Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox öffnet neue Tabs und überall Pop-Ups (https://www.trojaner-board.de/157350-firefox-oeffnet-neue-tabs-ueberall-pop-ups.html)

Bratschel 07.08.2014 21:22
Firefox öffnet neue Tabs und überall Pop-Ups
 
Hallo Forum,

in der Hoffnung, dass das auch richtig war, bin ich mal vorab so vorgegangen, wie der User schrauber beschrieben hat:

"hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)"


hier die beiden Dateien:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Christoph (administrator) on LINA-PC on 07-08-2014 22:16:45
Running from C:\Users\Christoph\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
() C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
() C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2888352 2013-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-24] (IDT, Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-13] (Greenshot)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Atheros Communications))
HKU\S-1-5-21-2631177891-2655927369-3403166200-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2631177891-2655927369-3403166200-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-04-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-2631177891-2655927369-3403166200-1002\...\MountPoints2: {d8739a50-d690-11e2-be6e-806e6f6e6963} - "F:\autorun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKLM - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKLM-x32 - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=72782CD05AF77B32&affID=119357&tsp=5016
SearchScopes: HKCU - {32E67C71-7F7C-49D3-97C7-67F9961FE09C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=93a4d07054ff4f658a8e46ef8e1e6dcc&tu=10G9z009g1B0Ca0&sku=&tstsId=&ver=&&r=578
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407356031&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9ED537892&q={searchTerms}
SearchScopes: HKCU - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL =
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO-x32: Deal Keeper -> {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} -> C:\Program Files (x86)\Deal Keeper\DealKeeperbho.dll (Deal Keeper)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\faststartff@gmail.com [2014-08-06]
FF Extension: InnoGames  - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} [2014-07-03]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Deal Keeper - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi [2014-08-07]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-06-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-06] (Cherished Technololgy LIMITED) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-24] (IDT, Inc.) [File not signed]
R2 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [323320 2014-08-07] ()
R2 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528384 2014-08-06] (Fuyu LIMITED) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-08] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-08] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-06] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:16 - 2014-08-07 22:19 - 00020416 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-08-07 22:16 - 2014-08-07 22:16 - 00000000 ____D () C:\FRST
2014-08-07 22:15 - 2014-08-07 22:15 - 02094080 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-08-07 21:56 - 2014-08-07 21:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-07 21:46 - 2014-08-07 21:46 - 00000000 ____D () C:\Users\Christoph\Downloads\Heidi  www.anime-loads.org
2014-08-07 21:43 - 2014-08-07 22:07 - 243139180 _____ () C:\Users\Christoph\Downloads\HE10DB.rar
2014-08-07 21:43 - 2014-08-07 22:07 - 242653228 _____ () C:\Users\Christoph\Downloads\HE09WidB.rar
2014-08-07 21:42 - 2014-08-07 22:07 - 242782172 _____ () C:\Users\Christoph\Downloads\HE08WiP.rar
2014-08-07 21:41 - 2014-08-07 22:06 - 243054236 _____ () C:\Users\Christoph\Downloads\HE07KBr.rar
2014-08-07 21:40 - 2014-08-07 22:05 - 243070988 _____ () C:\Users\Christoph\Downloads\HE06ESgzE.rar
2014-08-07 21:39 - 2014-08-07 22:04 - 243062156 _____ () C:\Users\Christoph\Downloads\HE05EBvTD.rar
2014-08-07 21:38 - 2014-08-07 22:02 - 242954220 _____ () C:\Users\Christoph\Downloads\HE04EnF.rar
2014-08-07 21:37 - 2014-08-07 22:00 - 243096780 _____ () C:\Users\Christoph\Downloads\HE03AdW.rar
2014-08-07 21:34 - 2014-08-07 21:34 - 04813544 _____ (Piriform Ltd) C:\Users\Christoph\Downloads\ccsetup416.exe
2014-08-07 21:32 - 2014-08-07 21:33 - 00011606 _____ () C:\Users\Christoph\Desktop\cc_20140807_213242.reg
2014-08-06 23:15 - 2014-08-06 11:25 - 00061584 _____ (StdLib) C:\WINDOWS\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-08-06 23:07 - 2014-08-07 21:59 - 00100086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 22:35 - 2014-07-23 11:36 - 00000032 _____ () C:\Users\Christoph\Downloads\c8aa6f52648b4ecc3675973440e886b1.txt
2014-08-06 22:15 - 2014-08-06 22:15 - 00002064 _____ () C:\Users\Christoph\Desktop\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-08-06 22:14 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-06 22:13 - 2014-08-06 23:14 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-08-06 22:13 - 2014-08-06 22:13 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\sweet-page
2014-07-30 23:58 - 2014-07-30 23:58 - 00012466 _____ () C:\Users\Christoph\Desktop\Unbenannt 1.ods
2014-07-25 17:57 - 2014-07-25 17:57 - 00000290 _____ () C:\Users\Christoph\Desktop\10WBC-DE-Interessenten.vcf
2014-07-23 22:52 - 2014-07-23 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 20:40 - 2014-08-07 21:45 - 00000000 ____D () C:\Users\Christoph\Downloads\GoT SE04
2014-07-12 12:30 - 2014-07-12 12:30 - 00005449 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-12 12:30 - 2014-07-12 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 12:30 - 2014-07-02 01:29 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-12 12:30 - 2014-07-02 01:21 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-12 12:30 - 2014-07-02 01:21 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-12 12:30 - 2014-07-02 01:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-11 19:42 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 22:16 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 22:16 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 22:16 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 22:16 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:16 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 22:16 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 22:16 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 22:16 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 22:16 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 22:16 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 22:15 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 22:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 22:15 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 22:15 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 22:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 22:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 22:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 22:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 22:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 22:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 22:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 22:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 22:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 22:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 22:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 22:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 22:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 22:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 22:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 22:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 22:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 22:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 22:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 22:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 22:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 22:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 22:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 22:14 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 22:14 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 22:14 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 22:14 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 22:14 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 22:14 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 22:14 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 22:14 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 22:14 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 22:14 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 22:14 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 22:14 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 22:14 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 22:14 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 22:14 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 22:14 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 22:14 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 22:09 - 2014-07-09 22:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:19 - 2014-08-07 22:16 - 00020416 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-08-07 22:16 - 2014-08-07 22:16 - 00000000 ____D () C:\FRST
2014-08-07 22:15 - 2014-08-07 22:15 - 02094080 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2014-08-07 22:07 - 2014-08-07 21:43 - 243139180 _____ () C:\Users\Christoph\Downloads\HE10DB.rar
2014-08-07 22:07 - 2014-08-07 21:43 - 242653228 _____ () C:\Users\Christoph\Downloads\HE09WidB.rar
2014-08-07 22:07 - 2014-08-07 21:42 - 242782172 _____ () C:\Users\Christoph\Downloads\HE08WiP.rar
2014-08-07 22:06 - 2014-08-07 21:41 - 243054236 _____ () C:\Users\Christoph\Downloads\HE07KBr.rar
2014-08-07 22:05 - 2014-08-07 21:40 - 243070988 _____ () C:\Users\Christoph\Downloads\HE06ESgzE.rar
2014-08-07 22:04 - 2014-08-07 21:39 - 243062156 _____ () C:\Users\Christoph\Downloads\HE05EBvTD.rar
2014-08-07 22:02 - 2014-08-07 21:38 - 242954220 _____ () C:\Users\Christoph\Downloads\HE04EnF.rar
2014-08-07 22:00 - 2014-08-07 21:37 - 243096780 _____ () C:\Users\Christoph\Downloads\HE03AdW.rar
2014-08-07 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-07 21:59 - 2014-08-06 23:07 - 00100086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-07 21:57 - 2014-08-07 21:57 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-08-07 21:56 - 2014-08-07 21:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-07 21:56 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-08-07 21:46 - 2014-08-07 21:46 - 00000000 ____D () C:\Users\Christoph\Downloads\Heidi  www.anime-loads.org
2014-08-07 21:46 - 2013-08-29 18:09 - 00176640 ___SH () C:\Users\Christoph\Downloads\Thumbs.db
2014-08-07 21:45 - 2014-07-16 20:40 - 00000000 ____D () C:\Users\Christoph\Downloads\GoT SE04
2014-08-07 21:36 - 2014-02-02 01:36 - 00000322 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-08-07 21:36 - 2013-09-25 13:36 - 00000322 _____ () C:\WINDOWS\Tasks\DigitalSite.job
2014-08-07 21:35 - 2013-09-04 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-07 21:35 - 2013-09-04 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 21:35 - 2013-08-28 13:56 - 00512512 ___SH () C:\Users\Christoph\Desktop\Thumbs.db
2014-08-07 21:34 - 2014-08-07 21:34 - 04813544 _____ (Piriform Ltd) C:\Users\Christoph\Downloads\ccsetup416.exe
2014-08-07 21:33 - 2014-08-07 21:32 - 00011606 _____ () C:\Users\Christoph\Desktop\cc_20140807_213242.reg
2014-08-07 10:36 - 2013-09-25 14:36 - 00000093 _____ () C:\Users\Christoph\AppData\Roaming\WB.CFG
2014-08-06 23:33 - 2013-08-23 11:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2631177891-2655927369-3403166200-1002
2014-08-06 23:14 - 2014-08-06 22:13 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-08-06 22:20 - 2014-08-06 22:14 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-06 22:15 - 2014-08-06 22:15 - 00002064 _____ () C:\Users\Christoph\Desktop\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-06 22:14 - 2014-08-06 22:14 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-06 22:13 - 2014-08-06 22:13 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\sweet-page
2014-08-06 11:25 - 2014-08-06 23:15 - 00061584 _____ (StdLib) C:\WINDOWS\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-08-03 22:25 - 2013-12-05 21:47 - 00000000 __RDO () C:\Users\Christoph\SkyDrive
2014-08-03 22:23 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-30 23:58 - 2014-07-30 23:58 - 00012466 _____ () C:\Users\Christoph\Desktop\Unbenannt 1.ods
2014-07-30 22:48 - 2013-08-23 11:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Nitro PDF
2014-07-29 22:57 - 2014-02-19 00:11 - 00000000 ____D () C:\Users\Christoph\Downloads\uurrlllaauuubbdl.rar
2014-07-27 11:16 - 2014-06-30 19:06 - 00036352 _____ () C:\Users\Christoph\Desktop\Rechnung hinkeldey.xls
2014-07-27 11:14 - 2014-06-01 16:46 - 00018733 _____ () C:\Users\Christoph\Desktop\Rechnung hinkeldey.ods
2014-07-26 19:12 - 2013-12-30 23:34 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Greenshot
2014-07-26 19:10 - 2013-08-23 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 17:57 - 2014-07-25 17:57 - 00000290 _____ () C:\Users\Christoph\Desktop\10WBC-DE-Interessenten.vcf
2014-07-23 22:52 - 2014-07-23 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:36 - 2014-08-06 22:35 - 00000032 _____ () C:\Users\Christoph\Downloads\c8aa6f52648b4ecc3675973440e886b1.txt
2014-07-17 22:01 - 2013-09-02 23:23 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc
2014-07-16 19:29 - 2013-12-04 02:35 - 00000000 ____D () C:\Users\Christoph
2014-07-12 12:35 - 2013-12-06 23:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-12 12:30 - 2014-07-12 12:30 - 00005449 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-12 12:30 - 2014-07-12 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 12:30 - 2013-12-06 23:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 12:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 09:29 - 2013-08-22 16:44 - 00387968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 09:28 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 21:29 - 2014-01-06 21:44 - 00000000 ____D () C:\Users\Christoph\Downloads\___Elternausschuss
2014-07-11 21:29 - 2013-09-08 12:18 - 00000000 ____D () C:\Users\Christoph\Downloads\diverse Dateien
2014-07-11 19:46 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-11 19:46 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-11 19:46 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-11 19:44 - 2013-08-23 18:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 19:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 19:43 - 2013-08-23 18:52 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 19:41 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 22:09 - 2014-07-09 22:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\i4jdel0.exe
C:\Users\Christoph\AppData\Local\Temp\JDSetup130518295661873583.exe
C:\Users\Christoph\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-06 11:21

