Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Storm Alert Adware nach Installation eines Stream-Programmes von chip.de (https://www.trojaner-board.de/161948-storm-alert-adware-installation-stream-programmes-chip-de.html)

Angelina 17.12.2014 18:05
Storm Alert Adware nach Installation eines Stream-Programmes von chip.de
 
Hallo, liebes Team,

ich bin sehr froh, auf Euch gestoßen zu sein. Um eine HR-Rundfunksendung downzustreamen, habe ich ein Streamprogramm von chip.de auf WINDOWS 8.1 heruntergeladen.

Seither öffnen sich bei jedem Link, den ich im Firefox oder im Internet Explorer anklicke, diese beiden Werbeseiten:

hxxp://consumer-responses.com/germany/98234908280934.php?&c1=RAPDE1&c2=&t202kw=www.trojaner-board.de

hxxp://c17.bluetradingonline.net/AnyOption/DE/TradingForNewbies/?offer_id=262&aff_id=2484&aff_sub=consumer-responses.com&aff_sub2=AFF_ID2&aff_sub3=AFF_ID3&aff_sub4=AFF_ID4&aff_sub5=AnyOption_TradingForNewbies_DE&source=SOURCE&url_id=1734

Gleichzeitig ist html-Text mit Links zu weiteren Werbungen unterlegt, auch habe ich ständig ca 300x400 er Popups, die mir die Sicht auf den Text versperren.

Ich habe mir zunächst gestern in Eigenregie Spybot Search and Destroy herunter geladen, einen Systemscan gemacht und alle (als gering eingestuften) Probleme behoben (was nichts gebracht hat).

Danach habe ich eine Suchmaschine bemüht, und bin auf dieses Forum gestoßen. Ich glaube, MarcO beschreibt exakt das gleiche Problem, und Timo (Warlord) konnte erfolgreich helfen:
http://www.trojaner-board.de/159957-...r-werbung.html

Weiter habe ich nichts unternommen (doch: meine Dokumente, Musik und Fotos gesichert).

Ich habe daher jetzt zunächst keinen FRST und GMER Scan durchgeführt. Auch traue ich mich weder den Adware Cleaner noch Junkware-Removal Tool zu benutzen, ohne Euch um Rat zu fragen.

Den o.g. Ratgeberfaden habe ich durchgelesen und mir zunächst den Adware Cleaner herunter geladen mit folgendem Ergebnis:
http://www.trojaner-board.de/picture...&pictureid=525

Welche Infos benötigt Ihr noch, soll ich einen FRST Scan posten, oder genügen Euch die Infos bereits?

Vielen Dank für die Rückmeldung!
Angelina


Der Cleaner von Spybot zeigt folgende Einträge:

[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Processing 141216-174655.xml
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product DownloadSponsor
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product DoubleClick
[i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product 7-Zip
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Internet Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Media Player
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS DirectDraw
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Paint
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Wordpad
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Media SDK
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cookie
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cache
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Verlauf
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Summary
[i] 14-12-16 19:00:12 Errors while cleaning 0
[i] 14-12-16 19:00:12 Files moved into quarantine 4
[i] 14-12-16 19:00:12 Files successfully cleaned 39
[+] 14-12-16 19:00:13 Gratulation, alles (aus Datei 141216-174655.xml) wurde gelöscht.


