| |
| |||||||
Log-Analyse und Auswertung: Storm Alert Adware nach Installation eines Stream-Programmes von chip.deWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.12.2014, 18:05
| #1 |
| |  Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Hallo, liebes Team, ich bin sehr froh, auf Euch gestoßen zu sein. Um eine HR-Rundfunksendung downzustreamen, habe ich ein Streamprogramm von chip.de auf WINDOWS 8.1 heruntergeladen. Seither öffnen sich bei jedem Link, den ich im Firefox oder im Internet Explorer anklicke, diese beiden Werbeseiten: hxxp://consumer-responses.com/germany/98234908280934.php?&c1=RAPDE1&c2=&t202kw=www.trojaner-board.de hxxp://c17.bluetradingonline.net/AnyOption/DE/TradingForNewbies/?offer_id=262&aff_id=2484&aff_sub=consumer-responses.com&aff_sub2=AFF_ID2&aff_sub3=AFF_ID3&aff_sub4=AFF_ID4&aff_sub5=AnyOption_TradingForNewbies_DE&source=SOURCE&url_id=1734 Gleichzeitig ist html-Text mit Links zu weiteren Werbungen unterlegt, auch habe ich ständig ca 300x400 er Popups, die mir die Sicht auf den Text versperren. Ich habe mir zunächst gestern in Eigenregie Spybot Search and Destroy herunter geladen, einen Systemscan gemacht und alle (als gering eingestuften) Probleme behoben (was nichts gebracht hat). Danach habe ich eine Suchmaschine bemüht, und bin auf dieses Forum gestoßen. Ich glaube, MarcO beschreibt exakt das gleiche Problem, und Timo (Warlord) konnte erfolgreich helfen: http://www.trojaner-board.de/159957-...r-werbung.html Weiter habe ich nichts unternommen (doch: meine Dokumente, Musik und Fotos gesichert). Ich habe daher jetzt zunächst keinen FRST und GMER Scan durchgeführt. Auch traue ich mich weder den Adware Cleaner noch Junkware-Removal Tool zu benutzen, ohne Euch um Rat zu fragen. Den o.g. Ratgeberfaden habe ich durchgelesen und mir zunächst den Adware Cleaner herunter geladen mit folgendem Ergebnis: Welche Infos benötigt Ihr noch, soll ich einen FRST Scan posten, oder genügen Euch die Infos bereits? Vielen Dank für die Rückmeldung! Angelina Der Cleaner von Spybot zeigt folgende Einträge: [i] 14-12-16 19:00:11 [i] 14-12-16 19:00:11 Processing 141216-174655.xml [i] 14-12-16 19:00:11 [i] 14-12-16 19:00:11 Product DownloadSponsor [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID [i] 14-12-16 19:00:11 [i] 14-12-16 19:00:11 Product Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\ [+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\ [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product DoubleClick [i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id) [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product 7-Zip [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Internet Explorer [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Media Player [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS DirectDraw [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Paint [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Wordpad [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows Explorer [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows Media SDK [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Cookie [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies [i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies [i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Cache [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Verlauf [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Summary [i] 14-12-16 19:00:12 Errors while cleaning 0 [i] 14-12-16 19:00:12 Files moved into quarantine 4 [i] 14-12-16 19:00:12 Files successfully cleaned 39 [+] 14-12-16 19:00:13 Gratulation, alles (aus Datei 141216-174655.xml) wurde gelöscht. sowie wurde folgende Textdatei erstellt. [i] 14-12-16 18:59:48 [i] 14-12-16 18:59:48 Product DownloadSponsor [+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID [+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID [+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID [+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID [i] 14-12-16 18:59:48 [i] 14-12-16 18:59:48 Product Wajam [+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 18:59:48 Moving into quarantine C:\Program Files (x86)\Wajam\ [+] 14-12-16 18:59:49 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 18:59:52 Successfully cleaned C:\Program Files (x86)\Wajam\ [i] 14-12-16 18:59:52 [i] 14-12-16 18:59:52 Product Macromedia.FlashPlayer.Cookies [+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol [+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol [+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol [+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol [+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol [+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol [+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol [+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol [+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol [+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol [i] 14-12-16 18:59:53 [i] 14-12-16 18:59:53 Product DoubleClick [+] 14-12-16 18:59:53 Moving into quarantine Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id) [+] 14-12-16 18:59:53 Successfully cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id) [i] 14-12-16 18:59:53 [i] 14-12-16 18:59:53 Product 7-Zip [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory [+] 14-12-16 18:59:53 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory [i] 14-12-16 18:59:53 [i] 14-12-16 18:59:53 Product Internet Explorer [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product MS Media Player [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product MS DirectDraw [+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product MS Paint [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product MS Wordpad [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product Windows [+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product Windows Explorer [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product Windows Media SDK [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID [+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID [+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber [i] 14-12-16 18:59:54 [i] 14-12-16 18:59:54 Product Cookie [+] 14-12-16 18:59:54 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cookies [+] 14-12-16 18:59:54 