Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ich hab VIREN! (https://www.trojaner-board.de/154963-hab-viren.html)

tituli 08.06.2014 19:03
Ich hab VIREN!
 
Hallo mein Win8 Laptop ist mit Viren verseucht.
Ein Malwarebyte scan hat folgendes ergeben:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.06.2014
Suchlauf-Zeit: 17:44:52
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.04.06
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Christoph

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319592
Verstrichene Zeit: 1 Std, 6 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe, 1300, Löschen bei Neustart, [92e48ee6f58639fd9ed3dc42b64a03fd]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 43
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajamUpdater, In Quarantäne, [92e48ee6f58639fd9ed3dc42b64a03fd],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, In Quarantäne, [fd794e2666150f27f25037381be70df3],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, In Quarantäne, [fd794e2666150f27f25037381be70df3],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [2650452fb0cb52e493d70866778b3bc5],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [2650452fb0cb52e493d70866778b3bc5],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [7ff7abc9ff7cf14585bef976f909da26],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [7ff7abc9ff7cf14585bef976f909da26],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO.1, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader.1, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [e78fe1939cdf4fe7149c97d79a68d62a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [3b3b9ed654279a9cd3de5e1030d29b65],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, In Quarantäne, [4f2789ebc9b2c67020eb12bdc43f4ab6],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [a3d32e46304be3531d6f4d4a3ec408f8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [096d2f45bebde94dea2cf7d652b1f907],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [70064e26265584b2148e476f09f948b8],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, In Quarantäne, [1363452fd5a651e5036e796d3dc621df],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\priam_bho.DLL, In Quarantäne, [3a3c660eb8c39f97a665c60957ac57a9],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [45319bd9dba01620d8b76d5e23e0ba46],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [ec8aeb89f5869a9c0886dcef9e6554ac],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, In Quarantäne, [1a5c2f45ee8dd5616cae4f7e50b3e31d],
PUP.Optional.Delta.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, In Quarantäne, [2155f3816714d264f156d2fb49bad729],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [aec8393b2d4e999de3c03b7b14ee46ba],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [1a5cadc788f3999d8a0b7e4ef80b50b0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [b0c61a5afa8115215754704561a105fb],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [11654b29b8c348ee852eebe0847f20e0],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantäne, [94e23c389ae184b2709d8d424bb8e51b],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],

Registrierungswerte: 4
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WAJAM|red, 4, In Quarantäne, [076f7400e596251177970ac57c87e21e]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, In Quarantäne, [11654b29b8c348ee852eebe0847f20e0]
PUP.Optional.Wajam.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantäne, [9dd9dd97e596999dd753673430d2c937]
PUP.Optional.Wajam.A, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 6444, In Quarantäne, [94e23c389ae184b2709d8d424bb8e51b]

Registrierungsdaten: 1
PUP.Optional.StartPage, HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972),Ersetzt,[7ff7dd975e1d270fd4174c1c9c6807f9]

Ordner: 14
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [245263112358ce68fc38ceb381819967],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [245263112358ce68fc38ceb381819967],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [245263112358ce68fc38ceb381819967],
PUP.Optional.DealPly.A, C:\Users\Christoph\AppData\Roaming\Dealply, In Quarantäne, [3442b3c15a21df571f160d74c33fff01],
PUP.Optional.DealPly.A, C:\Users\Christoph\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [3442b3c15a21df571f160d74c33fff01],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [2c4abdb7c9b2280ede58ee93a062eb15],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [2c4abdb7c9b2280ede58ee93a062eb15],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Löschen bei Neustart, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Firefox, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater, Löschen bei Neustart, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.DealPly.A, C:\Users\Christoph\AppData\Local\DealPlyLive, In Quarantäne, [2e4851238ceff2442b5f661bbd4547b9],
PUP.Optional.DealPly.A, C:\Users\Christoph\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [2e4851238ceff2442b5f661bbd4547b9],
PUP.Optional.Wajam.A, C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, In Quarantäne, [205686eefd7e1a1c6a7faed4e919847c],