sowie wurde folgende Textdatei erstellt.
[i] 14-12-16 18:59:48
[i] 14-12-16 18:59:48 Product DownloadSponsor
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 18:59:48
[i] 14-12-16 18:59:48 Product Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 18:59:52 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 18:59:52
[i] 14-12-16 18:59:52 Product Macromedia.FlashPlayer.Cookies
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product DoubleClick
[+] 14-12-16 18:59:53 Moving into quarantine Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[+] 14-12-16 18:59:53 Successfully cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product 7-Zip
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[+] 14-12-16 18:59:53 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product Internet Explorer
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Media Player
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS DirectDraw
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Paint
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Wordpad
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows Explorer
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows Media SDK
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Cookie
[+] 14-12-16 18:59:54 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cookies
[+] 14-12-16 18:59:54 Moving into quarantine Firefox (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:54 Moving into quarantine Thunderbird (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:54 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[+] 14-12-16 18:59:55 Successfully cleaned Firefox (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:55 Successfully cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 18:59:55
[i] 14-12-16 18:59:55 Product Cache
[+] 14-12-16 18:59:55 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cache
[+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 18:59:56
[i] 14-12-16 18:59:56 Product Verlauf
[+] 14-12-16 18:59:56 Moving into quarantine Internet Explorer (Benutzer) (Rhea)History
[+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 18:59:56
[i] 14-12-16 18:59:56 Summary
[i] 14-12-16 18:59:56 Errors while cleaning 0
[i] 14-12-16 18:59:56 Files moved into quarantine 36
[i] 14-12-16 18:59:56 Files successfully cleaned 36
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product DownloadSponsor
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product DoubleClick
[i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product 7-Zip
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Internet Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Media Player
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS DirectDraw
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Paint
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Wordpad
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Media SDK
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cookie
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cache
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Verlauf
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Summary
[i] 14-12-16 19:00:12 Errors while cleaning 0
[i] 14-12-16 19:00:12 Files moved into quarantine 4
[i] 14-12-16 19:00:12 Files successfully cleaned 39

schrauber 17.12.2014 18:42
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Angelina 18.12.2014 14:38
Danke, dass Du Dich kümmerst, Schrauber.

Ich habe zwischenzeitlich auch noch diese Info über diese "Storm Alerts" gefunden, wo empfohlen wird, Tod und Teufel drüberlaufen zu lassen...
hxxp://malwaretips.com/blogs/storm-alerts-virus-removal/
...so ganz nach dem Motto viel hilft viel :rolleyes:


Hier die beiden txt.-Dateien

FRST Logfile:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 17-12-2014 18:53:35
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Pay By Ads LTD) C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [StartPoint] => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [624920 2014-12-16] (Pay By Ads LTD)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 107.05.50:51185
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> DefaultScope {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab: hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=591080004
FF SelectedSearchEngine: Search The Web (Start Point)
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 18:53 - 2014-12-17 18:54 - 00015192 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-17 18:53 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-17 16:41 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 21:26 - 2014-12-16 21:26 - 00000000 ____D () C:\StormAlert
2014-12-16 18:59 - 2014-12-16 18:59 - 00000447 _____ () C:\WINDOWS\wininit.ini
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 14:01 - 2014-12-17 15:10 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:59 - 2014-12-16 13:59 - 00000000 ____D () C:\ProgramData\StormAlert
2014-12-16 13:58 - 2014-12-16 13:58 - 00003490 _____ () C:\WINDOWS\System32\Tasks\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00003484 _____ () C:\WINDOWS\System32\Tasks\StartPoint Updater
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\***.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\****.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\****.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 00:04 - 2014-11-17 00:04 - 00000000 __SHD () C:\Users\Rhea\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 18:51 - 2014-03-06 21:58 - 01872958 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 18:32 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-17 18:09 - 2014-03-06 22:26 - 08315254 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-17 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-16 20:34 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 19:35 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-16 19:13 - 2013-10-07 19:23 - 00021374 _____ () C:\WINDOWS\PFRO.log
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-16 11:24 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 16:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Rhea at 2014-12-17 18:55:36
Running from C:\Users\Rhea\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.7.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
Garmin BaseCamp (HKLM-x32\...\{B0BED0BB-E1C4-49AA-840F-7CA052ADF5EB}) (Version: 4.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.310 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StartPoint (HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\startpoint) (Version:  - StartPoint) <==== ATTENTION!
Storm Alert (HKLM-x32\...\StormAlert) (Version: 2.7.50 - Rational Thought Solutions)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.6 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1202 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

26-11-2014 10:59:37 Windows Update
03-12-2014 13:34:21 Installed CodeTwo QR Code Desktop Reader
11-12-2014 16:50:44 Windows Update
16-12-2014 13:18:38 Removed CodeTwo QR Code Desktop Reader