Moving into quarantine Firefox (PE_C_PUBLIC (default))Cookies [+] 14-12-16 18:59:54 Moving into quarantine Thunderbird (PE_C_PUBLIC (default))Cookies [+] 14-12-16 18:59:54 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cookies [+] 14-12-16 18:59:55 Successfully cleaned Firefox (PE_C_PUBLIC (default))Cookies [+] 14-12-16 18:59:55 Successfully cleaned Thunderbird (PE_C_PUBLIC (default))Cookies [i] 14-12-16 18:59:55 [i] 14-12-16 18:59:55 Product Cache [+] 14-12-16 18:59:55 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cache [+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cache [i] 14-12-16 18:59:56 [i] 14-12-16 18:59:56 Product Verlauf [+] 14-12-16 18:59:56 Moving into quarantine Internet Explorer (Benutzer) (Rhea)History [+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)History [i] 14-12-16 18:59:56 [i] 14-12-16 18:59:56 Summary [i] 14-12-16 18:59:56 Errors while cleaning 0 [i] 14-12-16 18:59:56 Files moved into quarantine 36 [i] 14-12-16 18:59:56 Files successfully cleaned 36 [i] 14-12-16 19:00:11 [i] 14-12-16 19:00:11 Product DownloadSponsor [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID [i] 14-12-16 19:00:11 [i] 14-12-16 19:00:11 Product Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\ [+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam [+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam [+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam [+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\ [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol [i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product DoubleClick [i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id) [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product 7-Zip [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Internet Explorer [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Media Player [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS DirectDraw [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Paint [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product MS Wordpad [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows Explorer [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Windows Media SDK [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID [i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Cookie [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies [i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies [i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Cache [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Product Verlauf [i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History [i] 14-12-16 19:00:12 [i] 14-12-16 19:00:12 Summary [i] 14-12-16 19:00:12 Errors while cleaning 0 [i] 14-12-16 19:00:12 Files moved into quarantine 4 [i] 14-12-16 19:00:12 Files successfully cleaned 39 |
|
17.12.2014, 18:42
| #2 |
| /// the machine /// TB-Ausbilder    | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.12.2014, 14:38
| #3 |
| | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Danke, dass Du Dich kümmerst, Schrauber.
__________________Ich habe zwischenzeitlich auch noch diese Info über diese "Storm Alerts" gefunden, wo empfohlen wird, Tod und Teufel drüberlaufen zu lassen... hxxp://malwaretips.com/blogs/storm-alerts-virus-removal/ ...so ganz nach dem Motto viel hilft viel  Hier die beiden txt.-Dateien FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 17-12-2014 18:53:35
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Pay By Ads LTD) C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [StartPoint] => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [624920 2014-12-16] (Pay By Ads LTD)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 107.05.50:51185
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> DefaultScope {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab: hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=591080004
FF SelectedSearchEngine: Search The Web (Start Point)
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 18:53 - 2014-12-17 18:54 - 00015192 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-17 18:53 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-17 16:41 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 21:26 - 2014-12-16 21:26 - 00000000 ____D () C:\StormAlert
2014-12-16 18:59 - 2014-12-16 18:59 - 00000447 _____ () C:\WINDOWS\wininit.ini
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 14:01 - 2014-12-17 15:10 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:59 - 2014-12-16 13:59 - 00000000 ____D () C:\ProgramData\StormAlert
2014-12-16 13:58 - 2014-12-16 13:58 - 00003490 _____ () C:\WINDOWS\System32\Tasks\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00003484 _____ () C:\WINDOWS\System32\Tasks\StartPoint Updater
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\***.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\****.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\****.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 00:04 - 2014-11-17 00:04 - 00000000 __SHD () C:\Users\Rhea\AppData\Local\EmieBrowserModeList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 18:51 - 2014-03-06 21:58 - 01872958 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 18:32 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-17 18:09 - 2014-03-06 22:26 - 08315254 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-17 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-16 20:34 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 19:35 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-16 19:13 - 2013-10-07 19:23 - 00021374 _____ () C:\WINDOWS\PFRO.log
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-16 11:24 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 16:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-13 17:21
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Rhea at 2014-12-17 18:55:36
Running from C:\Users\Rhea\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.7.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
Garmin BaseCamp (HKLM-x32\...\{B0BED0BB-E1C4-49AA-840F-7CA052ADF5EB}) (Version: 4.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.310 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StartPoint (HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\startpoint) (Version: - StartPoint) <==== ATTENTION!