Dateien: 37
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe, Löschen bei Neustart, [92e48ee6f58639fd9ed3dc42b64a03fd],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\priam_bho.dll, In Quarantäne, [b5c1056fa7d4d26446fe303e06fc59a7],
PUP.Optional.Bandoo, C:\Users\Christoph\Downloads\iLividSetup-r400-n-bc.exe, In Quarantäne, [3c3ada9a88f31521b0cc2ae1689951af],
PUP.Optional.BundleInstaller.A, C:\Users\Christoph\Downloads\Setup.exe, In Quarantäne, [096d492bd0ab11252fabee39738dbf41],
PUP.Optional.Babylon.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\babylon.xml, In Quarantäne, [7105cba9b8c38ea8960b892112f04bb5],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [245263112358ce68fc38ceb381819967],
PUP.Optional.DealPly.A, C:\Users\Christoph\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [3442b3c15a21df571f160d74c33fff01],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\favicon.ico, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\update.exe, In Quarantäne, [79fd2c487cff90a648f53948cc362ad6],
PUP.Optional.Wajam.A, C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk, In Quarantäne, [205686eefd7e1a1c6a7faed4e919847c],
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[4e28472dbbc0b97ddeaf7026a262c43c]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[a7cfafc5f4877fb77419920411f354ac]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[4e28a8cc9be03afc404ddabcce36c040]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[393dc4b0f487ab8b335ad4c23dc715eb]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[bdb94b2915661224fa937b1bee16a45c]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[93e3adc7a8d3999df39a0e88000454ac]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[175fc5af2f4c979f820b16808f75d22e]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "34dd64030000000000002cd05a916c97");), Ersetzt,[fd79c3b17a01979f15783d592bd99d63]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15929");), Ersetzt,[4531cfa5cab12a0ca0edcbcba3610ef2]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[7ef8a5cf85f63df9d0bd3e58e420e41c]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[fd791262b6c5d2649eefaaecfc08b050]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[03738aeaf3883cfab4d96a2cad57718f]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[2452482c6f0cc670c9c46f278f75d12f]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[304690e4413a3bfb7e0f98fea1637987]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[a5d11460bbc06ccaf09d7c1a19ebf10f]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[7006650f8cef1224b3da1f776f959a66]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[afc75b194a314aec09842a6cff05966a]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.22.0");), Ersetzt,[c4b24f2575063006632a494dcc38e020]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.22.014:40:15");), Ersetzt,[03738fe5770482b48eff8016867eb14f]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.22.0");), Ersetzt,[83f37afa0c6fe650cbc2880e12f2dc24]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[acca383c502b3ef8513ce4b2937134cc]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119357&tt=070813_wt4&tsp=4972");), Ersetzt,[4036670d39429b9b305d1185fe065ca4]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[aacc6311cdae0e288508217534d08878]
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972");), Ersetzt,[cfa77afab6c5023415c27d1913f18977]

Physische Sektoren: 0
(No malicious items detected)