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06959CFC-8C45-4C88-8CDB-7EA9E88A2649} - System32\Tasks\StartPoint Updater => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startup.exe [2014-12-16] (Pay By Ads LTD)
Task: {0FD3C72A-5BC2-4EEB-8B1B-0617404AEB92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2D0B16FE-D78C-428B-8397-FEDA08FF37F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8532750B-3F0A-4EFA-A180-B77445CF3232} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-03-06] (Lenovo)
Task: {9951E7EB-F9E7-4FEC-A88C-9CA0D8CCEB1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FC6D5919-A6F6-4603-BDC2-E79318828DFE} - System32\Tasks\StartPoint => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [2014-12-16] (Pay By Ads LTD)

==================== Loaded Modules (whitelisted) =============

2014-03-06 23:05 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-03-06 23:00 - 2013-11-18 16:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2013-11-15 03:01 - 2013-11-15 03:01 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-15 02:58 - 2013-11-15 02:58 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-15 03:04 - 2013-11-15 03:04 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-06 23:06 - 2014-03-06 23:06 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-03-06 23:00 - 2013-12-02 18:09 - 00044560 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-26 08:35 - 2014-10-26 08:35 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2014-10-16 22:28 - 2014-10-16 22:28 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-12-16 17:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-16 17:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-16 17:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-16 17:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-03-06 23:06 - 2014-03-06 23:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-26 10:48 - 2014-06-10 09:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-12-03 13:35 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-12-03 13:35 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Rhea\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3879709871-1962586687-2025067079-500 - Administrator - Disabled)
Gast (S-1-5-21-3879709871-1962586687-2025067079-501 - Limited - Disabled)
Rhea (S-1-5-21-3879709871-1962586687-2025067079-1001 - Administrator - Enabled) => C:\Users\Rhea

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: startpoint.exe, Version: 1.1.0.2, Zeitstempel: 0x548eb15e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00012f71
ID des fehlerhaften Prozesses: 0x3248
Startzeit der fehlerhaften Anwendung: 0xstartpoint.exe0
Pfad der fehlerhaften Anwendung: startpoint.exe1
Pfad des fehlerhaften Moduls: startpoint.exe2
Berichtskennung: startpoint.exe3
Vollständiger Name des fehlerhaften Pakets: startpoint.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: startpoint.exe5

Error: (12/17/2014 06:30:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 05:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.17122, Zeitstempel: 0x537192fe
Name des fehlerhaften Moduls: FileManagerApp.dll, Version: 6.3.9600.17334, Zeitstempel: 0x5407aa79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000024c2a1
ID des fehlerhaften Prozesses: 0x1c78
Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0
Pfad der fehlerhaften Anwendung: PhotosApp.exe1
Pfad des fehlerhaften Moduls: PhotosApp.exe2
Berichtskennung: PhotosApp.exe3
Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5

Error: (12/17/2014 04:34:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 04:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 04:08:27 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 03:52:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 03:30:54 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 02:34:06 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 02:16:39 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.


System errors:
=============
Error: (12/16/2014 08:35:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/16/2014 08:30:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/16/2014 08:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (12/16/2014 07:38:35 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/16/2014 07:38:05 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/16/2014 07:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/16/2014 07:12:03 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/16/2014 07:12:03 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/16/2014 07:12:01 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/16/2014 07:12:01 PM) (Source: DCOM) (EventID: 10010) (User: Mnemosyne)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (12/17/2014 06:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: startpoint.exe1.1.0.2548eb15eKERNELBASE.dll6.3.9600.1727853eeb460c06d007e00012f71324801d01a1f666d421bC:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllabd9d7c7-8612-11e4-828d-bfc5e9bf3350

Error: (12/17/2014 06:30:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 05:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotosApp.exe6.3.9600.17122537192feFileManagerApp.dll6.3.9600.173345407aa79c0000005000000000024c2a11c7801d01a14b95d4541C:\WINDOWS\FileManager\PhotosApp.exeC:\Windows\FileManager\FileManagerApp.dll0cc2a87e-860b-11e4-828d-bfc5e9bf3350FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

Error: (12/17/2014 04:34:56 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 04:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 04:08:27 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 03:52:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 03:30:54 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 02:34:06 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.