Storm Alert (HKLM-x32\...\StormAlert) (Version: 2.7.50 - Rational Thought Solutions)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.6 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1202 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
26-11-2014 10:59:37 Windows Update
03-12-2014 13:34:21 Installed CodeTwo QR Code Desktop Reader
11-12-2014 16:50:44 Windows Update
16-12-2014 13:18:38 Removed CodeTwo QR Code Desktop Reader
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06959CFC-8C45-4C88-8CDB-7EA9E88A2649} - System32\Tasks\StartPoint Updater => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startup.exe [2014-12-16] (Pay By Ads LTD)
Task: {0FD3C72A-5BC2-4EEB-8B1B-0617404AEB92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {2D0B16FE-D78C-428B-8397-FEDA08FF37F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {8532750B-3F0A-4EFA-A180-B77445CF3232} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-03-06] (Lenovo)
Task: {9951E7EB-F9E7-4FEC-A88C-9CA0D8CCEB1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {FC6D5919-A6F6-4603-BDC2-E79318828DFE} - System32\Tasks\StartPoint => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [2014-12-16] (Pay By Ads LTD)
==================== Loaded Modules (whitelisted) =============
2014-03-06 23:05 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-03-06 23:00 - 2013-11-18 16:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2013-11-15 03:01 - 2013-11-15 03:01 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-15 02:58 - 2013-11-15 02:58 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-15 03:04 - 2013-11-15 03:04 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-03-06 23:00 - 2013-12-02 18:09 - 00044560 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-26 08:35 - 2014-10-26 08:35 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-12-16 17:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-16 17:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-16 17:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-12-03 13:35 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-12-03 13:35 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Rhea\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3879709871-1962586687-2025067079-500 - Administrator - Disabled)
Gast (S-1-5-21-3879709871-1962586687-2025067079-501 - Limited - Disabled)
Rhea (S-1-5-21-3879709871-1962586687-2025067079-1001 - Administrator - Enabled) => C:\Users\Rhea
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/17/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: startpoint.exe, Version: 1.1.0.2, Zeitstempel: 0x548eb15e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00012f71
ID des fehlerhaften Prozesses: 0x3248
Startzeit der fehlerhaften Anwendung: 0xstartpoint.exe0
Pfad der fehlerhaften Anwendung: startpoint.exe1
Pfad des fehlerhaften Moduls: startpoint.exe2
Berichtskennung: startpoint.exe3
Vollständiger Name des fehlerhaften Pakets: startpoint.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: startpoint.exe5
Error: (12/17/2014 06:30:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 05:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.17122, Zeitstempel: 0x537192fe
Name des fehlerhaften Moduls: FileManagerApp.dll, Version: 6.3.9600.17334, Zeitstempel: 0x5407aa79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000024c2a1
ID des fehlerhaften Prozesses: 0x1c78
Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0
Pfad der fehlerhaften Anwendung: PhotosApp.exe1
Pfad des fehlerhaften Moduls: PhotosApp.exe2
Berichtskennung: PhotosApp.exe3
Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
Error: (12/17/2014 04:34:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 04:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 04:08:27 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 03:52:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 03:30:54 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 02:34:06 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 02:16:39 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel: DeviceIoControl() failed.