(end)
Ich habe gelesen, dass ihr ein paar Informationen braucht:
Defogger_disable:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:20 on 08/06/2014 (Christoph)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
frst:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Christoph (administrator) on CHRISTOPH on 08-06-2014 19:25:38
Running from C:\Users\Christoph\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Facebook Inc.) C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\nf.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\nf.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-29] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Ocs_SM] => C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-30] (OCS)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\tampmon.exe [61792 2014-04-29] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1922772501-99978846-3866651668-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972
SearchScopes: HKCU - {72571EB0-9BFB-4EAB-817A-E36EA39B38D6} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303237267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D64655F44452661706E5F70746E72733D5E55332661706E5F647469643D5E4F534A3030305E59595E44452661706E5F7569643D32343137394238322D314332372D343534462D414136462D4442453944333541433234382661706E5F73617569643D32413833453436312D363737442D344646452D384630442D333744433432383643324331&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&k=0
SearchScopes: HKCU - {8491E04F-6CF1-413E-A507-3075BAB4384D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL =
SearchScopes: HKCU - {A855F7B3-EA46-4199-85B4-30C24F9E3D54} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {AFA963E7-D1ED-4537-9B39-9263D7D52529} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {C127AF0B-81BA-4D92-9AEB-6FBB2A17A99D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {C145A52C-8A6B-42E0-9230-5F4D967AD66C} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CF46C04B-C508-4AB3-A6A6-3FC01F59F4CA} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\..\Interfaces\{B61C9A93-E95D-4121-B836-617D928FA674}: [NameServer]192.168.178.11,192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Christoph\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\user.js
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{50837B62-B241-411B-801C-280AE831C2F2}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{6B788355-7124-4A26-B733-CB0C67104267}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{85DC1AB1-BB5C-44E7-8982-B6F377340463}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{94D502EC-4FF7-4D39-A9C8-1A51323A4440}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{C7C79F82-5300-458F-A998-100A113E301D}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{D8C466A0-3EF9-4D55-B56C-2C3F045E8B13}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricXeeker - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\125 [2013-07-27]
FF Extension: Battlefield Heroes Updater - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\battlefieldheroespatcher@ea.com [2013-06-13]
FF Extension: Battlefield Play4Free - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\battlefieldplay4free@ea.com [2013-06-13]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi []
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Christoph\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-09-30]
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Norton™ Family) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Christoph\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\Extensions\Chrome.crx [2014-05-02]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\NF.exe [570944 2014-04-29] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2014-02-01] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.024\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-28] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-21] (Symantec Corporation)
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.024\SymRdrS.SYS [246488 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 19:24 - 2014-06-08 19:25 - 00030444 _____ () C:\Users\Christoph\Desktop\Addition.txt
2014-06-08 19:24 - 2014-06-08 19:25 - 00029265 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-06-08 19:24 - 2014-06-08 19:25 - 00000000 ____D () C:\FRST
2014-06-08 19:22 - 2014-06-08 19:23 - 02072576 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-06-08 19:20 - 2014-06-08 19:20 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.log
2014-06-08 19:20 - 2014-06-08 19:20 - 00000000 _____ () C:\Users\Christoph\defogger_reenable
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger (2).exe
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Desktop\Defogger (1).exe
2014-06-08 19:18 - 2014-06-08 19:18 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-06-04 18:28 - 2014-06-04 18:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\{A0A21422-4E96-41DC-8648-F795E6EEC2E2}
2014-06-04 17:44 - 2014-06-08 19:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 17:43 - 2014-06-04 17:43 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-04 17:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-04 17:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-04 17:42 - 2014-06-04 17:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 12:35 - 2014-05-29 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 22:01 - 2014-05-28 22:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-05-28 22:00 - 2014-05-28 22:00 - 00000000 ____D () C:\Users\Christoph\Downloads\Age of Empire 2
2014-05-25 18:34 - 2014-05-25 18:34 - 00788560 _____ () C:\WINDOWS\Minidump\052514-24953-01.dmp
2014-05-20 20:18 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-20 20:18 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 20:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-18 20:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-18 20:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-18 20:28 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-18 20:28 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-18 20:27 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-18 20:27 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-18 20:27 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-18 20:27 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-18 10:22 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-18 10:22 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-18 10:22 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-18 10:22 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-18 10:22 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-18 10:22 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-18 10:22 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-18 10:22 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 10:22 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 10:22 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-18 10:22 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 10:22 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-18 10:22 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 10:22 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-18 10:22 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-18 10:22 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-18 10:22 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-18 10:22 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-18 10:22 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-18 10:22 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-18 10:22 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-18 10:22 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-18 10:22 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-18 10:22 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-18 10:22 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-18 10:22 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-18 10:22 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-18 10:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-18 10:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-18 10:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-18 10:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-18 10:21 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 10:21 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-11 19:35 - 2014-05-11 19:35 - 00775264 _____ () C:\WINDOWS\Minidump\051114-25671-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-08 19:25 - 2014-06-08 19:24 - 00030444 _____ () C:\Users\Christoph\Desktop\Addition.txt
2014-06-08 19:25 - 2014-06-08 19:24 - 00029265 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-06-08 19:25 - 2014-06-08 19:24 - 00000000 ____D () C:\FRST
2014-06-08 19:25 - 2013-12-28 23:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Temp
2014-06-08 19:25 - 2013-12-28 23:47 - 01137578 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-08 19:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-08 19:23 - 2014-06-08 19:22 - 02072576 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-06-08 19:20 - 2014-06-08 19:20 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.log
2014-06-08 19:20 - 2014-06-08 19:20 - 00000000 _____ () C:\Users\Christoph\defogger_reenable
2014-06-08 19:20 - 2013-12-28 23:54 - 00000000 ____D () C:\Users\Christoph
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger (2).exe
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Desktop\Defogger (1).exe
2014-06-08 19:18 - 2014-06-08 19:18 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-06-08 19:18 - 2014-01-09 11:08 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D81A4F77-A502-4382-904D-8CE990CFCE9B}
2014-06-08 19:18 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 19:18 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-08 19:18 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-08 19:16 - 2014-06-04 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 19:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-07 21:13 - 2013-05-04 14:52 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1922772501-99978846-3866651668-1002
2014-06-07 20:53 - 2013-05-04 21:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-07 20:38 - 2013-09-30 20:08 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 20:33 - 2013-12-21 16:25 - 00003410 _____ () C:\WINDOWS\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-06-07 20:31 - 2013-04-12 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-06-07 20:30 - 2013-09-30 20:10 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-07 20:30 - 2013-09-30 20:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 20:30 - 2013-06-20 17:37 - 00000000 __RDO () C:\Users\Christoph\SkyDrive
2014-06-07 20:29 - 2013-09-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 18:57 - 2013-11-14 00:18 - 00011038 _____ () C:\WINDOWS\PFRO.log
2014-06-04 18:57 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-04 18:57 - 2013-05-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 18:55 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-04 18:28 - 2014-06-04 18:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\{A0A21422-4E96-41DC-8648-F795E6EEC2E2}
2014-06-04 17:43 - 2014-06-04 17:43 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 20:05 - 2014-03-30 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-06-03 19:56 - 2013-08-06 20:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-06-03 19:56 - 2013-08-06 20:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-05-29 12:35 - 2014-05-29 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 22:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-28 22:01 - 2014-05-28 22:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-05-28 22:00 - 2014-05-28 22:00 - 00000000 ____D () C:\Users\Christoph\Downloads\Age of Empire 2
2014-05-25 18:34 - 2014-05-25 18:34 - 00788560 _____ () C:\WINDOWS\Minidump\052514-24953-01.dmp
2014-05-25 18:34 - 2014-04-22 15:10 - 517734984 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-25 18:34 - 2014-04-22 15:10 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-25 14:06 - 2013-05-04 15:40 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\.minecraft
2014-05-25 13:37 - 2014-03-01 13:54 - 00000000 _____ () C:\Users\Christoph\Desktop\OGLdpf.log
2014-05-24 16:29 - 2013-08-17 11:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Nitro PDF
2014-05-20 20:21 - 2013-05-04 14:44 - 00000000 ___RD () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 20:21 - 2013-05-04 14:44 - 00000000 ___RD () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 22:04 - 2013-08-15 15:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-18 22:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-18 22:03 - 2013-05-05 10:18 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 16:53 - 2013-05-04 21:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 17:43 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 17:43 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 17:43 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 19:35 - 2014-05-11 19:35 - 00775264 _____ () C:\WINDOWS\Minidump\051114-25671-01.dmp
2014-05-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup

Files to move or delete:
====================
C:\ProgramData\Lenovo-20024.vbs


Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\avgnt.exe
C:\Users\Christoph\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Christoph\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 18:48

==================== End Of Log ============================
--- --- ---

--- --- ---


additions:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Christoph at 2014-06-08 19:26:04
Running from C:\Users\Christoph\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Norton Family (HKLM-x32\...\NSM) (Version: 2.9.5.36 - Symantec Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

07-05-2014 11:45:09 Windows Update
08-05-2014 12:31:43 Installed Java 7 Update 55
18-05-2014 08:32:36 Windows Update
28-05-2014 20:01:01 Windows Modules Installer

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36987A7C-127D-4631-B3C1-12E3696127A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {37301366-B2A1-4F72-A343-4F019C7A01C5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A5C47E7-EA50-457F-A77F-7F6033058BF7} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\tampmon.exe [2014-04-29] (Symantec Corporation)
Task: {4C8ECFE3-A85B-4418-8994-621954572678} - System32\Tasks\Dealply => C:\Users\CHRIST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4E10A47D-A1A4-47A4-8B6F-1B1AB4C75C6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-18] (Microsoft Corporation)
Task: {5CB9B952-ECB7-42BD-9CF8-3B15B3A4A0EB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {68654710-B90E-49B4-BE65-7B7DD5298508} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78275F6C-171A-4519-A170-AB1521F02051} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95A785B9-298A-4258-BF27-569194363CC2} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {974090FB-7331-4AC4-B15F-126D17B522CF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0EE3062-089F-4349-ABCE-E5953F682EFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {BD4D6D39-5A71-4FEB-8E20-84104BDED078} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1922772501-99978846-3866651668-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {C12D7148-481C-4229-A961-1EBAA56CFBEE} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0037F87-F142-44CE-A25B-EE6B28813420} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D76A198B-DC63-4677-9618-5C82DBED0A3F} - System32\Tasks\Lenovo\Lenovo-20024 => C:\ProgramData\Lenovo-20024.vbs [2013-04-12] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DE0C6AF4-42B6-43AD-B393-E2ADD63541CF} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E5B13A41-11F5-4EBA-92C7-0BACDBD88C8E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Dealply.job => C:\Users\CHRIST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1922772501-99978846-3866651668-1002Core.job => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-12-26 20:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-29 19:02 - 2012-09-29 19:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 18:57 - 2012-09-29 18:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-09-29 18:59 - 2012-09-29 18:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 19:01 - 2012-09-29 19:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 23:11 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-24 16:26 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-24 16:26 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-09 11:02 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-29 16:44 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-08-21 14:18 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-24 16:26 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-24 16:26 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-09-06 12:55 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-05-02 23:26 - 2012-05-29 20:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\wincfi39.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 07:23:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2014 07:22:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bf8

Startzeit: 01cf833d2905d40e

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 75145b84-ef31-11e3-beb8-2cd05a916c97

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (06/08/2014 07:14:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2014 08:38:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (06/07/2014 08:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NF.exe, Version: 12.11.0.16, Zeitstempel: 0x524cbb5e
Name des fehlerhaften Moduls: WDJobs.dll, Version: 2.9.5.36, Zeitstempel: 0x535f5a15
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052c6c
ID des fehlerhaften Prozesses: 0x644
Startzeit der fehlerhaften Anwendung: 0xNF.exe0
Pfad der fehlerhaften Anwendung: NF.exe1
Pfad des fehlerhaften Moduls: NF.exe2
Berichtskennung: NF.exe3
Vollständiger Name des fehlerhaften Pakets: NF.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NF.exe5

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 11:04:01 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\f126c360-84e1-42c1-a4db-a9601f65ae9d.dmp

