19 - 2015-01-22 20:19 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\ZombieInvasion
2015-01-22 20:04 - 2015-01-22 20:07 - 02186752 _____ () C:\Users\Lenovo\Desktop\adwcleaner_4.108.exe
2015-01-20 21:44 - 2015-01-20 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-20 21:44 - 2015-01-20 22:26 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 21:43 - 2015-01-21 06:54 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-20 21:41 - 2015-01-21 06:54 - 00000000 ____D () C:\Users\Lenovo\Desktop\mbar
2015-01-20 21:41 - 2015-01-20 21:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Lenovo\Desktop\mbar-1.08.3.1004.exe
2015-01-19 21:27 - 2015-01-19 21:28 - 00031268 _____ () C:\Users\Lenovo\Desktop\Addition.txt
2015-01-19 21:26 - 2015-01-22 20:29 - 00000000 ____D () C:\FRST
2015-01-19 21:26 - 2015-01-22 20:28 - 00015903 _____ () C:\Users\Lenovo\Desktop\FRST.txt
2015-01-19 21:26 - 2015-01-19 21:26 - 02126848 _____ (Farbar) C:\Users\Lenovo\Desktop\FRST64.exe
2015-01-18 22:11 - 2015-01-18 22:11 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}
2015-01-17 23:04 - 2015-01-17 23:04 - 00003088 _____ () C:\WINDOWS\System32\Tasks\upfs7235
2015-01-17 21:04 - 2015-01-17 23:14 - 00000000 ____D () C:\ProgramData\WdZGDGSBB
2015-01-17 19:47 - 2015-01-20 22:20 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-17 19:47 - 2015-01-17 19:47 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\com
2015-01-17 19:45 - 2015-01-22 20:17 - 00001354 _____ () C:\WINDOWS\Tasks\SDPQ.job
2015-01-17 19:45 - 2015-01-17 19:45 - 02001888 _____ (MDplay+version) C:\Users\Lenovo\AppData\Roaming\SDPQ.exe
2015-01-17 19:45 - 2015-01-17 19:45 - 00004360 _____ () C:\WINDOWS\System32\Tasks\SDPQ
2015-01-17 19:45 - 2015-01-17 19:45 - 00002406 _____ () C:\WINDOWS\patsearch.bin
2015-01-14 19:17 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:17 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:17 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:17 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:17 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:17 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:17 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:17 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:17 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:17 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 23:24 - 2015-01-10 23:25 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-10 23:24 - 2015-01-10 23:24 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-01-10 23:24 - 2015-01-10 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-10 23:24 - 2014-12-16 20:01 - 00114872 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-12-26 16:19 - 2014-12-26 16:19 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 20:29 - 2014-06-11 16:13 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FB719F3-98F7-4FA1-A9DC-36B8CBECE281}
2015-01-22 20:27 - 2013-08-22 15:46 - 00354752 _____ () C:\WINDOWS\setupact.log
2015-01-22 20:24 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 20:24 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-22 20:24 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-22 20:22 - 2012-12-10 21:55 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4192971916-827652232-1351803540-1002
2015-01-22 20:17 - 2014-06-10 06:01 - 00000000 __RDO () C:\Users\Lenovo\OneDrive
2015-01-22 20:16 - 2014-03-18 02:50 - 00026242 _____ () C:\WINDOWS\PFRO.log
2015-01-22 20:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-22 20:08 - 2014-06-09 22:02 - 01531552 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-22 20:08 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-22 20:07 - 2014-03-05 19:12 - 00000000 ____D () C:\AdwCleaner
2015-01-22 20:07 - 2012-09-21 23:47 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-22 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-20 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 21:37 - 2013-01-03 15:08 - 00000000 ____D () C:\Users\Lenovo\Documents\Outlook-Dateien
2015-01-19 21:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-18 22:16 - 2013-01-13 12:41 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 22:15 - 2013-01-13 12:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-16 23:24 - 2013-01-03 22:02 - 00000000 ____D () C:\Users\Lenovo\Documents\Kay
2015-01-16 19:27 - 2013-08-21 17:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-16 19:20 - 2013-01-01 13:50 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 19:27 - 2014-06-13 16:56 - 00002055 _____ () C:\WINDOWS\SecuniaPackage.log
2015-01-06 01:08 - 2014-12-12 21:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-06 01:08 - 2014-11-12 22:53 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-31 12:14 - 2013-01-01 13:23 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Lenovo\AppData\Roaming\SDPQ
2015-01-17 19:45 - 2015-01-17 19:45 - 2001888 _____ (MDplay+version) C:\Users\Lenovo\AppData\Roaming\SDPQ.exe
2013-01-20 13:17 - 2013-01-20 13:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-21 23:26 - 2012-09-21 23:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll
C:\Users\Lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-21 07:05