System errors:
=============
Error: (12/16/2014 08:35:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 08:30:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 08:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (12/16/2014 07:38:35 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/16/2014 07:38:05 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/16/2014 07:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 07:12:03 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (12/16/2014 07:12:03 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (12/16/2014 07:12:01 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (12/16/2014 07:12:01 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (12/17/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: startpoint.exe1.1.0.2548eb15eKERNELBASE.dll6.3.9600.1727853eeb460c06d007e00012f71324801d01a1f666d421bC:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllabd9d7c7-8612-11e4-828d-bfc5e9bf3350
Error: (12/17/2014 06:30:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 05:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotosApp.exe6.3.9600.17122537192feFileManagerApp.dll6.3.9600.173345407aa79c0000005000000000024c2a11c7801d01a14b95d4541C:\WINDOWS\FileManager\PhotosApp.exeC:\Windows\FileManager\FileManagerApp.dll0cc2a87e-860b-11e4-828d-bfc5e9bf3350FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
Error: (12/17/2014 04:34:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 04:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 04:08:27 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 03:52:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 03:30:54 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 02:34:06 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
Error: (12/17/2014 02:16:39 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel: DeviceIoControl() failed.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 3979.22 MB
Available physical RAM: 2127.9 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 2734.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.74 GB) (Free:375.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E01DD02)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 17-12-2014 22:41:40
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Pay By Ads LTD) C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [StartPoint] => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [624920 2014-12-16] (Pay By Ads LTD)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 107.05.50:51185
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab: hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=591080004
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\StormAlert
2014-12-17 18:55 - 2014-12-17 18:56 - 00022758 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-17 18:53 - 2014-12-17 22:41 - 00014968 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-17 22:41 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-17 22:35 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 18:59 - 2014-12-16 18:59 - 00000447 _____ () C:\WINDOWS\wininit.ini
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:58 - 2014-12-16 13:58 - 00003490 _____ () C:\WINDOWS\System32\Tasks\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00003484 _____ () C:\WINDOWS\System32\Tasks\StartPoint Updater
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 00:04 - 2014-11-17 00:04 - 00000000 __SHD () C:\Users\Rhea\AppData\Local\EmieBrowserModeList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 22:41 - 2014-05-23 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-17 22:36 - 2013-10-07 19:23 - 00021692 _____ () C:\WINDOWS\PFRO.log
2014-12-17 22:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 22:36 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 22:35 - 2014-03-06 22:26 - 08339564 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-17 22:35 - 2014-03-06 21:58 - 01993954 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 22:19 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-17 22:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 20:13 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat
Some content of TEMP:
====================
C:\Users\Rhea\AppData\Local\Temp\Quarantine.exe
C:\Users\Rhea\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-13 17:21
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Der zweite Log unterscheidet sich vom ersten darin, dass ich den Adware Cleaner verwendet habe. Und es ist eher schlimmer als besser geworden. Dahingehend, als dass der Internet-Explorer noch langsamer die Werbeseite aufruft, teilweise werden Clicks auf Links nun nicht mehr umgesetzt  der neue Scan mit Adware Cleaner gibt noch einen Superfish her. In der Firefox Toolbar finden sich noch "cliqz Share" und "Cliqz" Icons, im Startmenü sind allerlei Programme die ich nicht nutze, initial von Windows 8.1 deinstallierte wie Zalando, Amazon und co. neu Verlinkt, die keine Option zum Löschen bieten. Geändert von Angelina (17.12.2014 um 23:02 Uhr) |
|
18.12.2014, 21:24
| #4 |
| /// the machine /// TB-Ausbilder | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.12.2014, 20:19
| #5 |
| | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Hallo, Schrauber, leider sind wir noch nicht am Ziel, diese Junkware (siehe Links im ersten Beitrag) poppt weiterhin auf. Jedoch ist die Unterlegung der Zeilen weg. Malwarebytes Anti-Malware www.malwarebytes.org Code:
ATTFilter
Update, 18.12.2014 23:25:15, SYSTEM, MNEMOSYNE, Manual, Failed, Unable to access update server,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Update, 18.12.2014 23:26:20, SYSTEM, MNEMOSYNE, Manual, Failed, Unable to access update server,
Detection, 18.12.2014 23:26:58, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:04, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:09, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:14, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:21, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:24, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:28, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:32, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:39, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:46, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:17, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:21, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:26, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:30, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:38, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:42, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:49, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:55, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:05, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:11, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:15, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Update, 18.12.2014 23:47:14, SYSTEM, MNEMOSYNE, Scheduler, Failed, Unable to access update server,