Error: (12/17/2014 02:16:39 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDllDptfSetConfigTdpLevel:  DeviceIoControl() failed.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 3979.22 MB
Available physical RAM: 2127.9 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 2734.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.74 GB) (Free:375.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E01DD02)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 17-12-2014 22:41:40
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Pay By Ads LTD) C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [StartPoint] => C:\Users\Rhea\AppData\Local\StartPoint\startpoint\1.3.17.3\startpoint.exe [624920 2014-12-16] (Pay By Ads LTD)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 107.05.50:51185
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab: hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=591080004
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\StormAlert
2014-12-17 18:55 - 2014-12-17 18:56 - 00022758 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-17 18:53 - 2014-12-17 22:41 - 00014968 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-17 22:41 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-17 22:35 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 18:59 - 2014-12-16 18:59 - 00000447 _____ () C:\WINDOWS\wininit.ini
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:58 - 2014-12-16 13:58 - 00003490 _____ () C:\WINDOWS\System32\Tasks\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00003484 _____ () C:\WINDOWS\System32\Tasks\StartPoint Updater
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 00:04 - 2014-11-17 00:04 - 00000000 __SHD () C:\Users\Rhea\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 22:41 - 2014-05-23 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-17 22:36 - 2013-10-07 19:23 - 00021692 _____ () C:\WINDOWS\PFRO.log
2014-12-17 22:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 22:36 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 22:35 - 2014-03-06 22:26 - 08339564 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-17 22:35 - 2014-03-06 21:58 - 01993954 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 22:19 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-17 22:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 20:13 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat

Some content of TEMP:
====================
C:\Users\Rhea\AppData\Local\Temp\Quarantine.exe
C:\Users\Rhea\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Der zweite Log unterscheidet sich vom ersten darin, dass ich den Adware Cleaner verwendet habe. Und es ist eher schlimmer als besser geworden. Dahingehend, als dass der Internet-Explorer noch langsamer die Werbeseite aufruft, teilweise werden Clicks auf Links nun nicht mehr umgesetzt
:wtf:

der neue Scan mit Adware Cleaner gibt noch einen Superfish her.
http://www.trojaner-board.de/picture...&pictureid=526

In der Firefox Toolbar finden sich noch "cliqz Share" und "Cliqz" Icons, im Startmenü sind allerlei Programme die ich nicht nutze, initial von Windows 8.1 deinstallierte wie Zalando, Amazon und co. neu Verlinkt, die keine Option zum Löschen bieten.

schrauber 18.12.2014 21:24
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    StartPoint



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Angelina 19.12.2014 20:19
Hallo, Schrauber,
leider sind wir noch nicht am Ziel, diese Junkware (siehe Links im ersten Beitrag) poppt weiterhin auf. Jedoch ist die Unterlegung der Zeilen weg.

Malwarebytes Anti-Malware
www.malwarebytes.org

Code:

Update, 18.12.2014 23:25:15, SYSTEM, MNEMOSYNE, Manual, Failed, Unable to access update server,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 18.12.2014 23:25:20, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Update, 18.12.2014 23:26:20, SYSTEM, MNEMOSYNE, Manual, Failed, Unable to access update server,
Detection, 18.12.2014 23:26:58, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:04, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:09, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:14, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:21, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:24, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:28, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:32, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:39, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:27:46, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:17, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:21, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:26, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:30, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:38, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:42, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:49, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:28:55, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:05, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:11, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Detection, 18.12.2014 23:29:15, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\FLdWte.dll, Quarantine Failed, 303, Queued for removal on reboot, [53b3df5f90ecb185512296aa669f8c74]
Update, 18.12.2014 23:47:14, SYSTEM, MNEMOSYNE, Scheduler, Failed, Unable to access update server,
Scan, 18.12.2014 23:51:59, SYSTEM, MNEMOSYNE, Manual, Start: % 1 "% 2", Dauer: % 1 min 16 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 7-Malwareerkennung,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 18.12.2014 23:53:13, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 18.12.2014 23:53:21, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,

(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.105 - Bericht erstellt am 19/12/2014 um 00:02:07
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Local]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Rhea - MNEMOSYNE
# Gestartet von : C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\StormAlert

