Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop wird immer langsamer (https://www.trojaner-board.de/161125-laptop-immer-langsamer.html)

Angelsshadow 23.11.2014 20:51
Laptop wird immer langsamer
 
Hallöchen alle miteinander,

leider hat "es" mich mal wieder erwischt: mein Lappi, "hakt" beim Schreiben und braucht immer länger...

Win7, 64bit System, AMD E Prozessor 350, 1,60Ghz

erbitte Hilfe!

DANKE

schrauber 23.11.2014 20:53
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Angelsshadow 23.11.2014 21:11

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by Lenovo (administrator) on LENOVO-PC on 23-11-2014 20:56:43
Running from C:\Users\Lenovo\Downloads
Loaded Profile: Lenovo (Available profiles: Lenovo)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Lenovo\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9744800 2013-11-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5399456 2013-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2013-11-18] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {648be53f-06f7-11e4-b16f-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {648be558-06f7-11e4-b16f-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {83bcc16d-04fd-11e4-a849-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {83bcc176-04fd-11e4-a849-74de2b03ec9f} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-769514679-1109052257-2407649337-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKLM -> {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> DefaultScope {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> {B5C61855-198C-4E5C-97A6-A1096B6D6CC2} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Websuche
FF Homepage: hxxp://go.web.de/tb/mff_startpage_homepage
FF Keyword.URL: hxxp://url24.info/?id=5225w0021d2309&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\webde-suche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-07-27]
FF Extension: WEB.DE MailCheck - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\toolbar@web.de [2014-10-28]
FF Extension: YouTube MP3 Easy Downloader - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\youtube-mp3-easy-downloader@devbro.com [2014-07-01]
FF Extension: Cliqz Beta - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\cliqz@cliqz.com.xpi [2014-11-18]
FF Extension: YouTube Downloader and Converter - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3775}.xpi [2014-07-01]
FF Extension: Adblock Plus - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-01]
FF HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google-Suche) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-07-09] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Lenovo\AppData\Local\Temp\ALSysIO64.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath
S3 UXDCMN; \??\E:\Windows-Test\Benchmark-Test\Winstress\Winstreß-1\UXDCMN.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 20:56 - 2014-11-23 20:56 - 02118144 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64(1).exe
2014-11-22 21:36 - 2014-11-22 21:36 - 00000000 ____D () C:\windows\system32\SPReview
2014-11-18 16:12 - 2014-11-18 16:12 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\TomTom
2014-11-18 16:12 - 2014-11-18 16:12 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\TomTom
2014-11-18 16:08 - 2014-11-18 16:08 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Downloaded Installations
2014-11-18 16:07 - 2014-11-18 16:07 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Cliqz
2014-11-18 16:07 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\windows\SysWOW64\dhRichClient3.dll
2014-11-18 16:07 - 2011-03-25 19:42 - 00338432 _____ () C:\windows\SysWOW64\sqlite36_engine.dll
2014-11-11 20:23 - 2014-11-05 03:48 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 20:23 - 2014-11-05 03:47 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 20:23 - 2014-11-05 03:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 20:22 - 2014-11-11 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 08:45 - 2014-11-06 08:51 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-05 08:45 - 2014-11-05 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-05 08:45 - 2014-11-05 08:45 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-11-05 08:43 - 2011-04-18 18:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMIXE.DLL
2014-11-05 08:43 - 2011-03-13 18:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BIXE.DLL
2014-11-05 08:43 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-11-02 09:54 - 2014-11-02 10:06 - 00009412 _____ () C:\Users\Lenovo\Desktop\Mitglieder und RB-Liste ab Nov.2014.ods
2014-10-30 20:50 - 2014-10-30 20:58 - 00015407 _____ () C:\Users\Lenovo\Desktop\aktuelle kalkulation.ods
2014-10-29 21:03 - 2014-10-29 21:03 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-10-25 18:49 - 2014-10-25 18:49 - 330069058 _____ () C:\Users\Lenovo\Documents\Export Registery.reg
2014-10-24 10:20 - 2014-10-24 10:20 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 20:56 - 2014-10-19 20:18 - 00015850 _____ () C:\Users\Lenovo\Downloads\FRST.txt
2014-11-23 20:56 - 2014-10-19 20:18 - 00000000 ____D () C:\FRST
2014-11-23 20:55 - 2009-07-14 05:45 - 00019296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 20:55 - 2009-07-14 05:45 - 00019296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 20:26 - 2014-07-03 21:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 20:19 - 2013-11-18 20:26 - 00654166 _____ () C:\windows\system32\perfh007.dat
2014-11-23 20:19 - 2013-11-18 20:26 - 00130006 _____ () C:\windows\system32\perfc007.dat
2014-11-23 20:19 - 2009-07-14 06:13 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-23 20:12 - 2014-07-01 22:02 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 20:07 - 2014-07-12 20:38 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 18:03 - 2013-11-18 13:59 - 00100137 _____ () C:\windows\system32\fastboot.set
2014-11-23 18:03 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-23 18:03 - 2009-07-14 05:51 - 00054623 _____ () C:\windows\setupact.log
2014-11-23 11:15 - 2013-11-18 13:11 - 01309224 _____ () C:\windows\WindowsUpdate.log
2014-11-23 10:20 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-19 20:26 - 2014-07-03 21:10 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-19 20:26 - 2014-07-03 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-19 20:23 - 2014-08-16 19:25 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\AVG
2014-11-18 16:17 - 2014-06-26 13:07 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\VirtualStore
2014-11-14 21:07 - 2014-07-01 22:02 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 21:07 - 2014-07-01 22:02 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 21:07 - 2014-07-01 22:02 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 05:07 - 2014-07-12 20:38 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 05:07 - 2014-07-12 20:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 05:07 - 2014-07-12 20:38 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 04:47 - 2014-07-01 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 23:49 - 2014-07-11 21:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-11 23:47 - 2014-07-03 08:27 - 00000000 ____D () C:\windows\system32\MRT
2014-11-11 23:41 - 2014-07-03 08:27 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 20:10 - 2014-07-09 00:27 - 03105493 _____ () C:\windows\system32\PsBoot.log
2014-11-11 20:10 - 2014-07-09 00:27 - 00434892 _____ () C:\windows\system32\defragLog.log
2014-11-03 20:25 - 2014-10-19 18:50 - 00019771 _____ () C:\Users\Lenovo\Desktop\EinAusÜber2013.ods
2014-10-26 00:25 - 2014-07-02 21:29 - 00076492 _____ () C:\windows\PFRO.log
2014-10-26 00:25 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-25 19:00 - 2014-07-01 22:02 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Lenovo\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Lenovo\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Lenovo\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Lenovo\AppData\Local\Temp\tmd_34013443.exe
C:\Users\Lenovo\AppData\Local\Temp\tmd_34014416.exe
C:\Users\Lenovo\AppData\Local\Temp\tmd_34016673.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 10:15