Scan, 18.12.2014 23:51:59, SYSTEM, MNEMOSYNE, Manual, Start: % 1 "% 2", Dauer: % 1 min 16 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 7-Malwareerkennung,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 18.12.2014 23:53:21, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
(end)
Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 19/12/2014 um 00:02:07
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Local]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Rhea - MNEMOSYNE
# Gestartet von : C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\StormAlert
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v34.0.5 (x86 de)
*************************
AdwCleaner[R0].txt - [2161 octets] - [17/12/2014 16:39:20]
AdwCleaner[R1].txt - [2221 octets] - [17/12/2014 22:25:02]
AdwCleaner[R2].txt - [1535 octets] - [18/12/2014 14:12:15]
AdwCleaner[R3].txt - [1029 octets] - [18/12/2014 23:56:59]
AdwCleaner[S0].txt - [2249 octets] - [17/12/2014 22:35:11]
AdwCleaner[S1].txt - [952 octets] - [19/12/2014 00:02:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1011 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Rhea on 19.12.2014 at 0:24:30,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.12.2014 at 0:29:45,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Rhea (administrator) on MNEMOSYNE on 19-12-2014 00:35:16 Running from C:\Users\Rhea\Downloads Loaded Profile: Rhea (Available profiles: Rhea) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated) HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] () HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications)) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185 ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320 HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default FF NewTab: FF Homepage: https://www.google.de FF Keyword.URL: FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17] FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo) R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 00:35 - 2014-12-19 00:35 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.JRT.txt# 2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt 2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt 2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt 2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert 2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt 2014-12-18 23:25 - 2014-12-19 00:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk 2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe 2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe 2014-12-17 18:53 - 2014-12-19 00:35 - 00015924 _____ () C:\Users\Rhea\Downloads\FRST.txt 2014-12-17 18:53 - 2014-12-19 00:35 - 00000000 ____D () C:\FRST 2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe 2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner 2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe 2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport 2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag 2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport 2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2 2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip 2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx 2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare 2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare 2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx 2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt 2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 00:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-19 00:31 - 2014-03-06 22:26 - 08460510 _____ () C:\Users\Public\CAFADEBUG.log 2014-12-19 00:31 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-19 00:24 - 2014-03-06 21:58 - 01303168 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-19 00:02 - 2013-10-07 19:23 - 00030084 _____ () C:\WINDOWS\PFRO.log 2014-12-19 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas 2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001 2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps 2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird 2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log 2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014 2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages 2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten 2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 17:21 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---  Ich habe heute nochmal mbam drüber laufen gelassen, nachdem ich gesehen habe, dass die Quarantäne offenbar nicht geklappt hat, nochmal alles in Quarantäne geschoben, mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.12.2014 Suchlauf-Zeit: 18:31:59 Logdatei: mbam Suchlaufprotokoll 141219.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.19.06 Rootkit Datenbank: v2014.12.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Rhea Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319988 Verstrichene Zeit: 18 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\vrgJQIE.exe, 2192, Löschen bei Neustart, [0fa3333180fcb482059cb23e719042be] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.StormAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vrgJQIE, In Quarantäne, [0fa3333180fcb482059cb23e719042be], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 4 PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\vrgJQIE.exe, Löschen bei Neustart, [0fa3333180fcb482059cb23e719042be], PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Löschen bei Neustart, [fbb71b49601ca78fddc433bda45da759], PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\ONROQsgjuXx.dll, Löschen bei Neustart, [ae0488dc93e965d11b351d467293e21e], PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Löschen bei Neustart, [169cc0a46c1033030c95e0107a879b65], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting, Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started, Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting, Protection, 19.12.2014 00:03:19, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started, Update, 19.12.2014 00:14:41, SYSTEM, MNEMOSYNE, Scheduler, Rootkit Database, 2014.11.18.1, 2014.12.14.1, Update, 19.12.2014 00:14:41, SYSTEM, MNEMOSYNE, Scheduler, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Scheduler, Malware Database, 2014.11.20.6, 2014.12.18.5, Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Refresh, Starting, Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopping, Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopped, Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Refresh, Success, Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting, Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started, Detection, 