chatzum loswerden wie?

law · 27.08.2013, 23:48

Seit einiger Zeit hab ich gemerkt das sich chatzum bei mir eingeschlichen hat.
Jetzt weiß ich nicht genau was ich machen soll wäre nett wenn ihr mir helfen würdet

aharonov · 27.08.2013, 23:55

Hi,

ich brauch zuerst mal ein Log..

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

law · 28.08.2013, 00:40

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by M (administrator) on 28-08-2013 01:32:20
Running from C:\Users\M\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1601488 2013-08-20] (APN)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-29] (Google Inc.)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=82431C4BD6658EAB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=1308071172
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1308071172&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1308071172&q={searchTerms}
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1308071172&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=82431C4BD6658EAB
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1308071172&q={searchTerms}
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
BHO: XBTBPos00 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChatZum Toolbar\tbunsu569F.tmp\tbcore3.dll ()
Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - ChatZum Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\ChatZum Toolbar\tbunsu569F.tmp\tbcore3.dll ()
Toolbar: HKCU -ChatZum Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\ChatZum Toolbar\tbunsu569F.tmp\tbcore3.dll ()
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\M\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\M\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\M\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp\21.51087_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\M\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\M\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\M\AppData\Local\Wajam\Chrome\wajam.crx
CHR StartMenuInternet: Google Chrome - C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-20] (APN LLC.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-08-13] ()
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-04-04] (Wajam)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-28] (Avira GmbH)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 01:21 - 2013-08-28 01:21 - 01072975 _____ (Farbar) C:\Users\M\Downloads\FRST.exe
2013-08-26 23:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-26 23:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-26 23:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-26 23:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-26 23:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-26 23:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-26 23:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-26 23:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-26 22:23 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-26 22:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-26 22:22 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-26 22:22 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-26 22:22 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-26 22:22 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-26 22:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-26 22:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-26 22:20 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-25 21:04 - 2013-08-25 21:04 - 00000000 ____D C:\_OTL
2013-08-25 20:54 - 2013-08-25 20:58 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:16 - 2013-08-27 23:45 - 00000840 _____ C:\Windows\setupact.log
2013-08-25 10:16 - 2013-08-25 10:16 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-08-28 01:32 - 2013-08-28 01:32 - 00000000 ____D C:\FRST
2013-08-28 01:24 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:24 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:21 - 2013-08-28 01:21 - 01072975 _____ (Farbar) C:\Users\M\Downloads\FRST.exe
2013-08-28 01:17 - 2013-03-12 21:36 - 01149950 _____ C:\Windows\WindowsUpdate.log
2013-08-28 01:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-28 01:09 - 2012-08-19 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 01:01 - 2013-04-02 01:29 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 00:50 - 2012-11-29 21:25 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000UA.job
2013-08-28 00:02 - 2012-06-12 21:04 - 00000000 ____D C:\Users\M\AppData\Roaming\Skype
2013-08-27 23:45 - 2013-08-25 10:16 - 00000840 _____ C:\Windows\setupact.log
2013-08-27 23:45 - 2012-06-12 18:24 - 00000000 ____D C:\Users\M\AppData\Local\PMB Files
2013-08-27 23:45 - 2012-06-12 18:24 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-27 20:31 - 2013-04-02 01:29 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-27 20:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 13:50 - 2012-11-29 21:25 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000Core.job
2013-08-27 01:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-26 23:25 - 2013-07-15 16:45 - 00001006 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-26 23:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-26 23:17 - 2013-07-11 21:51 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 23:08 - 2012-06-14 23:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-26 23:06 - 2012-06-12 17:25 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 19:53 - 2012-06-12 18:32 - 00002310 _____ C:\Users\M\Desktop\Google Chrome.lnk
2013-08-26 19:05 - 2012-06-12 18:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-26 19:05 - 2012-06-12 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-26 18:54 - 2013-07-15 16:42 - 00000000 ____D C:\Program Files\Hotspot Shield
2013-08-26 18:54 - 2012-06-12 17:16 - 00000000 ____D C:\Users\M
2013-08-26 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-26 18:52 - 2012-06-12 18:29 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-26 18:51 - 2013-07-15 16:42 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-26 18:51 - 2013-04-08 14:34 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-08-26 18:51 - 2013-04-08 14:33 - 00000000 ____D C:\Program Files\Wajam
2013-08-26 18:51 - 2013-03-22 17:51 - 00000000 ____D C:\Program Files\ChatZum Toolbar
2013-08-26 18:51 - 2012-09-07 20:43 - 00000000 ____D C:\Users\M\AppData\Roaming\BabylonToolbar
2013-08-26 18:51 - 2012-08-26 21:56 - 00000000 ____D C:\Program Files\Web Assistant
2013-08-26 18:51 - 2012-08-26 21:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-26 18:51 - 2012-08-26 21:56 - 00000000 ____D C:\Program Files\Incredibar.com
2013-08-26 18:51 - 2012-06-12 21:27 - 00000000 ____D C:\Program Files\CCleaner
2013-08-26 18:51 - 2012-06-12 18:32 - 00000000 ____D C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-26 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-08-26 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-26 18:49 - 2013-07-15 16:44 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-08-25 21:04 - 2013-08-25 21:04 - 00000000 ____D C:\_OTL
2013-08-25 20:58 - 2013-08-25 20:54 - 00000000 ____D C:\AdwCleaner
2013-08-25 11:31 - 2012-06-12 18:08 - 00000000 ____D C:\Windows\Panther
2013-08-25 10:16 - 2013-08-25 10:16 - 00000000 _____ C:\Windows\setuperr.log