Error: (06/04/2014 09:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093


System errors:
=============
Error: (06/07/2014 08:31:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Family" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/06/2014 11:01:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (06/06/2014 11:01:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:07 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/06/2014 11:00:07 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/04/2014 07:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/08/2014 07:23:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2014 07:22:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841bf801cf833d2905d40e4294967295C:\WINDOWS\system32\backgroundTaskHost.exe75145b84-ef31-11e3-beb8-2cd05a916c97C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (06/08/2014 07:14:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2014 08:38:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/07/2014 08:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NF.exe12.11.0.16524cbb5eWDJobs.dll2.9.5.36535f5a15c000000500052c6c64401cf80162591afcfC:\Program Files (x86)\Norton Family\Engine\2.9.5.36\NF.exeC:\Program Files (x86)\Norton Family\Engine\2.9.5.36\WDJobs.dlle49972c4-ee71-11e3-beb8-2cd05a916c97

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 11:04:01 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\f126c360-84e1-42c1-a4db-a9601f65ae9d.dmp

Error: (06/04/2014 09:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093


CodeIntegrity Errors:
===================================
  Date: 2014-01-05 11:12:39.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 11:12:37.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 19:28:27.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:28:57.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:27:56.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:24:12.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 09:54:23.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-13 21:47:37.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-13 20:55:09.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 13:56:48.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8047.52 MB
Available physical RAM: 6051.37 MB
Total Pagefile: 16239.52 MB
Available Pagefile: 13792.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:828.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: BD1652C6)

Partition: GPT Partition Type.