19.12.2014 00:25:33, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\LCEtzS.exe, Quarantine Failed, 303, Queued for removal on reboot, [b796b7adbcc083b3d2a1ba36669b718f] Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting, Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started, Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting, Protection, 19.12.2014 00:32:52, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started, Detection, 19.12.2014 00:34:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [0647f96b225ac76faec509e70af7bb45] Detection, 19.12.2014 00:34:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [0647f96b225ac76faec509e70af7bb45] Detection, 19.12.2014 00:39:02, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Quarantine Failed, 303, Queued for removal on reboot, [3d103232fa820c2af87bcd237f82d42c] Update, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Scheduler, Malware Database, 2014.12.18.5, 2014.12.19.6, Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Refresh, Starting, Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopping, Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopped, Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Refresh, Success, Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting, Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started, Detection, 19.12.2014 18:43:18, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [ae04abb97a02ad89a0016090907149b7] Detection, 19.12.2014 18:43:20, Rhea, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Quarantine Failed, 303, Queued for removal on reboot, [446eb6aeb4c840f65f4234bc1be69769] Detection, 19.12.2014 18:45:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [ae04abb97a02ad89a0016090907149b7] Scan, 19.12.2014 18:50:48, SYSTEM, MNEMOSYNE, Manual, Start: % 1 "% 2", Dauer: % 1 min 18 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 6-Malwareerkennung, Protection, 19.12.2014 18:51:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting, Protection, 19.12.2014 18:51:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started, Protection, 19.12.2014 18:51:51, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting, Protection, 19.12.2014 18:51:52, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started, (end) FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Rhea (administrator) on MNEMOSYNE on 19-12-2014 20:17:33 Running from C:\Users\Rhea\Downloads Loaded Profile: Rhea (Available profiles: Rhea) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated) HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] () HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications)) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185 ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320 HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default FF NewTab: FF Homepage: https://www.google.de FF Keyword.URL: FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17] FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo) R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 19:03 - 2014-12-19 19:03 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.mbam Schutzprotokoll 141219.txt# 2014-12-19 19:02 - 2014-12-19 19:02 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.mbam Suchlaufprotokoll 141219.txt# 2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt 2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt 2014-12-19 18:59 - 2014-12-19 18:59 - 00001872 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt 2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt 2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt 2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt 2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt 2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert 2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt 2014-12-18 23:25 - 2014-12-19 18:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk 2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe 2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe 2014-12-17 18:53 - 2014-12-19 20:17 - 00015631 _____ () C:\Users\Rhea\Downloads\FRST.txt 2014-12-17 18:53 - 2014-12-19 20:17 - 00000000 ____D () C:\FRST 2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe 2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner 2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe 2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport 2014-12-16 13:59 - 2014-12-19 18:51 - 00000000 ____D () C:\ProgramData\uveZGBag 2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport 2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2 2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip 2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx 2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare 2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare 2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx 2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt 2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-19 19:13 - 2014-03-06 21:58 - 01357933 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-19 18:51 - 2013-10-07 19:23 - 00031540 _____ () C:\WINDOWS\PFRO.log 2014-12-19 18:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-19 18:51 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-19 18:50 - 2014-03-06 22:26 - 08476796 _____ () C:\Users\Public\CAFADEBUG.log 2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas 2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001 2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps 2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird 2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log 2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014 2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages 2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten 2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 17:21 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Ich nehme an, dass FRST dem auf der o.g. verlinkten Seite empfohlenen HitmanPro screening als Scantool gleicht und Letzteres dabei hinfällig wird?  Hej, klasse, Schrauber!!!Und hier noch eine kleine Ode an Eure süssen Forums-Smilies, die lass ich nämlich einfach eine kleine Party zur Feier des Forumsschraubers mit Ultrahypmucke ausrichten. Wie du siehst, es läuft ziemlich hochfrequenter Techno, das erklärt die Asynchronie im Tanz dieser Heinzelmännchen, aber sie haben sichtlich ihren Spaß auf dem Dancefloor:   .. Geändert von Angelina (19.12.2014 um 21:13 Uhr) |
|
20.12.2014, 17:03
| #6 |
| /// the machine /// TB-Ausbilder | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de lol  Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?  Wenn in welchem Browser?