Files to move or delete:
====================
C:\Users\M\AppData\Local\Temp\SkypeSetup.exe
C:\Users\M\AppData\Local\Temp\SDIAG_0b449cf1-3e17-4ab6-bf5e-91e18618ec11\DiagPackage.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-17 16:01

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by M at 2013-08-28 01:34:54
Running from C:\Users\M\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

AbiWord 2.4.6 (remove only) (Version: 2.4.6)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.3.0.906)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Avira Free Antivirus (Version: 13.0.0.3885)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.01)
ChatZum Toolbar (Version: 1.0.20)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Google Chrome (HKCU Version: 29.0.1547.57)
Google Drive (Version: 1.11.4865.2530)
Google Update Helper (Version: 1.3.21.153)
Hotspot Shield 3.13 (Version: 3.13)
Incredibar Toolbar  on IE
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Processor Graphics (Version: 8.15.10.2279)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
iTunes (Version: 11.0.4.4)
League of Legends (Version: 3.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.172.0)
Nokia Suite (Version: 3.8.30.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Pando Media Booster (Version: 2.6.0.8)
PC Connectivity Solution (Version: 12.0.109.0)
REALTEK Wireless LAN Driver (Version: 1.00.0148)
Revo Uninstaller 1.94 (Version: 1.94)
Schachmeister 2010 (Version: 1.0)
Skype™ 5.9 (Version: 5.9.123)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Web Assistant 2.0.0.573 (Version: 2.0.0.573)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
YTD Video Downloader 4.3 (Version: 4.3)
 

==================== Restore Points  =========================

25-08-2013 08:27:43 Windows-Sicherung
25-08-2013 08:30:58 Windows Update
25-08-2013 08:53:29 Windows Update
25-08-2013 11:37:23 Revo Uninstaller's restore point - Hotspot Shield 3.13
25-08-2013 17:39:32 Windows-Sicherung
26-08-2013 16:45:49 Wiederherstellungsvorgang
26-08-2013 17:04:20 Windows-Sicherung
26-08-2013 21:01:04 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-06-12 17:20 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