==================== End Of Log ============================
--- --- ---
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014
Ran by Lenovo at 2014-11-23 21:07:45
Running from C:\Users\Lenovo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51129 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{9AEE3659-C7CE-D3E7-8161-0D616D9EB260}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
ccc-core-static (x32 Version: 2010.1129.1139.20817 - Ihr Firmenname) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.46.0.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)
Energy Management (x32 Version: 6.0.1.5 - Lenovo) Hidden
EPSON WF-2510 Series Printer Uninstall (HKLM\...\EPSON WF-2510 Series) (Version:  - SEIKO EPSON Corporation)
Finanzplan in Excel Version 3.4.01 (HKLM-x32\...\Finanzplan in Excel Version 3.4.01) (Version:  - )
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2318.52 - CyberLink Corp.)
Lenovo PowerDVD 10 (x32 Version: 10.0.2318.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-11-2014 20:26:32 Windows 7 Service Pack 1
22-11-2014 04:13:48 Windows Update
22-11-2014 20:34:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23674013-88E5-45D4-A2B5-A655674E156F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {2AFFD52E-C42F-41A8-9EDA-0423816C88A3} - System32\Tasks\{D097163A-2641-473B-B412-5397244222FE} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {4018C235-F8AE-4C06-87B4-714DAE978277} - System32\Tasks\{6C202DA7-C54F-4D1F-BD32-EC694C239E5F} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {435F61F6-0F32-4B1B-9F97-71AD608DFEF0} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {44F34913-F010-4EA2-B54D-E5E202A483D2} - System32\Tasks\{157A9376-874E-417F-911F-2803682C1548} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {5B3FA0D1-085D-4BD0-BCFF-DAE2E26E806B} - System32\Tasks\{25CEFDF2-C509-4A6A-9EAE-CB571FE0C690} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {5D78883D-A503-4079-95A8-0F5891BB8D28} - System32\Tasks\{3376859B-0685-4D58-BB5C-FDBF4F6F5CC0} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {608BAB3A-5659-46C6-96B3-FC53934ED0D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {6B5EF4BE-B91E-4BF1-8D49-A6F70D1BCBA9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {898A20AE-AA8B-41C1-AB86-DA199585B4E0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-769514679-1109052257-2407649337-1001
Task: {9D08A123-7CEA-453C-8269-93AB8C345FDD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {A4CA8BE1-A8D7-4020-8454-0267D475663F} - System32\Tasks\{EEBA94A2-B14B-4F57-B70A-1FEA4EEACF0E} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {D5501425-52F3-4EEC-8051-074FDFB59D2E} - System32\Tasks\{175970EF-FE53-486C-A2C7-435E0AEB8D19} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: {E1009A2D-73B6-4D42-B9EA-00DB75E720F5} - System32\Tasks\{49D9D90C-F89E-4DF3-AC00-2F3F4CBA954C} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2014-07-09] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-09 11:36 - 2014-07-09 11:36 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2008-12-20 04:20 - 2013-11-18 13:57 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2013-11-18 13:57 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-09 11:36 - 2014-07-09 11:36 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2010-11-29 12:50 - 2010-11-29 12:50 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-29 12:50 - 2010-11-29 12:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-11 20:22 - 2014-11-11 20:22 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-769514679-1109052257-2407649337-500 - Administrator - Disabled)
Gast (S-1-5-21-769514679-1109052257-2407649337-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-769514679-1109052257-2407649337-1003 - Limited - Enabled)
Lenovo (S-1-5-21-769514679-1109052257-2407649337-1001 - Administrator - Enabled) => C:\Users\Lenovo