==================== End Of Log ============================
         
--- --- ---


Vielen Dank für die Hilfe
Gusi

Alt 22.01.2015, 20:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.01.2015, 21:23   #13
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,
hier der aktuelle Scan und die Addition:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Lenovo (administrator) on IDEA-PC on 23-01-2015 21:17:12
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available profiles: Lenovo)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Time Lapse Solutions) C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA5917.tmp
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-09-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-09-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_107] => [X]
HKLM-x32\...\Run: [mbot_de_434] => [X]
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart Plus B210 series.lnk -> C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-29]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PtLhhVMgweX; C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe [2734384 2015-01-17] (Time Lapse Solutions)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 20:33 - 2015-01-22 20:33 - 00000000 ____D () C:\ZombieInvasion
2015-01-22 20:28 - 2015-01-22 20:28 - 00006792 _____ () C:\Users\Lenovo\Desktop\AdwCleaner[S1].txt
2015-01-22 20:26 - 2015-01-22 20:26 - 00000759 _____ () C:\Users\Lenovo\Desktop\JRT.txt
2015-01-22 20:22 - 2015-01-23 21:00 - 00000000 ____D () C:\ProgramData\Browser
2015-01-22 20:22 - 2015-01-22 20:22 - 01707939 _____ (Thisisu) C:\Users\Lenovo\Desktop\JRT.exe
2015-01-22 20:19 - 2015-01-22 20:19 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\ZombieInvasion
2015-01-22 20:04 - 2015-01-22 20:07 - 02186752 _____ () C:\Users\Lenovo\Desktop\adwcleaner_4.108.exe
2015-01-20 21:44 - 2015-01-20 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-20 21:44 - 2015-01-20 22:26 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 21:43 - 2015-01-21 06:54 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-20 21:41 - 2015-01-21 06:54 - 00000000 ____D () C:\Users\Lenovo\Desktop\mbar
2015-01-20 21:41 - 2015-01-20 21:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Lenovo\Desktop\mbar-1.08.3.1004.exe
2015-01-19 21:27 - 2015-01-19 21:28 - 00031268 _____ () C:\Users\Lenovo\Desktop\Addition.txt
2015-01-19 21:26 - 2015-01-23 21:17 - 00015935 _____ () C:\Users\Lenovo\Desktop\FRST.txt
2015-01-19 21:26 - 2015-01-23 21:17 - 00000000 ____D () C:\FRST
2015-01-19 21:26 - 2015-01-19 21:26 - 02126848 _____ (Farbar) C:\Users\Lenovo\Desktop\FRST64.exe
2015-01-18 22:11 - 2015-01-18 22:11 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}
2015-01-17 23:04 - 2015-01-17 23:04 - 00003088 _____ () C:\WINDOWS\System32\Tasks\upfs7235
2015-01-17 21:04 - 2015-01-17 23:14 - 00000000 ____D () C:\ProgramData\WdZGDGSBB
2015-01-17 19:47 - 2015-01-20 22:20 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-17 19:47 - 2015-01-17 19:47 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\com
2015-01-17 19:45 - 2015-01-17 19:45 - 00002406 _____ () C:\WINDOWS\patsearch.bin
2015-01-14 19:17 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:17 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:17 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:17 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:17 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:17 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:17 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:17 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:17 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:17 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:17 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:17 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:17 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:17 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:17 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:17 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:17 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 23:24 - 2015-01-10 23:25 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-10 23:24 - 2015-01-10 23:24 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-01-10 23:24 - 2015-01-10 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-10 23:24 - 2014-12-16 20:01 - 00114872 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-12-26 16:19 - 2014-12-26 16:19 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 21:16 - 2014-06-09 22:02 - 01694135 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-23 21:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 21:14 - 2012-12-10 21:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4192971916-827652232-1351803540-1002
2015-01-23 21:12 - 2013-08-22 15:46 - 00354901 _____ () C:\WINDOWS\setupact.log
2015-01-23 21:06 - 2014-06-11 16:13 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FB719F3-98F7-4FA1-A9DC-36B8CBECE281}
2015-01-23 21:05 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-23 21:05 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-23 21:05 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-23 21:02 - 2014-06-10 06:01 - 00000000 __RDO () C:\Users\Lenovo\OneDrive
2015-01-23 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-23 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-22 20:16 - 2014-03-18 02:50 - 00026242 _____ () C:\WINDOWS\PFRO.log
2015-01-22 20:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-22 20:08 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-22 20:07 - 2014-03-05 19:12 - 00000000 ____D () C:\AdwCleaner
2015-01-22 20:07 - 2012-09-21 23:47 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-20 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 22:32 - 2014-12-12 21:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 22:32 - 2014-11-12 22:53 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 21:37 - 2013-01-03 15:08 - 00000000 ____D () C:\Users\Lenovo\Documents\Outlook-Dateien
2015-01-18 22:16 - 2013-01-13 12:41 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 22:15 - 2013-01-13 12:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-16 23:24 - 2013-01-03 22:02 - 00000000 ____D () C:\Users\Lenovo\Documents\Kay
2015-01-16 19:27 - 2013-08-21 17:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 19:20 - 2013-01-01 13:50 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 19:27 - 2014-06-13 16:56 - 00002055 _____ () C:\WINDOWS\SecuniaPackage.log
2014-12-31 12:14 - 2013-01-01 13:23 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2013-01-20 13:17 - 2013-01-20 13:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-21 23:26 - 2012-09-21 23:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll
C:\Users\Lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-23 21:14