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [2161 octets] - [17/12/2014 16:39:20]
AdwCleaner[R1].txt - [2221 octets] - [17/12/2014 22:25:02]
AdwCleaner[R2].txt - [1535 octets] - [18/12/2014 14:12:15]
AdwCleaner[R3].txt - [1029 octets] - [18/12/2014 23:56:59]
AdwCleaner[S0].txt - [2249 octets] - [17/12/2014 22:35:11]
AdwCleaner[S1].txt - [952 octets] - [19/12/2014 00:02:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1011 octets] ##########
--- --- ---
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Rhea on 19.12.2014 at  0:24:30,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.12.2014 at  0:29:45,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 19-12-2014 00:35:16
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Rational Thought Solutions) C:\ProgramData\uveZGBag\vrgJQIE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab:
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vrgJQIE; C:\ProgramData\uveZGBag\vrgJQIE.exe [2726776 2014-12-16] (Rational Thought Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 00:35 - 2014-12-19 00:35 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.JRT.txt#
2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt
2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt
2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt
2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert
2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-18 23:25 - 2014-12-19 00:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk
2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe
2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe
2014-12-17 18:53 - 2014-12-19 00:35 - 00015924 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-19 00:35 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:59 - 2014-12-16 14:00 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 00:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-19 00:31 - 2014-03-06 22:26 - 08460510 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-19 00:31 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-19 00:24 - 2014-03-06 21:58 - 01303168 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-19 00:02 - 2013-10-07 19:23 - 00030084 _____ () C:\WINDOWS\PFRO.log
2014-12-19 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---



:dankeschoen:

Ich habe heute nochmal mbam drüber laufen gelassen, nachdem ich gesehen habe, dass die Quarantäne offenbar nicht geklappt hat, nochmal alles in Quarantäne geschoben, mit folgendem Ergebnis:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.12.2014
Suchlauf-Zeit: 18:31:59
Logdatei: mbam Suchlaufprotokoll 141219.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.19.06
Rootkit Datenbank: v2014.12.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Rhea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319988
Verstrichene Zeit: 18 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\vrgJQIE.exe, 2192, Löschen bei Neustart, [0fa3333180fcb482059cb23e719042be]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.StormAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vrgJQIE, In Quarantäne, [0fa3333180fcb482059cb23e719042be],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 4
PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\vrgJQIE.exe, Löschen bei Neustart, [0fa3333180fcb482059cb23e719042be],
PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Löschen bei Neustart, [fbb71b49601ca78fddc433bda45da759],
PUP.Optional.HealthAlert.A, C:\ProgramData\uveZGBag\dat\ONROQsgjuXx.dll, Löschen bei Neustart, [ae0488dc93e965d11b351d467293e21e],
PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Löschen bei Neustart, [169cc0a46c1033030c95e0107a879b65],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 19.12.2014 00:03:07, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 19.12.2014 00:03:19, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Update, 19.12.2014 00:14:41, SYSTEM, MNEMOSYNE, Scheduler, Rootkit Database, 2014.11.18.1, 2014.12.14.1,
Update, 19.12.2014 00:14:41, SYSTEM, MNEMOSYNE, Scheduler, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Scheduler, Malware Database, 2014.11.20.6, 2014.12.18.5,
Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Refresh, Starting,
Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopping,
Protection, 19.12.2014 00:14:50, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopped,
Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Refresh, Success,
Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 19.12.2014 00:15:02, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Detection, 19.12.2014 00:25:33, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\LCEtzS.exe, Quarantine Failed, 303, Queued for removal on reboot, [b796b7adbcc083b3d2a1ba36669b718f]
Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 19.12.2014 00:32:34, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 19.12.2014 00:32:52, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Detection, 19.12.2014 00:34:34, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [0647f96b225ac76faec509e70af7bb45]
Detection, 19.12.2014 00:34:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [0647f96b225ac76faec509e70af7bb45]
Detection, 19.12.2014 00:39:02, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Quarantine Failed, 303, Queued for removal on reboot, [3d103232fa820c2af87bcd237f82d42c]
Update, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Scheduler, Malware Database, 2014.12.18.5, 2014.12.19.6,
Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Refresh, Starting,
Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopping,
Protection, 19.12.2014 18:31:59, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Stopped,
Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Refresh, Success,
Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 19.12.2014 18:36:18, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,
Detection, 19.12.2014 18:43:18, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [ae04abb97a02ad89a0016090907149b7]
Detection, 19.12.2014 18:43:20, Rhea, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\SUDQKCg.exe, Quarantine Failed, 303, Queued for removal on reboot, [446eb6aeb4c840f65f4234bc1be69769]
Detection, 19.12.2014 18:45:01, SYSTEM, MNEMOSYNE, Protection, Malware Protection, File, PUP.Optional.StormAlert.A, C:\ProgramData\uveZGBag\dat\hpMrtDNKP.exe, Quarantine Failed, 303, Queued for removal on reboot, [ae04abb97a02ad89a0016090907149b7]
Scan, 19.12.2014 18:50:48, SYSTEM, MNEMOSYNE, Manual, Start: % 1 "% 2", Dauer: % 1 min 18 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 6-Malwareerkennung,
Protection, 19.12.2014 18:51:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Starting,
Protection, 19.12.2014 18:51:50, SYSTEM, MNEMOSYNE, Protection, Malware Protection, Started,
Protection, 19.12.2014 18:51:51, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Starting,
Protection, 19.12.2014 18:51:52, SYSTEM, MNEMOSYNE, Protection, Malicious Website Protection, Started,