==================== Scheduled Tasks (whitelisted) =============

Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {0E89AD42-1B03-4BAE-8447-38F400CF53FC} - System32\Tasks\{051CF163-262B-4686-A19D-2987E7FA0616} => C:\Users\M\Documents\Neuer Ordner\PrisonV1\PrisonV1.exe No File
Task: {0FEC235B-DB77-47BE-9F93-6D549C49F440} - System32\Tasks\{05976A20-8D1E-4217-B722-8B16E5540A3A} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: {18E6D428-D26C-4169-BEDF-3B5BDDC952F6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {1EC9510D-A439-4950-9399-B6399EDF9EA7} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {2321A13B-2425-474F-BF82-BB251B6F8ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {23BE4E28-0147-463B-8CF0-D9782682473C} - System32\Tasks\{8B031F0F-4FA5-48E4-8FDA-BFD42D2CF2C1} => c:\users\m\appdata\local\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {2E1D249F-362F-4371-8404-FCDB7E7B5E1E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {4BC8BBB7-2A60-40CD-9BCD-328B46151871} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {4BDB02AC-EF17-49FA-9DD8-3727C28239EE} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1782817329-4015993965-2496780310-1000 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {54F37289-9F9E-47FE-9DC6-F7B559584709} - System32\Tasks\{0C4F8CBB-026B-4589-B5F6-60C70A0E70C7} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: {5896420A-AB18-407E-8287-0E0094C4DA26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26] (Adobe Systems Incorporated)
Task: {5C2C622F-70E9-4194-A7DA-033E827365AD} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {61029739-AB05-45C0-A1C8-BFEF9B8582CF} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {68E6AEAC-D919-40EC-965C-F64A26B89EF9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6910D109-BAFD-406E-87ED-E18C58817EBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {72A8D659-5651-4057-9367-181A9243F83C} - System32\Tasks\{4F029940-958F-4925-A19F-3544E8799EF4} => c:\users\m\appdata\local\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {8E44EC90-46F9-4A8F-AAC7-7B9D343E26E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {91C3359A-A560-4048-ADBE-B514B8F76D4D} - System32\Tasks\{CD66CE7F-A5C6-456F-8612-65FA010D4137} => c:\users\m\appdata\local\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A083D494-3822-40FF-B4A4-F8F98DC70971} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {A77B3E37-4B23-4C29-B2FA-B20F49167CBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000Core => C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: {B2DE5451-6B22-4859-8CFE-03BA9008222E} - System32\Tasks\{42A092B5-40D5-4437-925F-9D8B14D611C1} => c:\users\m\appdata\local\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {C13BD275-3017-4B9E-9D79-D3E824499233} - System32\Tasks\{2317ED42-B3EE-4FEB-8B9A-A72DFAE53B93} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: {CA97C9B0-3831-41E4-8828-D8765AEE5338} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ECF96747-10FE-4B01-A06F-459F0FBF6440} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000UA => C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: {F786E2D1-5FCD-40C8-B4AE-D4F9C64010EF} - System32\Tasks\{A1B0FA76-3BA7-4713-A8AC-E9859254CB92} => c:\users\m\appdata\local\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {FE51A708-3E32-4630-8678-DE2721B7A0BC} - System32\Tasks\{C484FDDC-A353-44E5-8E00-D6A6D39D5348} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000Core.job => C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000UA.job => C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 808584

Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 808584

Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2013 01:37:22 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40dbcbfa-68e6-4f56-8ff5-c3cf39682c87}

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/25/2013 10:17:20 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:20 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (08/26/2013 11:26:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Management & Security Application User Notification Service" wurde mit folgendem Fehler beendet: 
%%-2147467243

Error: (08/26/2013 11:25:52 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/26/2013 09:16:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/26/2013 09:16:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/26/2013 09:16:44 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/26/2013 05:52:09 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/25/2013 07:29:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Monitoring Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/25/2013 07:29:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/25/2013 04:38:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Monitoring Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/25/2013 04:38:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 808584

Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 808584

Error: (08/27/2013 01:20:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2013 01:37:22 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40dbcbfa-68e6-4f56-8ff5-c3cf39682c87}

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/25/2013 10:17:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/25/2013 10:17:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/25/2013 10:17:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 2934.6 MB
Available physical RAM: 1116.34 MB
Total Pagefile: 5867.49 MB
Available Pagefile: 3491.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:398.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 199830CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

aharonov · 28.08.2013, 00:43

Jep.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- Ask Toolbar
- ChatZum Toolbar
- Incredibar Toolbar on IE
- Web Assistant 2.0.0.573
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von FRST

law · 28.08.2013, 00:52

wenn ich Web Assistant 2.0.0.573 kommt da web assistant/unins000.dat does not exist

aharonov · 28.08.2013, 00:58

Ok, dann überspring das und mach weiter.