__________________ --> Storm Alert Adware nach Installation eines Stream-Programmes von chip.de |
|
20.12.2014, 22:49
| #7 |
| | Storm Alert Adware nach Installation eines Stream-Programmes von chip.deCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Rhea at 2014-12-20 18:15:43 Run:1
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185 ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320 FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17] Emptytemp:
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d1888d012a0eeb4b9d75f37c1bf41763
# engine=21647
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 07:27:19
# local_time=2014-12-20 08:27:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 180813 9407958 0 0
# scanned=228732
# found=8
# cleaned=0
# scan_time=6404
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$RHPI98R.zip"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$RXWRHVI.exe"
sh=A1247F02D08733A0B4746A940B6C144326B4673E ft=1 fh=7a9f9b4b0c8d09ac vn="Variante von Win32/Toolbar.Montiera.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$R12VYTP\1.3.17.3\startpoint.exe"
sh=68FC8BB80F387D030B7683E15E3681AAFDCBF6F4 ft=1 fh=8729ec73b3c6124c vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\uveZGBag\dat\janZajB.dll"
sh=68FC8BB80F387D030B7683E15E3681AAFDCBF6F4 ft=1 fh=8729ec73b3c6124c vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\uveZGBag\dat\janZajB.dll"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip"
sh=075478ED256C74207FB1540F41BE4934B47D549B ft=1 fh=5a1a58d6a5023955 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe"
 Code:
ATTFilter Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 71 Adobe Reader XI Mozilla Firefox (34.0.5) Mozilla Thunderbird (31.3.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014 Ran by Rhea (administrator) on MNEMOSYNE on 20-12-2014 22:36:52 Running from C:\Users\Rhea\Downloads Loaded Profile: Rhea (Available profiles: Rhea) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\tobedeleted\mozF527.tmp (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Users\Rhea\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated) HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] () HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications)) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185 ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320 HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default FF NewTab: FF Homepage: https://www.google.de FF Keyword.URL: FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17] FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo) R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 20:33 - 2014-12-20 20:33 - 00852505 _____ () C:\Users\Rhea\Downloads\SecurityCheck.exe 2014-12-20 18:23 - 2014-12-20 18:23 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-20 18:22 - 2014-12-20 18:22 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu (1).exe 2014-12-20 18:15 - 2014-12-20 18:15 - 00000000 ____D () C:\Users\Rhea\Downloads\FRST-OlderVersion 2014-12-20 18:09 - 2014-12-20 18:10 - 00000478 _____ () C:\Users\Rhea\Documents\Fixlist.txt 2014-12-20 18:08 - 2014-12-20 18:08 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu.exe 2014-12-20 16:41 - 2014-12-20 16:41 - 00011811 _____ () C:\Users\Rhea\Desktop\Machtspiele.odt 2014-12-20 16:37 - 2014-12-20 16:37 - 00008931 _____ () C:\Users\Rhea\Desktop\jazz.odt 2014-12-20 16:25 - 2014-12-20 16:25 - 00010186 _____ () C:\Users\Rhea\Desktop\RTF überischt.odt 2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt 2014-12-19 18:59 - 2014-12-19 20:22 - 00001888 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt 2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt 2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt 2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt 2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt 2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt 2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert 2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt 2014-12-18 23:25 - 2014-12-20 21:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk 2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe 2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe 2014-12-17 18:53 - 2014-12-20 22:36 - 00016266 _____ () C:\Users\Rhea\Downloads\FRST.txt 2014-12-17 18:53 - 2014-12-20 22:36 - 00000000 ____D () C:\FRST 2014-12-17 18:49 - 2014-12-20 18:15 - 02122240 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe 2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner 2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe 2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport 2014-12-16 13:59 - 2014-12-19 18:51 - 00000000 ____D () C:\ProgramData\uveZGBag 2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport 2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2 2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip 2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx 2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare 2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare 2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx 2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-20 20:21 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-20 20:21 - 2014-06-26 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-20 18:39 - 2014-03-06 21:58 - 01527124 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-20 13:27 - 2014-03-06 22:26 - 08565450 _____ () C:\Users\Public\CAFADEBUG.log 2014-12-20 11:55 - 2013-10-07 19:23 - 00031898 _____ () C:\WINDOWS\PFRO.log 2014-12-20 11:55 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-19 18:51 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas 2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001 2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps 2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird 2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log 2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014 2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages 2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten 2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 17:21 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Probleme gibt es nicht mehr nach mehreren Neustarts des Systems.  Heute nur ist kurz der Rechner im Hochfahren des Betriebssystem mit schwarzem Bildschirm hängengeblieben. Bis ich mit mehreren Resetversuchen das Problem wegbekommen habe war ich schon etwas gestresst. Habe trotzdem den Schnellstart von Windoof nicht deaktiviert.P.S: bin morgen nicht online, erst Montag wieder, mach Dir also kein Stress. (den hab ich morgen dafür... )Einen guten 4. Advent! Hab vielen Dank bis dahin! Angelina. Geändert von Angelina (20.12.2014 um 22:56 Uhr) |
|
21.12.2014, 19:59
| #8 |
| /// the machine /// TB-Ausbilder | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Der letzte FRST Fix lief nicht, weil du alles in eine Zeile kopiert hast. Bitte drauf achten dass der Fix beim Speichern genau so aussieht wie in der Codebox, Zeile für Zeile. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\ProgramData\uveZGBag
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Dann bitte nochmal ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2014, 11:59
| #9 |
| | Storm Alert Adware nach Installation eines Stream-Programmes von chip.deCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Rhea at 2014-12-22 12:01:13 Run:2
Running from C:\Users\Rhea\Downloads
Loaded Profiles: Rhea & (Available profiles: Rhea)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$Recycle.Bin
C:\ProgramData\uveZGBag
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:
*****************
C:\$Recycle.Bin => Moved successfully.