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Lenovo at 2015-01-23 21:18:04
Running from C:\Users\Lenovo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.15.45 - CyberViewX)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Hilfe (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1519 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OneKey Recovery (Version: 5.70.0000 - CyberLink Corp.) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.38 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.38 - Saal Digital Fotoservice GmbH) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.54 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4192971916-827652232-1351803540-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

28-12-2014 14:54:05 Geplanter Prüfpunkt
10-01-2015 14:20:10 Geplanter Prüfpunkt
16-01-2015 19:18:00 Windows Modules Installer
17-01-2015 19:48:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
18-01-2015 22:12:55 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
20-01-2015 22:14:55 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00F484E0-6D6E-4088-9892-AFCC3D38F9A8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {033833CA-1718-44FA-A117-A60D156EA7C0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1D43AE1F-7322-425F-B5E7-41618A92FA06} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {23CF9A36-30A1-400C-8E45-B276FB765B76} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {2AD2C5B0-ECC6-415D-A1D5-5EE73F6AA761} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {428E2899-2FAA-4221-A712-F0645E09626C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {4718AE03-E5D3-41F7-B991-ED2FAA33FD0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4E49186B-4687-4CFD-8499-EBA8277133E0} - System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E} => pcalua.exe -a C:\ProgramData\ZombieInvasion\uninstall.exe -c /kb=y /ic=1
Task: {68470D00-F7E8-4147-8FE6-B9B87976D11E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {83660DC7-0332-4490-92EC-56F8E3BFC966} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
Task: {BE5A4C5F-5868-4228-BE31-BD06B105A8D1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation)
Task: {D04B844F-63C2-42E2-9CC1-CC0C0F92FFE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FA01F1DC-AC5A-4A9F-A5FA-055A342D37C8} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 14:48 - 2012-08-26 14:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2014-04-19 19:01 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-09 22:02 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-25 18:25 - 2014-11-25 18:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-09-21 23:16 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-19 19:01 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Lenovo\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