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 09:26:34 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/14/2014 10:03:25 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/05/2014 00:11:35 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/04/2014 00:49:18 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (09/28/2014 04:57:10 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (09/09/2014 07:07:35 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...).


Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/25/2014 09:12:46 PM) (Source: MsiInstaller) (EventID: 1023) (User: Lenovo-PC)
Description: Produkt: AVG PC TuneUp 2014 - Update "TuneUp Utilities 14.0.1001.519" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei  enthalten.

Error: (08/25/2014 09:12:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lenovo-PC)
Description: Produkt: AVG PC TuneUp 2014 -- Fehler 1706. Ein Installationspaket des Produkts AVG PC TuneUp 2014 konnte nicht gefunden werden. Wiederholen Sie die Installation unter Verwendung einer gültigen Kopie des Installationspakets "{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi".

Error: (08/12/2014 07:38:17 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (08/07/2014 02:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022360
ID des fehlerhaften Prozesses: 0xd08
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3


System errors:
=============
Error: (11/23/2014 10:24:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/22/2014 09:36:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/22/2014 05:15:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/21/2014 09:27:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/21/2014 08:30:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/20/2014 08:29:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/20/2014 08:29:15 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: NT-AUTORITÄT)
Description: Fehler bei der Service Pack-Installation. Fehlercode: 0x800f0829.

Error: (11/20/2014 08:29:15 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 6) (User: NT-AUTORITÄT)
Description: Das Service Pack kann nicht installiert werden, wenn der Computer im Akkubetrieb ausgeführt wird.