C:\ProgramData\uveZGBag => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi => Moved successfully.
EmptyTemp: => Removed 421 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014 Ran by Rhea (administrator) on MNEMOSYNE on 22-12-2014 12:24:03 Running from C:\Users\Rhea\Downloads Loaded Profile: Rhea (Available profiles: Rhea) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated) HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] () HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications)) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default FF NewTab: FF Homepage: https://www.google.de FF Keyword.URL: FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo) R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 12:21 - 2014-12-22 12:21 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.Fixlog.txt# 2014-12-20 20:33 - 2014-12-20 20:33 - 00852505 _____ () C:\Users\Rhea\Downloads\SecurityCheck.exe 2014-12-20 18:23 - 2014-12-20 18:23 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-20 18:22 - 2014-12-20 18:22 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu (1).exe 2014-12-20 18:15 - 2014-12-20 18:15 - 00000000 ____D () C:\Users\Rhea\Downloads\FRST-OlderVersion 2014-12-20 18:09 - 2014-12-20 18:10 - 00000478 _____ () C:\Users\Rhea\Documents\Fixlist.txt 2014-12-20 18:08 - 2014-12-20 18:08 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu.exe 2014-12-20 16:41 - 2014-12-20 16:41 - 00011811 _____ () C:\Users\Rhea\Desktop\Machtspiele.odt 2014-12-20 16:37 - 2014-12-20 16:37 - 00008931 _____ () C:\Users\Rhea\Desktop\jazz.odt 2014-12-20 16:25 - 2014-12-20 16:25 - 00010186 _____ () C:\Users\Rhea\Desktop\RTF überischt.odt 2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt 2014-12-19 18:59 - 2014-12-19 20:22 - 00001888 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt 2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt 2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt 2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt 2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt 2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt 2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert 2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert 2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt 2014-12-18 23:25 - 2014-12-22 12:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk 2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe 2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe 2014-12-17 18:53 - 2014-12-22 12:24 - 00015609 _____ () C:\Users\Rhea\Downloads\FRST.txt 2014-12-17 18:53 - 2014-12-22 12:24 - 00000000 ____D () C:\FRST 2014-12-17 18:49 - 2014-12-20 18:15 - 02122240 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe 2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner 2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe 2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport 2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport 2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport 2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2 2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip 2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx 2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare 2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare 2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx 2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 12:19 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-22 12:18 - 2014-03-06 22:26 - 08587482 _____ () C:\Users\Public\CAFADEBUG.log 2014-12-22 12:18 - 2014-03-06 21:58 - 01652789 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:18 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-22 12:13 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001 2014-12-22 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-22 11:58 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird 2014-12-20 23:47 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-20 23:47 - 2014-06-26 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-20 11:55 - 2013-10-07 19:23 - 00031898 _____ () C:\WINDOWS\PFRO.log 2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas 2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps 2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log 2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014 2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages 2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten 2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 17:21 ==================== End Of Log ============================ Geändert von Angelina (22.12.2014 um 12:27 Uhr) |
|
23.12.2014, 11:50
| #10 |
| /// the machine /// TB-Ausbilder | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Perfekt. Bestehen noch Probleme mit dem System?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.12.2014, 20:16
| #11 |
| | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Probleme?! Huh? War da je was? |
|
23.12.2014, 20:42
| #12 |
| |  Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Frohe Weihnachten! |
|
24.12.2014, 18:11
| #13 |
| /// the machine /// TB-Ausbilder | Storm Alert Adware nach Installation eines Stream-Programmes von chip.de Gleichfalls! Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Storm Alert Adware nach Installation eines Stream-Programmes von chip.de |
| computer, ergebnis, explorer, fehlercode 0xc0000005, fehlercode 0xc06d007e, flash player, installation, internet, internet explorer, microsoft, msil/adware.pullupdate.k.gen, probleme, pup.optional.healthalert.a, pup.optional.stormalert.a, software, startpoint entfernen, stormalert, suchmaschine, win32/installmonetizer.aq, win32/somoto.q, win32/toolbar.montiera.q |
dann auf 
und dann auf 
. 
Linear-Darstellung