========================= Accounts: ==========================

Administrator (S-1-5-21-4192971916-827652232-1351803540-500 - Administrator - Disabled)
Gast (S-1-5-21-4192971916-827652232-1351803540-501 - Limited - Disabled)
Lenovo (S-1-5-21-4192971916-827652232-1351803540-1002 - Administrator - Enabled) => C:\Users\Lenovo

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 08:39:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/22/2015 08:30:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1274

Startzeit: 01d03678332b928d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Berichts-ID: 27517ac7-a26c-11e4-bebe-c0143dc95576

Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoCompanion_2.2.15.0_x86__k1h2ywk1493x8

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/22/2015 08:39:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/22/2015 08:30:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384127401d03678332b928d4294967295C:\WINDOWS\syswow64\backgroundTaskHost.exe27517ac7-a26c-11e4-bebe-c0143dc95576E046963F.LenovoCompanion_2.2.15.0_x86__k1h2ywk1493x8App


CodeIntegrity Errors:
===================================
  Date: 2015-01-21 07:08:00.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 20:39:10.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 20:39:10.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 20:14:47.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:54.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:54.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 14:54:53.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8057.77 MB
Available physical RAM: 6017.97 MB
Total Pagefile: 9337.77 MB
Available Pagefile: 7341.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:883.74 GB) (Free:797.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05BC0038)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Vielen Dank

Alt 23.01.2015, 21:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_107] => [X]
HKLM-x32\...\Run: [mbot_de_434] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Task: {4E49186B-4687-4CFD-8499-EBA8277133E0} - System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E} => pcalua.exe -a C:\ProgramData\ZombieInvasion\uninstall.exe -c /kb=y /ic=1
Task: {83660DC7-0332-4490-92EC-56F8E3BFC966} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\PROGRA~2\Flwsrf
C:\ProgramData\ZombieInvasion
C:\ProgramData\Ament.ini
C:\ProgramData\DP45977C.lfl
C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}
C:\WINDOWS\System32\Tasks\upfs7235
C:\ProgramData\WdZGDGSBB
C:\Users\Public\Temp
C:\Users\Lenovo\AppData\Local\com
C:\WINDOWS\patsearch.bin
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll
C:\Users\Lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.01.2015, 22:48   #15
gusi
 
Zombie Invasion eingefangen - Standard

Zombie Invasion eingefangen



Hallo,

nach dem automatischen Neustart ist das fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Lenovo at 2015-01-23 22:24:00 Run:1
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available profiles: Lenovo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_107] => [X]
HKLM-x32\...\Run: [mbot_de_434] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-4192971916-827652232-1351803540-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Task: {4E49186B-4687-4CFD-8499-EBA8277133E0} - System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E} => pcalua.exe -a C:\ProgramData\ZombieInvasion\uninstall.exe -c /kb=y /ic=1
Task: {83660DC7-0332-4490-92EC-56F8E3BFC966} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\PROGRA~2\Flwsrf
C:\ProgramData\ZombieInvasion
C:\ProgramData\Ament.ini
C:\ProgramData\DP45977C.lfl
C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}
C:\WINDOWS\System32\Tasks\upfs7235
C:\ProgramData\WdZGDGSBB
C:\Users\Public\Temp
C:\Users\Lenovo\AppData\Local\com
C:\WINDOWS\patsearch.bin
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll
C:\Users\Lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe
EmptyTemp:
Hosts:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_de_107 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_de_434 => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4192971916-827652232-1351803540-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E49186B-4687-4CFD-8499-EBA8277133E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E49186B-4687-4CFD-8499-EBA8277133E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{315EA03D-617E-4611-AF53-F48FDA69767E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83660DC7-0332-4490-92EC-56F8E3BFC966}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83660DC7-0332-4490-92EC-56F8E3BFC966}" => Key deleted successfully.
C:\Windows\System32\Tasks\upfs7235 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\PROGRA~2\Flwsrf" => File/Directory not found.
"C:\ProgramData\ZombieInvasion" => File/Directory not found.
C:\ProgramData\Ament.ini => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
"C:\WINDOWS\System32\Tasks\{315EA03D-617E-4611-AF53-F48FDA69767E}" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\upfs7235" => File/Directory not found.