law · 28.08.2013, 01:08

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 25/08/2013 at 20:57:26
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : M - M-PC
# Running from : C:\Users\M\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : WajamUpdater
Service Deleted : Web Assistant

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\ChatZum Toolbar
Folder Deleted : C:\Program Files\incredibar.com
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\Savings Sidekick
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\M\AppData\Local\cre
Folder Deleted : C:\Users\M\AppData\Local\Savings Sidekick
Folder Deleted : C:\Users\M\AppData\Local\Wajam
Folder Deleted : C:\Users\M\AppData\Local\TeMp\apn
Folder Deleted : C:\Users\M\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\M\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\M\AppData\RoaMing\Babylon
Folder Deleted : C:\Users\M\AppData\RoaMing\BabylonToolbar
Folder Deleted : C:\Users\M\AppData\RoaMing\Systweak
Folder Deleted : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
[!] Folder Deleted : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
[!] Folder Deleted : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
File Deleted : C:\END
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\534dadab735ef15
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Key Deleted : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16435 octets] - [25/08/2013 20:54:58]
AdwCleaner[S0].txt - [16142 octets] - [25/08/2013 20:57:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16203 octets] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 28/08/2013 at 02:01:07
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : M - M-PC
# Running from : C:\Users\M\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : WajamUpdater
Service Deleted : Web Assistant

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Program Files\ChatZum Toolbar
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\M\AppData\Local\TeMp\apn
Folder Deleted : C:\Users\M\AppData\RoaMing\BabylonToolbar
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\534dadab735ef15
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [26057 octets] - [25/08/2013 20:54:58]
AdwCleaner[S0].txt - [25790 octets] - [25/08/2013 20:57:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25851 octets] ##########

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by M (administrator) on 28-08-2013 02:05:23
Running from C:\Users\M\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\M\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-29] (Google Inc.)
HKCU\...\Run: [] -  [x]
Startup: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Chrome In-App Payments service) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\M\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx
CHR StartMenuInternet: Google Chrome - C:\Users\M\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-08-13] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-28] (Avira GmbH)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 02:02 - 2013-08-28 02:02 - 00007064 _____ C:\Windows\PFRO.log
2013-08-28 01:53 - 2013-08-28 01:54 - 00994642 _____ C:\Users\M\Downloads\adwcleaner.exe
2013-08-28 01:34 - 2013-08-28 01:35 - 00017598 _____ C:\Users\M\Downloads\Addition.txt
2013-08-28 01:32 - 2013-08-28 01:32 - 00000000 ____D C:\FRST
2013-08-28 01:21 - 2013-08-28 01:21 - 01072975 _____ (Farbar) C:\Users\M\Downloads\FRST.exe
2013-08-26 23:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-26 23:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-26 23:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-26 23:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-26 23:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-26 23:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-26 23:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-26 23:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-26 23:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-26 22:23 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-26 22:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-26 22:23 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-26 22:22 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-26 22:22 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-26 22:22 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-26 22:22 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-26 22:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-26 22:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-26 22:20 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-25 21:04 - 2013-08-25 21:04 - 00000000 ____D C:\_OTL
2013-08-25 20:54 - 2013-08-28 02:01 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:16 - 2013-08-28 02:02 - 00001008 _____ C:\Windows\setupact.log
2013-08-25 10:16 - 2013-08-25 10:16 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-08-28 02:06 - 2012-06-12 21:04 - 00000000 ____D C:\Users\M\AppData\Roaming\Skype
2013-08-28 02:03 - 2013-04-02 01:29 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 02:02 - 2013-08-28 02:02 - 00007064 _____ C:\Windows\PFRO.log
2013-08-28 02:02 - 2013-08-25 10:16 - 00001008 _____ C:\Windows\setupact.log
2013-08-28 02:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 02:01 - 2013-08-25 20:54 - 00000000 ____D C:\AdwCleaner
2013-08-28 02:01 - 2013-04-02 01:29 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 02:01 - 2013-03-12 21:36 - 01160137 _____ C:\Windows\WindowsUpdate.log
2013-08-28 02:01 - 2012-08-26 21:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 01:54 - 2013-08-28 01:53 - 00994642 _____ C:\Users\M\Downloads\adwcleaner.exe
2013-08-28 01:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:50 - 2012-11-29 21:25 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000UA.job
2013-08-28 01:35 - 2013-08-28 01:34 - 00017598 _____ C:\Users\M\Downloads\Addition.txt
2013-08-28 01:32 - 2013-08-28 01:32 - 00000000 ____D C:\FRST
2013-08-28 01:21 - 2013-08-28 01:21 - 01072975 _____ (Farbar) C:\Users\M\Downloads\FRST.exe
2013-08-28 01:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-28 01:09 - 2012-08-19 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-27 23:45 - 2012-06-12 18:24 - 00000000 ____D C:\Users\M\AppData\Local\PMB Files
2013-08-27 23:45 - 2012-06-12 18:24 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-27 13:50 - 2012-11-29 21:25 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782817329-4015993965-2496780310-1000Core.job
2013-08-27 01:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-26 23:25 - 2013-07-15 16:45 - 00001006 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-26 23:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-26 23:17 - 2013-07-11 21:51 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 23:08 - 2012-06-14 23:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-26 23:06 - 2012-06-12 17:25 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 19:53 - 2012-06-12 18:32 - 00002310 _____ C:\Users\M\Desktop\Google Chrome.lnk
2013-08-26 19:05 - 2012-06-12 18:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-26 19:05 - 2012-06-12 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-26 18:54 - 2013-07-15 16:42 - 00000000 ____D C:\Program Files\Hotspot Shield
2013-08-26 18:54 - 2012-06-12 17:16 - 00000000 ____D C:\Users\M
2013-08-26 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-26 18:52 - 2012-06-12 18:29 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-26 18:51 - 2012-06-12 21:27 - 00000000 ____D C:\Program Files\CCleaner
2013-08-26 18:51 - 2012-06-12 18:32 - 00000000 ____D C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-26 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-08-26 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-26 18:49 - 2013-07-15 16:44 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-08-25 21:04 - 2013-08-25 21:04 - 00000000 ____D C:\_OTL
2013-08-25 11:31 - 2012-06-12 18:08 - 00000000 ____D C:\Windows\Panther
2013-08-25 10:16 - 2013-08-25 10:16 - 00000000 _____ C:\Windows\setuperr.log