Error: (11/19/2014 11:18:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Error: (11/18/2014 08:48:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)


Microsoft Office Sessions:
=========================
Error: (11/21/2014 09:26:34 PM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/14/2014 10:03:25 PM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/05/2014 00:11:35 AM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/04/2014 00:49:18 AM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (09/28/2014 04:57:10 AM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (09/09/2014 07:07:35 AM) (Source: VSS) (EventID: 12305) (User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...)

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/25/2014 09:12:46 PM) (Source: MsiInstaller) (EventID: 1023) (User: Lenovo-PC)
Description: AVG PC TuneUp 2014TuneUp Utilities 14.0.1001.5191603(NULL)(NULL)

Error: (08/25/2014 09:12:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lenovo-PC)
Description: Produkt: AVG PC TuneUp 2014 -- Fehler 1706. Ein Installationspaket des Produkts AVG PC TuneUp 2014 konnte nicht gefunden werden. Wiederholen Sie die Installation unter Verwendung einer gültigen Kopie des Installationspakets "{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi".(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/12/2014 07:38:17 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (08/07/2014 02:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7600.169154ec49d10c000000500022360d0801cfb1e124e5e68dC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\windows\SysWOW64\ntdll.dllf5a6aac2-1dd5-11e4-8b56-b870f43d656a


CodeIntegrity Errors:
===================================
  Date: 2014-06-26 15:21:39.650
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows-Test\Benchmark-Test\Winstress\Winstreß-1\UXDCMN.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-26 15:21:39.611
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows-Test\Benchmark-Test\Winstress\Winstreß-1\UXDCMN.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 35%
Total physical RAM: 5738.9 MB
Available physical RAM: 3724.36 MB
Total Pagefile: 11475.94 MB
Available Pagefile: 9422.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:213.46 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F761340D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================
[/CODE]

schrauber 24.11.2014 18:09
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Angelsshadow 26.11.2014 04:01
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24.11.2014
Suchlauf-Zeit: 20:46:50
Logdatei: Verlaufsprotokoll.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.24.07
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Lenovo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315562
Verstrichene Zeit: 25 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-769514679-1109052257-2407649337-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [5740c57a3943cb6bd06ff94d24df6f91],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-769514679-1109052257-2407649337-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [f99e4ff0324ad85e1b21aad0c142f60a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-769514679-1109052257-2407649337-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [98ff95aad0ac95a1fb74246c48bc837d],

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-769514679-1109052257-2407649337-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0N2X1N, In Quarantäne, [98ff95aad0ac95a1fb74246c48bc837d]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 21:14:23
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Lenovo - LENOVO-PC
# Gestartet von : C:\Users\Lenovo\Downloads\AdwCleaner_4.102.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v33.1 (x86 de)

[n4jqa81g.default] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[n4jqa81g.default] - Zeile gefunden : user_pref("extensions.unitedinternet.original.browser.startup.homepage", "hxxp://url24.info/?id=5225w0021d2309");
[n4jqa81g.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://url24.info/?id=5225w0021d2309&q=");

-\\ Google Chrome v

[C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
[C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Startup_URLs] : hxxp://url24.info/?id=5225w0021d2309

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2757 octets] - [24/11/2014 21:14:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2817 octets] ##########
Code:
# AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 21:38:50
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Lenovo - LENOVO-PC
# Gestartet von : C:\Users\Lenovo\Downloads\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v33.1 (x86 de)

[n4jqa81g.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[n4jqa81g.default\prefs.js] - Zeile gelöscht : user_pref("extensions.unitedinternet.original.browser.startup.homepage", "hxxp://url24.info/?id=5225w0021d2309");
[n4jqa81g.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://url24.info/?id=5225w0021d2309&q=");

-\\ Google Chrome v

[C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
[C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://url24.info/?id=5225w0021d2309