"C:\ProgramData\WdZGDGSBB" directory move:

Could not move "C:\ProgramData\WdZGDGSBB\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.dat" => Scheduled to move on reboot.
C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe => Moved successfully.
C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.exe.config => Moved successfully.
Could not move "C:\ProgramData\WdZGDGSBB\dat\pnLmfTqWN.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\dat\RLnOuwVI.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\dat\RLnOuwVI.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\dat\unWOVyWxDaQ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\dat\unWOVyWxDaQ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB\dat\ZNxazx.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WdZGDGSBB" directory. => Scheduled to move on reboot.

C:\Users\Public\Temp => Moved successfully.
C:\Users\Lenovo\AppData\Local\com => Moved successfully.
C:\WINDOWS\patsearch.bin => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.dll => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\8B8F0AC6-C419-CD3D-B246-78D5F911401C.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\amiupdater2315.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\D7800A9D-BFFF-9F7D-F500-B04588F53619.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\Launcher__10272.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\setup_337.exe => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1014.2 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-23 22:27:47)<=

C:\ProgramData\WdZGDGSBB\info.dat => Is moved successfully.
C:\ProgramData\WdZGDGSBB\PtLhhVMgweX.dat => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\pnLmfTqWN.dll => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\RLnOuwVI.exe => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\RLnOuwVI.exe.config => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\unWOVyWxDaQ.exe => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\unWOVyWxDaQ.exe.config => Is moved successfully.
C:\ProgramData\WdZGDGSBB\dat\ZNxazx.dll => Is moved successfully.
C:\ProgramData\WdZGDGSBB => Is moved successfully.

==== End of Fixlog 22:27:47 ====
         

Antwort

Themen zu Zombie Invasion eingefangen
adware, adware?, eingefangen, gefangen, gen, zombie, zombie invasion



Ähnliche Themen: Zombie Invasion eingefangen


  1. Windows 8.1 (64-Bit): Zombie Invasion kann nicht deinstalliert werden
    Plagegeister aller Art und deren Bekämpfung - 28.06.2015 (18)
  2. Popup Invasion im Jedem Browser und bei Steam
    Log-Analyse und Auswertung - 08.06.2015 (8)
  3. Programm Zombie Invasion lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (20)
  4. Zombie news
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (7)
  5. Windows7 und Zombie Invasion
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (15)
  6. Zombie News
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (8)
  7. Zombie Invasion lässt sich nicht deinstallieren / löschen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2015 (17)
  8. Invasion diverser Trojaner Gibt es noch Hoffnung?
    Log-Analyse und Auswertung - 03.05.2014 (6)
  9. Probleme nach Virus Invasion
    Log-Analyse und Auswertung - 11.03.2014 (11)
  10. Trojaner Invasion und andere fiese Viren!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (10)
  11. Botnetz zombie ?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (35)
  12. Rootkit-Invasion? Antimalware? H8SRT? Logfile-Analyse
    Log-Analyse und Auswertung - 21.01.2010 (14)
  13. Virus Invasion! Schnelle Hilfe bitte!! :/
    Log-Analyse und Auswertung - 10.10.2009 (6)
  14. zombie?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (1)
  15. Zombie in der Domain?
    Überwachung, Datenschutz und Spam - 16.05.2007 (2)
  16. win.tmp & Vmundo-Invasion...Brauche HILFE.dringend.
    Log-Analyse und Auswertung - 24.01.2007 (6)
  17. Invasion von sys-Dateien
    Log-Analyse und Auswertung - 16.08.2006 (4)

Zum Thema Zombie Invasion eingefangen - Hallo, ich habe mir Zombie Invasion eingefangen (Adware?) und bekomme es nicht deinstalliert. Wie werde ich den Quälgeist wieder los? Danke Kay - Zombie Invasion eingefangen...
Archiv
Du betrachtest: Zombie Invasion eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.