==================== End Of Log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Christoph at 2014-08-07 22:19:47
Running from C:\Users\Christoph\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.464 - APN, LLC)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.08.06.183050 - Deal Keeper) <==== ATTENTION
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.301.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.17.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
LibreOffice 4.1.0.4 (HKLM-x32\...\{F8478020-D98E-49FB-BA14-07A534AED99C}) (Version: 4.1.0.4 - The Document Foundation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.00.0000 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Update for Image Editor (HKCU\...\DigitalSite) (Version:  - ) <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-07-2014 17:39:42 Windows Update
19-07-2014 17:55:30 Geplanter Prüfpunkt
30-07-2014 17:48:44 Geplanter Prüfpunkt
07-08-2014 19:54:32 DCInstallRestorePoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D69C3B3-04EA-4C33-82DD-2CCD21335BE1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {0F5F3D1D-DC10-4A6B-A97C-6A416EE86143} - System32\Tasks\DigitalSite => C:\Users\Christoph\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {14340521-E445-4E70-8814-2B32D10A6FA3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1F7BF78E-D0D9-4986-BFF2-ED7722820C55} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {230D9D34-6791-4EBB-B0B4-9DB04891A59A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5C44E2A2-2E62-46EF-A3D6-022E5D35B999} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {633E1169-ED68-4884-8334-90F385A3E271} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {65127970-9F2E-4B42-9317-BD4ECE470DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {660D972E-0002-4ACF-BB75-10A1966A56E2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AEA6C55-E88F-438C-A386-166AC1FDA1ED} - System32\Tasks\Digital Sites => C:\Users\Christoph\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {70242A14-F759-47D4-BD22-CB8D6B426890} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7651F346-39CB-434D-B764-127528F22480} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {789F8F9C-D9A4-43BC-892F-B3353B22820D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7DC5B8DF-AFB1-4432-BB46-4AE4BC0A4407} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B6CFEA75-7763-4445-9DBF-A2C87433D73C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C4053170-5D68-4925-8144-9A3DA92556AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C46A7F09-3960-4D72-8A73-6B2FA274F23E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {C6CB375D-DD75-4729-859B-57162974B749} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D8332592-5997-4F4E-ACD7-AEE150D1DD65} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA4829A7-AAAC-4B7F-BDBA-5BC09D9D1C03} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC3A54AD-703A-42FF-A7FA-CB97DD64D693} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\CHRIST~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\DigitalSite.job => C:\Users\CHRIST~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-28 18:17 - 2014-08-06 22:14 - 00098816 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2013-01-25 00:09 - 2013-01-25 00:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 00:05 - 2013-01-25 00:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 00:12 - 2013-01-25 00:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-30 05:59 - 2013-09-30 05:59 - 00180224 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-28 18:17 - 2014-08-06 22:14 - 00724480 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-08-06 20:30 - 2014-08-07 20:09 - 00323320 _____ () C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
2014-08-06 23:14 - 2014-08-07 20:12 - 00323320 _____ () C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
2013-08-08 17:04 - 2013-08-08 17:04 - 00148840 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
2013-08-08 16:19 - 2013-08-08 16:19 - 00030184 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
2013-08-08 16:18 - 2013-08-08 16:18 - 00012248 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\Aspect.dll
2013-08-08 16:18 - 2013-08-08 16:18 - 00012648 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\App\WindowsRegistry.dll
2013-06-16 16:42 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-28 18:17 - 2014-08-06 22:14 - 00086016 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2014 10:17:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1248

Startzeit: 01cfb27be544fd7f

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: d99cda13-1e6f-11e4-becb-2cd05af77b32

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/07/2014 09:22:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2014 09:22:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2014 08:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2014 08:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2014 10:06:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2014 10:06:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/06/2014 10:14:06 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect

Error: (08/06/2014 10:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x3d8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (08/06/2014 09:37:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoSupport_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (08/03/2014 10:23:17 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (08/03/2014 10:23:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎08.‎2014 um 20:51:20 unerwartet heruntergefahren.

Error: (07/26/2014 07:10:44 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (07/26/2014 07:11:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎07.‎2014 um 21:20:33 unerwartet heruntergefahren.

Error: (07/23/2014 07:14:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (07/23/2014 07:14:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2014 um 07:06:25 unerwartet heruntergefahren.

Error: (07/23/2014 06:59:04 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (07/23/2014 06:59:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2014 um 06:27:02 unerwartet heruntergefahren.

Error: (07/21/2014 06:38:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ask Aktualisierungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/20/2014 10:34:45 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.


Microsoft Office Sessions:
=========================
Error: (08/07/2014 10:17:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031124801cfb27be544fd7f4294967295C:\WINDOWS\syswow64\wwahost.exed99cda13-1e6f-11e4-becb-2cd05af77b32Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5cApp

Error: (08/07/2014 09:22:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/07/2014 09:22:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/07/2014 08:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/07/2014 08:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/07/2014 10:06:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/07/2014 10:06:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284

Error: (08/06/2014 10:14:06 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect

Error: (08/06/2014 10:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b3d801cfb1b16b6e4bd7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll273ab580-1da6-11e4-becb-2cd05af77b32

Error: (08/06/2014 09:37:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINA-PC)
Description: E046963F.LenovoSupport_k1h2ywk1493x8!App-2147009284


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3975.27 MB
Available physical RAM: 1737.12 MB
Total Pagefile: 4679.27 MB
Available Pagefile: 2105.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:892.25 GB) (Free:390.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.13 GB) NTFS
Drive f: (CIVILIZATION4) (CDROM) (Total:1.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 680F0947)

Partition: GPT Partition Type.

==================== End Of Log ============================


Hoffe es kann jemand helfen.