-\\ Opera v0.0.0.0

[C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2917 octets] - [24/11/2014 21:14:23]
AdwCleaner[S0].txt - [2843 octets] - [24/11/2014 21:38:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2903 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Lenovo on 26.11.2014 at  3:45:42,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Lenovo\AppData\Roaming\mozilla\firefox\profiles\n4jqa81g.default\extensions\toolbar@web.de
Emptied folder: C:\Users\Lenovo\AppData\Roaming\mozilla\firefox\profiles\n4jqa81g.default\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2014 at  3:56:18,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by Lenovo (administrator) on LENOVO-PC on 26-11-2014 04:00:00
Running from C:\Users\Lenovo\Downloads
Loaded Profile: Lenovo (Available profiles: Lenovo)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Lenovo\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9744800 2013-11-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5399456 2013-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2013-11-18] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {648be53f-06f7-11e4-b16f-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {648be558-06f7-11e4-b16f-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {83bcc16d-04fd-11e4-a849-74de2b03ec9f} - E:\AutoRun.exe
HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\MountPoints2: {83bcc176-04fd-11e4-a849-74de2b03ec9f} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-769514679-1109052257-2407649337-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL =
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> DefaultScope {AE0D7087-65FA-42F6-87E7-0AD95F6BD9C7} URL =
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-769514679-1109052257-2407649337-1001 -> {B5C61855-198C-4E5C-97A6-A1096B6D6CC2} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Websuche
FF Homepage: hxxp://go.web.de/tb/mff_startpage_homepage
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\searchplugins\webde-suche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-07-27]
FF Extension: YouTube MP3 Easy Downloader - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\youtube-mp3-easy-downloader@devbro.com [2014-07-01]
FF Extension: Cliqz Beta - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\cliqz@cliqz.com.xpi [2014-11-18]
FF Extension: YouTube Downloader and Converter - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3775}.xpi [2014-07-01]
FF Extension: Adblock Plus - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-01]
FF HKU\S-1-5-21-769514679-1109052257-2407649337-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\n4jqa81g.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google-Suche) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-07-09] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-26] (Malwarebytes Corporation)
S3 ALSysIO; \??\C:\Users\Lenovo\AppData\Local\Temp\ALSysIO64.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath
S3 UXDCMN; \??\E:\Windows-Test\Benchmark-Test\Winstress\Winstreß-1\UXDCMN.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 03:56 - 2014-11-26 03:56 - 00000942 _____ () C:\Users\Lenovo\Desktop\JRT.txt
2014-11-26 03:45 - 2014-11-26 03:45 - 01707532 _____ (Thisisu) C:\Users\Lenovo\Downloads\JRT(1).exe
2014-11-26 03:45 - 2014-11-26 03:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-26 03:39 - 2014-11-26 03:39 - 00001971 _____ () C:\Users\Lenovo\Desktop\Verlaufsprotokoll.txt
2014-11-25 20:19 - 2014-11-25 20:19 - 00000000 ____D () C:\windows\system32\SPReview
2014-11-25 19:35 - 2014-11-26 03:02 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\65636CBD.sys
2014-11-24 21:14 - 2014-11-26 03:46 - 00000000 ____D () C:\AdwCleaner
2014-11-24 20:49 - 2014-11-24 20:49 - 02148864 _____ () C:\Users\Lenovo\Downloads\AdwCleaner_4.102.exe
2014-11-24 20:46 - 2014-11-26 03:02 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 20:45 - 2014-11-24 20:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 20:45 - 2014-11-24 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 20:45 - 2014-11-24 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 20:45 - 2014-11-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 20:45 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-24 20:45 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-24 20:45 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-24 20:43 - 2014-11-24 20:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lenovo\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-23 20:56 - 2014-11-23 20:56 - 02118144 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64(1).exe
2014-11-18 16:12 - 2014-11-18 16:12 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\TomTom
2014-11-18 16:12 - 2014-11-18 16:12 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\TomTom
2014-11-18 16:08 - 2014-11-18 16:08 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Downloaded Installations