==================== End Of Log ============================

tituli 08.06.2014 19:07
frst:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Christoph (administrator) on CHRISTOPH on 08-06-2014 19:25:38
Running from C:\Users\Christoph\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Facebook Inc.) C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\nf.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\nf.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-29] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Ocs_SM] => C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-30] (OCS)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\tampmon.exe [61792 2014-04-29] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1922772501-99978846-3866651668-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Facebook Update] => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SkyDrive] => C:\Users\Christoph\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-17] (Microsoft Corporation)
HKU\S-1-5-21-1922772501-99978846-3866651668-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {8643102E-E4A5-427A-B545-33A2E766EE3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972
SearchScopes: HKCU - {72571EB0-9BFB-4EAB-817A-E36EA39B38D6} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303237267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D64655F44452661706E5F70746E72733D5E55332661706E5F647469643D5E4F534A3030305E59595E44452661706E5F7569643D32343137394238322D314332372D343534462D414136462D4442453944333541433234382661706E5F73617569643D32413833453436312D363737442D344646452D384630442D333744433432383643324331&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&k=0
SearchScopes: HKCU - {8491E04F-6CF1-413E-A507-3075BAB4384D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {8643102E-E4A5-427A-B545-33A2E766EE3A} URL =
SearchScopes: HKCU - {A855F7B3-EA46-4199-85B4-30C24F9E3D54} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {AFA963E7-D1ED-4537-9B39-9263D7D52529} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {C127AF0B-81BA-4D92-9AEB-6FBB2A17A99D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {C145A52C-8A6B-42E0-9230-5F4D967AD66C} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CF46C04B-C508-4AB3-A6A6-3FC01F59F4CA} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c35977df-ac3d-4dcb-91d6-cd200bf58194&pid=freewarede&mode=bounce&k=0
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\..\Interfaces\{B61C9A93-E95D-4121-B836-617D928FA674}: [NameServer]192.168.178.11,192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=34DD2CD05A916C97&affID=119357&tt=070813_wt4&tsp=4972
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Christoph\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\user.js
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{50837B62-B241-411B-801C-280AE831C2F2}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{6B788355-7124-4A26-B733-CB0C67104267}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{85DC1AB1-BB5C-44E7-8982-B6F377340463}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{94D502EC-4FF7-4D39-A9C8-1A51323A4440}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{C7C79F82-5300-458F-A998-100A113E301D}.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\searchplugins\{D8C466A0-3EF9-4D55-B56C-2C3F045E8B13}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricXeeker - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\125 [2013-07-27]
FF Extension: Battlefield Heroes Updater - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\battlefieldheroespatcher@ea.com [2013-06-13]
FF Extension: Battlefield Play4Free - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\battlefieldplay4free@ea.com [2013-06-13]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\3ydu1bds.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi []
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Christoph\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-09-30]
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Norton™ Family) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Christoph\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\Extensions\Chrome.crx [2014-05-02]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\NF.exe [570944 2014-04-29] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2014-02-01] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.024\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-28] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-21] (Symantec Corporation)
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.024\SymRdrS.SYS [246488 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 19:24 - 2014-06-08 19:25 - 00030444 _____ () C:\Users\Christoph\Desktop\Addition.txt
2014-06-08 19:24 - 2014-06-08 19:25 - 00029265 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-06-08 19:24 - 2014-06-08 19:25 - 00000000 ____D () C:\FRST
2014-06-08 19:22 - 2014-06-08 19:23 - 02072576 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-06-08 19:20 - 2014-06-08 19:20 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.log
2014-06-08 19:20 - 2014-06-08 19:20 - 00000000 _____ () C:\Users\Christoph\defogger_reenable
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger (2).exe
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Desktop\Defogger (1).exe
2014-06-08 19:18 - 2014-06-08 19:18 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-06-04 18:28 - 2014-06-04 18:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\{A0A21422-4E96-41DC-8648-F795E6EEC2E2}
2014-06-04 17:44 - 2014-06-08 19:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 17:43 - 2014-06-04 17:43 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-04 17:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-04 17:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-04 17:42 - 2014-06-04 17:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 12:35 - 2014-05-29 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 22:01 - 2014-05-28 22:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-05-28 22:00 - 2014-05-28 22:00 - 00000000 ____D () C:\Users\Christoph\Downloads\Age of Empire 2
2014-05-25 18:34 - 2014-05-25 18:34 - 00788560 _____ () C:\WINDOWS\Minidump\052514-24953-01.dmp
2014-05-20 20:18 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-20 20:18 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 20:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-18 20:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-18 20:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-18 20:28 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-18 20:28 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-18 20:27 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-18 20:27 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-18 20:27 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-18 20:27 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-18 10:22 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-18 10:22 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-18 10:22 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-18 10:22 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-18 10:22 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-18 10:22 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-18 10:22 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-18 10:22 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 10:22 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 10:22 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-18 10:22 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 10:22 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-18 10:22 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 10:22 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-18 10:22 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-18 10:22 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-18 10:22 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-18 10:22 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-18 10:22 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-18 10:22 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-18 10:22 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-18 10:22 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-18 10:22 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-18 10:22 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-18 10:22 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-18 10:22 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-18 10:22 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-18 10:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-18 10:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-18 10:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-18 10:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-18 10:21 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 10:21 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-11 19:35 - 2014-05-11 19:35 - 00775264 _____ () C:\WINDOWS\Minidump\051114-25671-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-08 19:25 - 2014-06-08 19:24 - 00030444 _____ () C:\Users\Christoph\Desktop\Addition.txt
2014-06-08 19:25 - 2014-06-08 19:24 - 00029265 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-06-08 19:25 - 2014-06-08 19:24 - 00000000 ____D () C:\FRST
2014-06-08 19:25 - 2013-12-28 23:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Temp
2014-06-08 19:25 - 2013-12-28 23:47 - 01137578 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-08 19:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-08 19:23 - 2014-06-08 19:22 - 02072576 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-06-08 19:20 - 2014-06-08 19:20 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.log
2014-06-08 19:20 - 2014-06-08 19:20 - 00000000 _____ () C:\Users\Christoph\defogger_reenable
2014-06-08 19:20 - 2013-12-28 23:54 - 00000000 ____D () C:\Users\Christoph
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger (2).exe
2014-06-08 19:19 - 2014-06-08 19:19 - 00050477 _____ () C:\Users\Christoph\Desktop\Defogger (1).exe
2014-06-08 19:18 - 2014-06-08 19:18 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-06-08 19:18 - 2014-01-09 11:08 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D81A4F77-A502-4382-904D-8CE990CFCE9B}
2014-06-08 19:18 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 19:18 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-08 19:18 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-08 19:16 - 2014-06-04 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 19:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-07 21:13 - 2013-05-04 14:52 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1922772501-99978846-3866651668-1002
2014-06-07 20:53 - 2013-05-04 21:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-07 20:38 - 2013-09-30 20:08 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 20:33 - 2013-12-21 16:25 - 00003410 _____ () C:\WINDOWS\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-06-07 20:31 - 2013-04-12 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-06-07 20:30 - 2013-09-30 20:10 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-07 20:30 - 2013-09-30 20:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 20:30 - 2013-06-20 17:37 - 00000000 __RDO () C:\Users\Christoph\SkyDrive
2014-06-07 20:29 - 2013-09-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 18:57 - 2013-11-14 00:18 - 00011038 _____ () C:\WINDOWS\PFRO.log
2014-06-04 18:57 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-04 18:57 - 2013-05-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 18:55 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-04 18:28 - 2014-06-04 18:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\{A0A21422-4E96-41DC-8648-F795E6EEC2E2}
2014-06-04 17:43 - 2014-06-04 17:43 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 17:43 - 2014-06-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 17:43 - 2014-06-04 17:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 20:05 - 2014-03-30 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-06-03 19:56 - 2013-08-06 20:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-06-03 19:56 - 2013-08-06 20:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-05-29 12:35 - 2014-05-29 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 22:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-28 22:01 - 2014-05-28 22:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-05-28 22:01 - 2014-05-28 22:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-05-28 22:01 - 2014-05-28 22:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-05-28 22:00 - 2014-05-28 22:00 - 00000000 ____D () C:\Users\Christoph\Downloads\Age of Empire 2
2014-05-25 18:34 - 2014-05-25 18:34 - 00788560 _____ () C:\WINDOWS\Minidump\052514-24953-01.dmp
2014-05-25 18:34 - 2014-04-22 15:10 - 517734984 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-25 18:34 - 2014-04-22 15:10 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-25 14:06 - 2013-05-04 15:40 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\.minecraft
2014-05-25 13:37 - 2014-03-01 13:54 - 00000000 _____ () C:\Users\Christoph\Desktop\OGLdpf.log
2014-05-24 16:29 - 2013-08-17 11:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Nitro PDF
2014-05-20 20:21 - 2013-05-04 14:44 - 00000000 ___RD () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 20:21 - 2013-05-04 14:44 - 00000000 ___RD () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 22:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 22:04 - 2013-08-15 15:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-18 22:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-18 22:03 - 2013-05-05 10:18 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 16:53 - 2013-05-04 21:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 17:43 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 17:43 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 17:43 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 19:35 - 2014-05-11 19:35 - 00775264 _____ () C:\WINDOWS\Minidump\051114-25671-01.dmp
2014-05-09 21:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup

Files to move or delete:
====================
C:\ProgramData\Lenovo-20024.vbs


Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\avgnt.exe
C:\Users\Christoph\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Christoph\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 18:48

==================== End Of Log ============================
--- --- ---

--- --- ---


additions:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Christoph at 2014-06-08 19:26:04
Running from C:\Users\Christoph\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Norton Family (HKLM-x32\...\NSM) (Version: 2.9.5.36 - Symantec Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

07-05-2014 11:45:09 Windows Update
08-05-2014 12:31:43 Installed Java 7 Update 55
18-05-2014 08:32:36 Windows Update
28-05-2014 20:01:01 Windows Modules Installer

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36987A7C-127D-4631-B3C1-12E3696127A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {37301366-B2A1-4F72-A343-4F019C7A01C5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A5C47E7-EA50-457F-A77F-7F6033058BF7} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\tampmon.exe [2014-04-29] (Symantec Corporation)
Task: {4C8ECFE3-A85B-4418-8994-621954572678} - System32\Tasks\Dealply => C:\Users\CHRIST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4E10A47D-A1A4-47A4-8B6F-1B1AB4C75C6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-18] (Microsoft Corporation)
Task: {5CB9B952-ECB7-42BD-9CF8-3B15B3A4A0EB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {68654710-B90E-49B4-BE65-7B7DD5298508} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78275F6C-171A-4519-A170-AB1521F02051} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95A785B9-298A-4258-BF27-569194363CC2} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {974090FB-7331-4AC4-B15F-126D17B522CF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0EE3062-089F-4349-ABCE-E5953F682EFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {BD4D6D39-5A71-4FEB-8E20-84104BDED078} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1922772501-99978846-3866651668-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {C12D7148-481C-4229-A961-1EBAA56CFBEE} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0037F87-F142-44CE-A25B-EE6B28813420} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D76A198B-DC63-4677-9618-5C82DBED0A3F} - System32\Tasks\Lenovo\Lenovo-20024 => C:\ProgramData\Lenovo-20024.vbs [2013-04-12] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DE0C6AF4-42B6-43AD-B393-E2ADD63541CF} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E5B13A41-11F5-4EBA-92C7-0BACDBD88C8E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Dealply.job => C:\Users\CHRIST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1922772501-99978846-3866651668-1002Core.job => C:\Users\Christoph\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-12-26 20:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-29 19:02 - 2012-09-29 19:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 18:57 - 2012-09-29 18:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-09-29 18:59 - 2012-09-29 18:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 19:01 - 2012-09-29 19:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 23:11 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-24 16:26 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-24 16:26 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-09 11:02 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-29 16:44 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-08-21 14:18 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-24 16:26 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-24 16:26 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-09-06 12:55 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-05-02 23:26 - 2012-05-29 20:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.5.36\wincfi39.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-24 22:39 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 07:23:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2014 07:22:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bf8

Startzeit: 01cf833d2905d40e

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 75145b84-ef31-11e3-beb8-2cd05a916c97

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (06/08/2014 07:14:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2014 08:38:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (06/07/2014 08:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NF.exe, Version: 12.11.0.16, Zeitstempel: 0x524cbb5e
Name des fehlerhaften Moduls: WDJobs.dll, Version: 2.9.5.36, Zeitstempel: 0x535f5a15
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052c6c
ID des fehlerhaften Prozesses: 0x644
Startzeit der fehlerhaften Anwendung: 0xNF.exe0
Pfad der fehlerhaften Anwendung: NF.exe1
Pfad des fehlerhaften Moduls: NF.exe2
Berichtskennung: NF.exe3
Vollständiger Name des fehlerhaften Pakets: NF.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NF.exe5