Danke und Gruß

Christoph

cosinus 07.08.2014 21:30
Hallo und :hallo:

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Bratschel 08.08.2014 08:39
so, hier die Daten. Ich habe aber bei dem jetzigen Durchlauf keine Datei Addition.txt aus FRST bekommen. Nur eine frst.txt

ADW Cleaner

Code:
# AdwCleaner v3.303 - Bericht erstellt am 07/08/2014 um 22:41:40
# Aktualisiert 06/08/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Christoph - LINA-PC
# Gestartet von : C:\Users\Christoph\Downloads\adwcleaner_3.303.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : APNMCP
Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : Update Deal Keeper
[#] Dienst Gelöscht : Util Deal Keeper
Dienst Gelöscht : {55dce8ba-9dec-4013-937e-adbf9317d990}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SupTab
[!] Ordner Gelöscht : C:\Program Files (x86)\Deal Keeper
Ordner Gelöscht : C:\Users\Christoph\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Christoph\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\CHRIST~1\AppData\Local\Temp\Deal Keeper
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Smartbar
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\ValueApps
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\CT2682599
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\searchplugins\zonealarm.xml

***** [ Tasks ] *****

Task Gelöscht : Digital Sites
Task Gelöscht : DigitalSite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Deal Keeper
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\Deal Keeper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\prefs.js ]

Zeile gelöscht : user_pref("CT2682599.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.FF19Solved", "true");
Zeile gelöscht : user_pref("CT2682599.FirstTime", "true");
Zeile gelöscht : user_pref("CT2682599.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2682599.RestartDialogFirstTime", "false");
Zeile gelöscht : user_pref("CT2682599.RestartDialogShouldDisplay", "false");
Zeile gelöscht : user_pref("CT2682599.UserID", "UN41192380741714347");
Zeile gelöscht : user_pref("CT2682599.activeToolbar.enc", "c3RhZW1tZQ==");
Zeile gelöscht : user_pref("CT2682599.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2682599.appOptions", "{}");
Zeile gelöscht : user_pref("CT2682599.countryCode", "DE");
Zeile gelöscht : user_pref("CT2682599.defaultSearch", "false");
Zeile gelöscht : user_pref("CT2682599.embeddedsData", "[{\"appId\":\"129219291115718929\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2682599.enableAlerts", "true");
Zeile gelöscht : user_pref("CT2682599.enableSearchFromAddressBar", "false");
Zeile gelöscht : user_pref("CT2682599.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2682599.fixPageNotFoundError", "false");
Zeile gelöscht : user_pref("CT2682599.fixPageNotFoundErrorByUser", "false");
Zeile gelöscht : user_pref("CT2682599.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2682599.fullUserID", "UN41192380741714347.IN.20140124232502");
Zeile gelöscht : user_pref("CT2682599.homepageuserchanged", true);
Zeile gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_flags.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZWJ1dHRvbj1u[...]
Zeile gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_staemme.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZWJ1dHRvbj[...]
Zeile gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_switch.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZW9uZXh0ZXJ[...]
Zeile gelöscht : user_pref("CT2682599.installDate", "24/01/2014 23:25:07");
Zeile gelöscht : user_pref("CT2682599.installId", "dm");
Zeile gelöscht : user_pref("CT2682599.installSessionId", "42d18620-246c-4199-8662-5caabe1a878d");
Zeile gelöscht : user_pref("CT2682599.installSp", "false");
Zeile gelöscht : user_pref("CT2682599.installType", "conduitnsisintegration");
Zeile gelöscht : user_pref("CT2682599.installUsage", "2014-01-25T01:25:20.6631433+03:00");
Zeile gelöscht : user_pref("CT2682599.installUsageEarly", "2014-01-25T01:25:20.304341+03:00");
Zeile gelöscht : user_pref("CT2682599.installerVersion", "1.8.1.4");
Zeile gelöscht : user_pref("CT2682599.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2682599.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2682599.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2682599.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2682599&octid=CT2682599&ISID=ISID_ID&SearchSource=15&CUI=UN41192380741714347&Lay=1[...]
Zeile gelöscht : user_pref("CT2682599.lastVersion", "10.33.0.505");
Zeile gelöscht : user_pref("CT2682599.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Zeile gelöscht : user_pref("CT2682599.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"16 \\t8.000 \\tThundir [DWW] \\t18:41:37 \\t- \\t3 mal \\tNicht genügend Rohstoffe\\r\\n16 \\t8.000 \\tThundir [DWW] \\t18:41:37 \\t[...]
Zeile gelöscht : user_pref("CT2682599.openThankYouPage", "true");
Zeile gelöscht : user_pref("CT2682599.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2682599.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CT2682599.performedDomainChangesMigration", "true");
Zeile gelöscht : user_pref("CT2682599.revertSettingsEnabled", "false");
Zeile gelöscht : user_pref("CT2682599.search.searchAppId", "129219291115718929");
Zeile gelöscht : user_pref("CT2682599.search.searchCount", "2");
Zeile gelöscht : user_pref("CT2682599.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2682599.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2682599.searchRevert", "false");
Zeile gelöscht : user_pref("CT2682599.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2682599.searchUninstallUserMode", "1");
Zeile gelöscht : user_pref("CT2682599.searchUserMode", "1");
Zeile gelöscht : user_pref("CT2682599.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2682599\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InnoGames.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InnoGames \"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_Configuration_lastUpdate", "1405782393576");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1405274432903");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_appsMetadata_lastUpdate", "1405784496980");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1404680918456");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1390602321462");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1390602321894");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.23.0.722_lastUpdate", "1390684305572");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396461047779");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399226858036");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1404680918574");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_searchAPI_lastUpdate", "1405782393395");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_serviceMap_lastUpdate", "1405782393266");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarContextMenu_lastUpdate", "1405784496935");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarSettings_lastUpdate", "1405782393317");
Zeile gelöscht : user_pref("CT2682599.serviceLayer_services_translation_lastUpdate", "1405782393240");
Zeile gelöscht : user_pref("CT2682599.settingsINI", true);
Zeile gelöscht : user_pref("CT2682599.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2682599.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2682599.smartbar.CTID", "CT2682599");
Zeile gelöscht : user_pref("CT2682599.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2682599.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2682599.smartbar.toolbarName", "InnoGames ");
Zeile gelöscht : user_pref("CT2682599.staemme_market.enc", "ZGU=");
Zeile gelöscht : user_pref("CT2682599.staemme_token_de.enc", "M2Y0ZjYyODgzNGE0ODE4YjEwYjMwNjI0MTlhOTJkYjk5ZmUxMjk5Yg==");
Zeile gelöscht : user_pref("CT2682599.staemme_username_de.enc", "WW5KaGRITmphR1ZzZEdobGFYTT0=");
Zeile gelöscht : user_pref("CT2682599.staemme_username_en.enc", "WW5KaGRITmphR1ZzZEdobGFYTT0=");
Zeile gelöscht : user_pref("CT2682599.staemme_village_de101.enc", "MTA2MDI=");
Zeile gelöscht : user_pref("CT2682599.staemme_world_de.enc", "ZGUxMDg=");
Zeile gelöscht : user_pref("CT2682599.startPage", "false");
Zeile gelöscht : user_pref("CT2682599.toolbarBornServerTime", "25-1-2014");
Zeile gelöscht : user_pref("CT2682599.toolbarCurrentServerTime", "4-5-2014");
Zeile gelöscht : user_pref("CT2682599.toolbarInstallDate", "24-01-2014 23:25:02");
Zeile gelöscht : user_pref("CT2682599.toolbarLoginClientTime", "Fri Jan 24 2014 23:25:22 GMT+0100");
Zeile gelöscht : user_pref("CT2682599.toolbarUrl.enc", "aHR0cDovL3Rvb2xiYXIuaW5ub2dhbWVzLmRlL3Rvb2xiYXJzL3N0YWVtbWUvdG9vbGJhci5waHA=");
Zeile gelöscht : user_pref("CT2682599.toolbar_market.enc", "ZGU=");
Zeile gelöscht : user_pref("CT2682599.versionFromInstaller", "10.23.0.722");
Zeile gelöscht : user_pref("CT2682599.xpeMode", "1");
Zeile gelöscht : user_pref("CT2682599_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1405784477862,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "72789e910000000000002cd05af77b32");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15973");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.613:37:01");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5016");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2682599&CUI=UN41192380741714347&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2682599");
Zeile gelöscht : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT2682599&CUI=UN41192380741714347&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.machineId", "VI3L+SE5EJUDCEPG20B2ZIHQ7ZJNQZJLWI8C6IUF+GPZOA86INLG2P8YNHQ8+D8ORB8DKDTN+DLOGPGOCHBL4A");
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_currentVersion", "312E31332E302E3137");
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_currentVersion.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_migrated_from_ls", "31");
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_migrated_from_ls.storedInFile", false);
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_userBornDate", "4E2F41");
Zeile gelöscht : user_pref("valueApps.CT2682599.mam_gk_userBornDate.storedInFile", false);