2014-11-18 16:07 - 2014-11-18 16:07 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Cliqz
2014-11-18 16:07 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\windows\SysWOW64\dhRichClient3.dll
2014-11-18 16:07 - 2011-03-25 19:42 - 00338432 _____ () C:\windows\SysWOW64\sqlite36_engine.dll
2014-11-11 20:23 - 2014-11-05 03:48 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 20:23 - 2014-11-05 03:47 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 20:23 - 2014-11-05 03:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 20:22 - 2014-11-11 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 08:45 - 2014-11-06 08:51 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-05 08:45 - 2014-11-05 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-05 08:45 - 2014-11-05 08:45 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-11-05 08:43 - 2011-04-18 18:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMIXE.DLL
2014-11-05 08:43 - 2011-03-13 18:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BIXE.DLL
2014-11-05 08:43 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-11-02 09:54 - 2014-11-02 10:06 - 00009412 _____ () C:\Users\Lenovo\Desktop\Mitglieder und RB-Liste ab Nov.2014.ods
2014-10-30 20:50 - 2014-10-30 20:58 - 00015407 _____ () C:\Users\Lenovo\Desktop\aktuelle kalkulation.ods
2014-10-29 21:03 - 2014-10-29 21:03 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 04:00 - 2014-10-19 20:18 - 00014894 _____ () C:\Users\Lenovo\Downloads\FRST.txt
2014-11-26 04:00 - 2014-10-19 20:18 - 00000000 ____D () C:\FRST
2014-11-26 03:22 - 2013-11-18 13:11 - 01421188 _____ () C:\windows\WindowsUpdate.log
2014-11-26 03:13 - 2014-07-01 22:02 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 03:08 - 2014-07-12 20:38 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 03:08 - 2009-07-14 05:45 - 00019296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:08 - 2009-07-14 05:45 - 00019296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:07 - 2014-07-12 20:38 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 03:07 - 2014-07-12 20:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:07 - 2014-07-12 20:38 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 03:04 - 2014-07-03 21:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-26 03:01 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-26 03:00 - 2013-11-18 13:59 - 00384087 _____ () C:\windows\system32\fastboot.set
2014-11-26 02:59 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-26 02:59 - 2009-07-14 05:51 - 00054847 _____ () C:\windows\setupact.log
2014-11-24 21:47 - 2013-11-18 20:26 - 00654166 _____ () C:\windows\system32\perfh007.dat
2014-11-24 21:47 - 2013-11-18 20:26 - 00130006 _____ () C:\windows\system32\perfc007.dat
2014-11-24 21:47 - 2009-07-14 06:13 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 21:40 - 2014-07-02 21:29 - 00077082 _____ () C:\windows\PFRO.log
2014-11-23 21:10 - 2014-10-19 20:19 - 00024800 _____ () C:\Users\Lenovo\Downloads\Addition.txt
2014-11-19 20:26 - 2014-07-03 21:10 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-19 20:26 - 2014-07-03 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-19 20:23 - 2014-08-16 19:25 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\AVG
2014-11-18 16:17 - 2014-06-26 13:07 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\VirtualStore
2014-11-14 21:07 - 2014-07-01 22:02 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 21:07 - 2014-07-01 22:02 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 21:07 - 2014-07-01 22:02 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 04:47 - 2014-07-01 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 23:49 - 2014-07-11 21:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-11 23:47 - 2014-07-03 08:27 - 00000000 ____D () C:\windows\system32\MRT
2014-11-11 23:41 - 2014-07-03 08:27 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 20:10 - 2014-07-09 00:27 - 03105493 _____ () C:\windows\system32\PsBoot.log
2014-11-11 20:10 - 2014-07-09 00:27 - 00434892 _____ () C:\windows\system32\defragLog.log
2014-11-03 20:25 - 2014-10-19 18:50 - 00019771 _____ () C:\Users\Lenovo\Desktop\EinAusÜber2013.ods

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Lenovo\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Lenovo\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Lenovo\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Lenovo\AppData\Local\Temp\tmd_34013443.exe
C:\Users\Lenovo\AppData\Local\Temp\tmd_34014416.exe
C:\Users\Lenovo\AppData\Local\Temp\tmd_34016673.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 10:15

==================== End Of Log ============================
--- --- ---

--- --- ---
][/CODE]

schrauber 26.11.2014 21:40

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:18 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129