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 11:04:01 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\f126c360-84e1-42c1-a4db-a9601f65ae9d.dmp

Error: (06/04/2014 09:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093


System errors:
=============
Error: (06/07/2014 08:31:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Family" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/06/2014 11:01:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (06/06/2014 11:01:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2014 11:00:07 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/06/2014 11:00:07 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/04/2014 07:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/08/2014 07:23:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2014 07:22:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841bf801cf833d2905d40e4294967295C:\WINDOWS\system32\backgroundTaskHost.exe75145b84-ef31-11e3-beb8-2cd05a916c97C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (06/08/2014 07:14:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2014 08:38:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/07/2014 08:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NF.exe12.11.0.16524cbb5eWDJobs.dll2.9.5.36535f5a15c000000500052c6c64401cf80162591afcfC:\Program Files (x86)\Norton Family\Engine\2.9.5.36\NF.exeC:\Program Files (x86)\Norton Family\Engine\2.9.5.36\WDJobs.dlle49972c4-ee71-11e3-beb8-2cd05a916c97

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/06/2014 11:15:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 11:04:01 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\f126c360-84e1-42c1-a4db-a9601f65ae9d.dmp

Error: (06/04/2014 09:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093


CodeIntegrity Errors:
===================================
  Date: 2014-01-05 11:12:39.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 11:12:37.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 19:28:27.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:28:57.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:27:56.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 11:24:12.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-14 09:54:23.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-13 21:47:37.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-13 20:55:09.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 13:56:48.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8047.52 MB
Available physical RAM: 6051.37 MB
Total Pagefile: 16239.52 MB
Available Pagefile: 13792.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:828.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: BD1652C6)

Partition: GPT Partition Type.

==================== End Of Log ============================
und hier gmer:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-08 19:50:36
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fgryrpod.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960                            fffff80287dced00 4 bytes [C0, 52, AC, FF]
.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 965                            fffff80287dced05 87 bytes [AD, 4E, 03, 00, 8E, A5, 04, ...]

---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\Explorer.EXE[360] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714    00007ffd8680154a 4 bytes [80, 86, FD, 7F]
.text  C:\WINDOWS\Explorer.EXE[360] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722    00007ffd86801552 4 bytes [80, 86, FD, 7F]
.text  C:\WINDOWS\Explorer.EXE[360] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98  00007ffd8680162a 4 bytes [80, 86, FD, 7F]
.text  C:\WINDOWS\Explorer.EXE[360] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122  00007ffd86801642 4 bytes [80, 86, FD, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [488:516]                                            fffff96000883b90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                              unknown MBR code

---- EOF - GMER 2.1 ----
Zum Gmerscan:
Ich habe Fehlermeldung über einen Zugriffsfehler erhalten (irgendetwas mit system32) und den scan im abgesicherten Modus versucht. Da kam die selbe Fehlermeldung, der Scan lief allerdings an, wurde aber abgebrochen.

Könnt ihr mir helfen? Es geht um Leben und Tod :balla:

tituli 29.07.2014 17:15
Erinnerung:
Ich habe immer noch die selben Probleme! :D

cosinus 29.07.2014 19:09
Hi,

du hast keine Viren drauf, höchstens Ad- und Junkware

Und um Leben und Tod geht es hier nicht, selbst wenn du Schlimmeres Zeug drauf hättest. Hab deinen Thread jetzt nur gesehen, weil mich jmd drauf aufmerksam gemacht hat. Beim nächsten Mal liest du die Hinweise für Hilfesuchende einfach mal komplett und/oder genauer:
Zitat:
5. Wartezeit

Bitte folgendes beachten:
  • Keine privaten Nachrichten (PM) an Helfer!
    Wir verstehen, dass du so bald wie möglich Hilfe möchtest und es dir unter den Fingern brennt. Dennoch wird keiner der Helfer auf private Nachrichten reagieren.
  • Nicht pushen.
    Wenn du auf dein eigenes Thema antwortest (z.B. "Hilft mir niemand?"), wirst du vermutlich gar keine Hilfe mehr erhalten, weil das Thema dann als "in Arbeit" angesehen wird.
  • Wann hast du mit Antwort zu rechnen?
    Normalerweise erhälst du am selben Tag noch Antwort. Hast du aber 2 (zwei!) Tage gewartet, warst du geduldig genug. Es gibt dieses spezielle Thema, in dem du dich jetzt melden kannst:
    Erinnerung an meinen Thread
    Achtung: Hier keine Logfiles posten. Solche Beiträge werden gelöscht.

Dann legen wir mal los:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch neue Logs mit Farbars Tool machen, deine zuletzte geposteten sind zu alt

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131