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [25654 octets] - [07/08/2014 22:40:29]
AdwCleaner[S0].txt - [23315 octets] - [07/08/2014 22:41:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23376 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Christoph on 07.08.2014 at 22:47:26,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\oz4ctuqu.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\oz4ctuqu.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2014 at 22:51:38,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Christoph (administrator) on LINA-PC on 07-08-2014 22:53:26
Running from C:\Users\Christoph\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2888352 2013-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-24] (IDT, Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-13] (Greenshot)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Atheros Communications))
HKU\S-1-5-21-2631177891-2655927369-3403166200-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2631177891-2655927369-3403166200-1002\...\MountPoints2: {d8739a50-d690-11e2-be6e-806e6f6e6963} - "F:\autorun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {32E67C71-7F7C-49D3-97C7-67F9961FE09C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=93a4d07054ff4f658a8e46ef8e1e6dcc&tu=10G9z009g1B0Ca0&sku=&tstsId=&ver=&&r=578
SearchScopes: HKCU - {D31EC5A3-DD59-4179-B2A6-EBDD1AF93A1B} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-08] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-08] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:52 - 2014-08-07 22:53 - 00012989 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-08-07 22:52 - 2014-08-07 22:52 - 00000000 ____D () C:\Users\Christoph\Downloads\Neuer Ordner
2014-08-07 22:51 - 2014-08-07 22:51 - 00001363 _____ () C:\Users\Christoph\Desktop\JRT.txt
2014-08-07 22:47 - 2014-08-07 22:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-07 22:46 - 2014-08-07 22:46 - 01016261 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe
2014-08-07 22:45 - 2014-08-07 22:45 - 00023521 _____ () C:\Users\Christoph\Desktop\AdwCleaner[S0].txt
2014-08-07 22:43 - 2014-08-07 22:43 - 00001944 _____ () C:\WINDOWS\PFRO.log
2014-08-07 22:39 - 2014-08-07 22:41 - 00000000 ____D () C:\AdwCleaner
2014-08-07 22:39 - 2014-08-07 22:39 - 01475072 _____ () C:\Users\Christoph\Downloads\adwcleaner_3.303.exe
2014-08-07 22:16 - 2014-08-07 22:53 - 00000000 ____D () C:\FRST
2014-08-07 22:15 - 2014-08-07 22:15 - 02094080 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-08-07 21:56 - 2014-08-07 21:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-07 21:46 - 2014-08-07 21:46 - 00000000 ____D () C:\Users\Christoph\Downloads\Heidi  www.anime-loads.org
2014-08-07 21:43 - 2014-08-07 22:07 - 243139180 _____ () C:\Users\Christoph\Downloads\HE10DB.rar
2014-08-07 21:43 - 2014-08-07 22:07 - 242653228 _____ () C:\Users\Christoph\Downloads\HE09WidB.rar
2014-08-07 21:42 - 2014-08-07 22:07 - 242782172 _____ () C:\Users\Christoph\Downloads\HE08WiP.rar
2014-08-07 21:41 - 2014-08-07 22:06 - 243054236 _____ () C:\Users\Christoph\Downloads\HE07KBr.rar
2014-08-07 21:40 - 2014-08-07 22:05 - 243070988 _____ () C:\Users\Christoph\Downloads\HE06ESgzE.rar
2014-08-07 21:39 - 2014-08-07 22:04 - 243062156 _____ () C:\Users\Christoph\Downloads\HE05EBvTD.rar
2014-08-07 21:38 - 2014-08-07 22:02 - 242954220 _____ () C:\Users\Christoph\Downloads\HE04EnF.rar
2014-08-07 21:37 - 2014-08-07 22:00 - 243096780 _____ () C:\Users\Christoph\Downloads\HE03AdW.rar
2014-08-07 21:34 - 2014-08-07 21:34 - 04813544 _____ (Piriform Ltd) C:\Users\Christoph\Downloads\ccsetup416.exe
2014-08-07 21:32 - 2014-08-07 21:33 - 00011606 _____ () C:\Users\Christoph\Desktop\cc_20140807_213242.reg
2014-08-06 23:07 - 2014-08-07 22:24 - 00100086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 22:35 - 2014-07-23 11:36 - 00000032 _____ () C:\Users\Christoph\Downloads\c8aa6f52648b4ecc3675973440e886b1.txt
2014-08-06 22:15 - 2014-08-06 22:15 - 00002064 _____ () C:\Users\Christoph\Desktop\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-08-06 22:14 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-07-30 23:58 - 2014-07-30 23:58 - 00012466 _____ () C:\Users\Christoph\Desktop\Unbenannt 1.ods
2014-07-25 17:57 - 2014-07-25 17:57 - 00000290 _____ () C:\Users\Christoph\Desktop\10WBC-DE-Interessenten.vcf
2014-07-23 22:52 - 2014-07-23 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 20:40 - 2014-08-07 21:45 - 00000000 ____D () C:\Users\Christoph\Downloads\GoT SE04
2014-07-12 12:30 - 2014-07-12 12:30 - 00005449 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-12 12:30 - 2014-07-12 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 12:30 - 2014-07-02 01:29 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-12 12:30 - 2014-07-02 01:21 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-12 12:30 - 2014-07-02 01:21 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-12 12:30 - 2014-07-02 01:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-11 19:42 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 22:16 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 22:16 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 22:16 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 22:16 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:16 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 22:16 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 22:16 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 22:16 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 22:16 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 22:16 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 22:15 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 22:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 22:15 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 22:15 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 22:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 22:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 22:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 22:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 22:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 22:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 22:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 22:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 22:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 22:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 22:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 22:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 22:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 22:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 22:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 22:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 22:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 22:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 22:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 22:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 22:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 22:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 22:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 22:14 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 22:14 