Files to move or delete:
====================
C:\Users\M\AppData\Local\Temp\Quarantine.exe
C:\Users\M\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-17 16:01

==================== End Of Log ============================

--- --- ---

--- --- ---

aharonov · 28.08.2013, 01:16

Zitat:

127.0.0.1 genuine.microsoft.com

Gibt es einen Grund, warum keine Verbindung zur Validierung von Microsoft zugelassen wird? Ist das eine nicht legal erworbene Version von Windows?

law · 28.08.2013, 01:22

Weiß ich nicht mehr genau ein freund hatte letztes jahr wegen eines virus alles komplett deinstaliert und dann alles wieder neu instaliert

aharonov · 28.08.2013, 01:39

Frag ihn das. Ein gecracktes manipuliertes Windows zu haben wäre sehr unklug, da weiss man nicht, was wirklich drin ist.

law · 28.08.2013, 01:46

ok aber wie soll ich den jetzt weiter vorgehen?

aharonov · 29.08.2013, 16:47

Hast du nachgefragt, woher dieses Windows stammt?

aharonov · 06.09.2013, 08:06

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

28.08.2013, 00:58	#6
aharonov /// TB-Ausbilder	chatzum loswerden wie? Ok, dann überspring das und mach weiter. __________________ --> chatzum loswerden wie?

28.08.2013, 01:39	#10
aharonov /// TB-Ausbilder	chatzum loswerden wie? Frag ihn das. Ein gecracktes manipuliertes Windows zu haben wäre sehr unklug, da weiss man nicht, was wirklich drin ist. __________________ cheers, Leo

29.08.2013, 16:47	#12
aharonov /// TB-Ausbilder	chatzum loswerden wie? Hast du nachgefragt, woher dieses Windows stammt? __________________ cheers, Leo

06.09.2013, 08:06	#13
aharonov /// TB-Ausbilder	chatzum loswerden wie? Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen. __________________ cheers, Leo

chatzum loswerden wie?

Plagegeister aller Art und deren Bekämpfung: chatzum loswerden wie?