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 22:14 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 22:14 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 22:14 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 22:14 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 22:14 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 22:14 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 22:14 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 22:14 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 22:14 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 22:14 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 22:14 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 22:14 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 22:14 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 22:14 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 22:14 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 22:09 - 2014-07-09 22:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:53 - 2014-08-07 22:52 - 00012989 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-08-07 22:53 - 2014-08-07 22:16 - 00000000 ____D () C:\FRST
2014-08-07 22:52 - 2014-08-07 22:52 - 00000000 ____D () C:\Users\Christoph\Downloads\Neuer Ordner
2014-08-07 22:51 - 2014-08-07 22:51 - 00001363 _____ () C:\Users\Christoph\Desktop\JRT.txt
2014-08-07 22:47 - 2014-08-07 22:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-07 22:46 - 2014-08-07 22:46 - 01016261 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe
2014-08-07 22:45 - 2014-08-07 22:45 - 00023521 _____ () C:\Users\Christoph\Desktop\AdwCleaner[S0].txt
2014-08-07 22:45 - 2013-12-05 21:47 - 00000000 __RDO () C:\Users\Christoph\SkyDrive
2014-08-07 22:43 - 2014-08-07 22:43 - 00001944 _____ () C:\WINDOWS\PFRO.log
2014-08-07 22:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 22:43 - 2013-08-22 16:44 - 00388736 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-07 22:42 - 2013-12-04 02:35 - 00000000 ____D () C:\Users\Christoph
2014-08-07 22:42 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-07 22:41 - 2014-08-07 22:39 - 00000000 ____D () C:\AdwCleaner
2014-08-07 22:39 - 2014-08-07 22:39 - 01475072 _____ () C:\Users\Christoph\Downloads\adwcleaner_3.303.exe
2014-08-07 22:24 - 2014-08-06 23:07 - 00100086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-07 22:15 - 2014-08-07 22:15 - 02094080 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2014-08-07 22:07 - 2014-08-07 21:43 - 243139180 _____ () C:\Users\Christoph\Downloads\HE10DB.rar
2014-08-07 22:07 - 2014-08-07 21:43 - 242653228 _____ () C:\Users\Christoph\Downloads\HE09WidB.rar
2014-08-07 22:07 - 2014-08-07 21:42 - 242782172 _____ () C:\Users\Christoph\Downloads\HE08WiP.rar
2014-08-07 22:06 - 2014-08-07 21:41 - 243054236 _____ () C:\Users\Christoph\Downloads\HE07KBr.rar
2014-08-07 22:05 - 2014-08-07 21:40 - 243070988 _____ () C:\Users\Christoph\Downloads\HE06ESgzE.rar
2014-08-07 22:04 - 2014-08-07 21:39 - 243062156 _____ () C:\Users\Christoph\Downloads\HE05EBvTD.rar
2014-08-07 22:02 - 2014-08-07 21:38 - 242954220 _____ () C:\Users\Christoph\Downloads\HE04EnF.rar
2014-08-07 22:00 - 2014-08-07 21:37 - 243096780 _____ () C:\Users\Christoph\Downloads\HE03AdW.rar
2014-08-07 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-07 21:57 - 2014-08-07 21:57 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-07 21:57 - 2014-08-07 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-08-07 21:56 - 2014-08-07 21:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-07 21:56 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-08-07 21:46 - 2014-08-07 21:46 - 00000000 ____D () C:\Users\Christoph\Downloads\Heidi  www.anime-loads.org
2014-08-07 21:46 - 2013-08-29 18:09 - 00176640 ___SH () C:\Users\Christoph\Downloads\Thumbs.db
2014-08-07 21:45 - 2014-07-16 20:40 - 00000000 ____D () C:\Users\Christoph\Downloads\GoT SE04
2014-08-07 21:35 - 2013-09-04 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-07 21:35 - 2013-09-04 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 21:35 - 2013-08-28 13:56 - 00512512 ___SH () C:\Users\Christoph\Desktop\Thumbs.db
2014-08-07 21:34 - 2014-08-07 21:34 - 04813544 _____ (Piriform Ltd) C:\Users\Christoph\Downloads\ccsetup416.exe
2014-08-07 21:33 - 2014-08-07 21:32 - 00011606 _____ () C:\Users\Christoph\Desktop\cc_20140807_213242.reg
2014-08-07 10:36 - 2013-09-25 14:36 - 00000093 _____ () C:\Users\Christoph\AppData\Roaming\WB.CFG
2014-08-06 23:33 - 2013-08-23 11:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2631177891-2655927369-3403166200-1002
2014-08-06 22:20 - 2014-08-06 22:14 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-06 22:15 - 2014-08-06 22:15 - 00002064 _____ () C:\Users\Christoph\Desktop\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-08-06 22:15 - 2014-08-06 22:15 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-07-30 23:58 - 2014-07-30 23:58 - 00012466 _____ () C:\Users\Christoph\Desktop\Unbenannt 1.ods
2014-07-30 22:48 - 2013-08-23 11:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Nitro PDF
2014-07-29 22:57 - 2014-02-19 00:11 - 00000000 ____D () C:\Users\Christoph\Downloads\uurrlllaauuubbdl.rar
2014-07-27 11:16 - 2014-06-30 19:06 - 00036352 _____ () C:\Users\Christoph\Desktop\Rechnung hinkeldey.xls
2014-07-27 11:14 - 2014-06-01 16:46 - 00018733 _____ () C:\Users\Christoph\Desktop\Rechnung hinkeldey.ods
2014-07-26 19:12 - 2013-12-30 23:34 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Greenshot
2014-07-26 19:10 - 2013-08-23 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 17:57 - 2014-07-25 17:57 - 00000290 _____ () C:\Users\Christoph\Desktop\10WBC-DE-Interessenten.vcf
2014-07-23 22:52 - 2014-07-23 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:36 - 2014-08-06 22:35 - 00000032 _____ () C:\Users\Christoph\Downloads\c8aa6f52648b4ecc3675973440e886b1.txt
2014-07-17 22:01 - 2013-09-02 23:23 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc
2014-07-12 12:35 - 2013-12-06 23:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-12 12:30 - 2014-07-12 12:30 - 00005449 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-12 12:30 - 2014-07-12 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 12:30 - 2013-12-06 23:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 12:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 09:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 21:29 - 2014-01-06 21:44 - 00000000 ____D () C:\Users\Christoph\Downloads\___Elternausschuss
2014-07-11 21:29 - 2013-09-08 12:18 - 00000000 ____D () C:\Users\Christoph\Downloads\diverse Dateien
2014-07-11 19:46 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-11 19:46 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-11 19:46 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-11 19:44 - 2013-08-23 18:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 19:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 19:43 - 2013-08-23 18:52 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 19:41 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 22:09 - 2014-07-09 22:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\JDSetup130518295661873583.exe
C:\Users\Christoph\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Christoph\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-06 11:21

==================== End Of Log ============================
--- --- ---

--- --- ---


Ich hoffe es sieht nicht ganz so schlimm aus auf meinem Laptop.

Gruß und Danke

Christoph

Hallo nochmal,

hatte mir deine Anweisungen gestern Abend nochmal durchgelesen und jetzt sind auch alle Programme auf dem Desktop und nicht mehr unter Downloads.

Mea Culpa :balla:

Gruß

Christoph

cosinus 08.08.2014 09:14
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Bratschel 08.08.2014 09:59
Hallo,

ah.. so geht das :)

Bin auf der Arbeit. Poste heute Abend die fehlende Datei.

LG

Christoph

cosinus 08.08.2014 11:39
Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Bratschel 08.08.2014 17:07
hier noch die fehlende

Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Christoph at 2014-08-08 18:06:55
Running from C:\Users\Christoph\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.464 - APN, LLC)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.301.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.17.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
LibreOffice 4.1.0.4 (HKLM-x32\...\{F8478020-D98E-49FB-BA14-07A534AED99C}) (Version: 4.1.0.4 - The Document Foundation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.00.0000 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-07-2014 17:55:30 Geplanter Prüfpunkt
30-07-2014 17:48:44 Geplanter Prüfpunkt
07-08-2014 19:54:32 DCInstallRestorePoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {14340521-E445-4E70-8814-2B32D10A6FA3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1F7BF78E-D0D9-4986-BFF2-ED7722820C55} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {230D9D34-6791-4EBB-B0B4-9DB04891A59A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5C44E2A2-2E62-46EF-A3D6-022E5D35B999} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {633E1169-ED68-4884-8334-90F385A3E271} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {65127970-9F2E-4B42-9317-BD4ECE470DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {660D972E-0002-4ACF-BB75-10A1966A56E2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {70242A14-F759-47D4-BD22-CB8D6B426890} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7651F346-39CB-434D-B764-127528F22480} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {789F8F9C-D9A4-43BC-892F-B3353B22820D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7DC5B8DF-AFB1-4432-BB46-4AE4BC0A4407} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B6CFEA75-7763-4445-9DBF-A2C87433D73C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C4053170-5D68-4925-8144-9A3DA92556AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C46A7F09-3960-4D72-8A73-6B2FA274F23E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {C6CB375D-DD75-4729-859B-57162974B749} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D8332592-5997-4F4E-ACD7-AEE150D1DD65} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA4829A7-AAAC-4B7F-BDBA-5BC09D9D1C03} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC3A54AD-703A-42FF-A7FA-CB97DD64D693} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-25 00:09 - 2013-01-25 00:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 00:05 - 2013-01-25 00:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 00:12 - 2013-01-25 00:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-16 16:42 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/08/2014 00:09:56 PM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:44:17 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:23:08 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:22:38 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:22:08 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:21:38 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:21:08 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 11:20:38 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/08/2014 00:15:03 AM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/07/2014 11:51:15 PM) (Source: DCOM) (EventID: 10010) (User: LINA-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3975.27 MB
Available physical RAM: 2532.67 MB
Total Pagefile: 4679.27 MB
Available Pagefile: 2997.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:892.25 GB) (Free:393.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.13 GB) NTFS
Drive f: (CIVILIZATION4) (CDROM) (Total:1.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 680F0947)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus 08.08.2014 19:58
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Bratschel 08.08.2014 22:54
Ich nochmal,

hoffe ich habe alles richtig gemacht

MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.08.2014
Suchlauf-Zeit: 21:14:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.08.05
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Christoph

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347380
Verstrichene Zeit: 9 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\Deal Keeper, In Quarantäne, [8c9954704d2ee254f165bf1c04fea65a],

Registrierungswerte: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-2631177891-2655927369-3403166200-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [1a0b9a2afe7d44f2a79702ddfb079c64]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dbf51c95b57bdf4686e9dec507b1a8cf
# engine=19569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-08 09:30:24
# local_time=2014-08-08 11:30:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20313 11916945 0 0
# scanned=213634
# found=48
# cleaned=0
# scan_time=7092
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=FCCE715E5C48AA837300EF3E1A603CD67D904F2F ft=1 fh=1e50bcb63e7906cc vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\DealKeeperUninstall.exe.vir"
sh=E26746F0D98F0C93FE0B5A7E20D9AAD659D8D415 ft=1 fh=86ac20724f770ad7 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\updateDealKeeper.exe.vir"
sh=A662045BC44BB47D940D4BC0C4C661C46D6B6CAF ft=1 fh=5b52d56548cca8ad vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe.vir"
sh=134DB21AC3E11B2D60FED14D59A948C0FF8E7E6F ft=1 fh=f7113f8d82997c98 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe.vir"
sh=BF921416652E8791BC652AB3D1DD743C39022203 ft=1 fh=6875f41d119544e1 vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\DealKeeperBAApp.dll.vir"
sh=E26746F0D98F0C93FE0B5A7E20D9AAD659D8D415 ft=1 fh=86ac20724f770ad7 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe.vir"
sh=DD6C2EA2473FAC876A7EA76FF3DC01DABF7E0323 ft=1 fh=e867d76e4a8176ed vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll.vir"
sh=8E25428B5F1BBEBC56E0D059565E851E9486AF8A ft=1 fh=1250f3b8b2373331 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.Bromon.dll.vir"
sh=94CB1CCC5A6036258A4C013177573008AB83A456 ft=1 fh=bc398fa0934a109e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BroStats.dll.vir"
sh=43EF7F47578237FD717FBED0DFD2998763858047 ft=1 fh=c6a0b13f30eb7a42 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapterS.dll.vir"
sh=B1A06FFFA655A700427757AFD98DA5E337BEACE0 ft=1 fh=00e4bc82f334e7e7 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.CompatibilityChecker.dll.vir"
sh=32DA92D10BA4BD078E1267D926094C667F123DF4 ft=1 fh=1e09fd5b74d9f3b8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.FeSvc.dll.vir"
sh=5B78D7837814EE82F66088F9B1EBC448B1772C21 ft=1 fh=9590036cdc90f8db vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.PurBrowse.dll.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=77918B0878255FC1383E41084977C8CF7CD463D9 ft=1 fh=c71c00119ea191b0 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=84FE61ACEE90134C6BFBD3CECF1FB07BC22C997C ft=1 fh=dc261decc3a37fad vn="Variante von Win32/DealPly.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir"
sh=FD0663F63F87B7B5B310EC6CE26E72AF58243084 ft=1 fh=f52ffd4db74c8f0b vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir"
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ctypes\FirefoxCtype.dll.vir"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\oz4ctuqu.default\Extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\Plugins\npFirefoxPlugin.dll.vir"
sh=FC452B32F511426349EB700848F3DA9C164D1E7C ft=1 fh=a98ae64601c0f511 vn="Variante von Win32/InstallCore.LN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Temp\JDSetup130518295661873583.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Christoph\Desktop\ccsetup416.exe"
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Christoph\Documents\vorher vohanden\APNSetup.exe"
sh=7D7C7305298E11EE810078A7FA0640B484A1EA10 ft=1 fh=6ce22f5640248296 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\avira_free4045_antivirus_de.exe"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\avira_free_antivirus_de.exe"
sh=7A47FF456DD27B0A6F31A09C75F408EAA57B34D8 ft=1 fh=86813715cb6c6b4d vn="Win32/InstallCore.DA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\ImageEditorSetup.exe"
sh=6CB43BC55897CAB77564A42DC054BB9C0B76D298 ft=1 fh=80114f94555d3919 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\InnoGames(1).exe"
sh=6CB43BC55897CAB77564A42DC054BB9C0B76D298 ft=1 fh=80114f94555d3919 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\InnoGames.exe"
sh=7F717E6A13483AF34789AC2B755AF52E35F144C3 ft=1 fh=1cc411c439d29779 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\InnoGames_brff.exe"
sh=7C19B644A2D9587F13BD1B355E7C8E45DBBED8A5 ft=1 fh=26000157c8bfc87e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\diverse Dateien\zaSetupWeb_110_780_000.exe"
sh=A9B44B47329DFDC56F86EDA59429593DF39B5A54 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=1F69FB9BC4F314CBEC9BECEBA3F5C393006A7C57 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=A9B44B47329DFDC56F86EDA59429593DF39B5A54 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=1F69FB9BC4F314CBEC9BECEBA3F5C393006A7C57 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[2].7z"
was ich noch vergessen habe.

mir ist gerade noch aufgefallen, dass ich die app "Mail" nicht mehr öffnen kann.

Wenn ich diese öffnen will kommt folgende Fehlermeldung

"Mail kann nicht geöffnet werden, während der Explorer mit Administrationsrechten ausgeführt wird"

cosinus 08.08.2014 23:24
Zitat:
"Mail kann nicht geöffnet werden, während der Explorer mit Administrationsrechten ausgeführt wird"
Das kann während einer Bereinigung schon mal sein. Erstmal schließen wir das ab und wenn nach einem Reboot noch Probleme auftreten sehen wir weiter.

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


Bratschel 09.08.2014 19:29
alles klar. hab ich gemacht.

was soll ich jetzt machen?

habe alles gemacht.

was soll ich jeztz tun?

cosinus 09.08.2014 23:17
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Bratschel 10.08.2014 19:43
hi,

soweit läuft alles wieder.

das einzige was nicht funktioniert ist meine Mail App.

Was muss ich denn machen, damit die wieder funktioniert?

cosinus 10.08.2014 20:36
Mail App, geht das auch mal genauer? Und inwiefern besteht da ein Zusammenhang mit diesem Thread?

Bratschel 11.08.2014 08:58
hi, ich nochmal.

die App funktioniert jetzt wieder.

Was soll ich denn mit den ganzen Programmen machen? können die gelöscht werden?


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19