(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 19-12-2014 20:17:33
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab:
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 19:03 - 2014-12-19 19:03 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.mbam Schutzprotokoll 141219.txt#
2014-12-19 19:02 - 2014-12-19 19:02 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.mbam Suchlaufprotokoll 141219.txt#
2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt
2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt
2014-12-19 18:59 - 2014-12-19 18:59 - 00001872 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt
2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt
2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt
2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt
2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt
2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert
2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-18 23:25 - 2014-12-19 18:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk
2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe
2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe
2014-12-17 18:53 - 2014-12-19 20:17 - 00015631 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-19 20:17 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-17 18:49 - 02121216 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:59 - 2014-12-19 18:51 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt
2014-11-19 11:03 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 11:03 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-19 19:13 - 2014-03-06 21:58 - 01357933 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-19 18:51 - 2013-10-07 19:23 - 00031540 _____ () C:\WINDOWS\PFRO.log
2014-12-19 18:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-19 18:51 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-19 18:50 - 2014-03-06 22:26 - 08476796 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 00:01 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 12:58 - 2014-05-25 13:11 - 00000000 ____D () C:\Users\Rhea\Documents\privat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Ich nehme an, dass FRST dem auf der o.g. verlinkten Seite empfohlenen HitmanPro screening als Scantool gleicht und Letzteres dabei hinfällig wird?

http://www.trojaner-board.de/picture...&pictureid=527


:abklatsch: Hej, klasse, Schrauber!!!

Und hier noch eine kleine Ode an Eure süssen Forums-Smilies, die lass ich nämlich einfach eine kleine Party zur Feier des Forumsschraubers mit Ultrahypmucke ausrichten. Wie du siehst, es läuft ziemlich hochfrequenter Techno, das erklärt die Asynchronie im Tanz dieser Heinzelmännchen, aber sie haben sichtlich ihren Spaß auf dem Dancefloor:

:dankeschoen: :dankeschoen: :dankeschoen: :Boogie: :Boogie: :Boogie: :taenzer: :Boogie: :Boogie: :Boogie: :taenzer: :Boogie: :Boogie: :Boogie: :dankeschoen: :dankeschoen: :dankeschoen:

..

schrauber 20.12.2014 17:03
lol :D


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :) Wenn in welchem Browser?

Angelina 20.12.2014 22:49
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Rhea at 2014-12-20 18:15:43 Run:1
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185 ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320 FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17] Emptytemp:

*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

==== End of Fixlog ====
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d1888d012a0eeb4b9d75f37c1bf41763
# engine=21647
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 07:27:19
# local_time=2014-12-20 08:27:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 180813 9407958 0 0
# scanned=228732
# found=8
# cleaned=0
# scan_time=6404
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$RHPI98R.zip"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$RXWRHVI.exe"
sh=A1247F02D08733A0B4746A940B6C144326B4673E ft=1 fh=7a9f9b4b0c8d09ac vn="Variante von Win32/Toolbar.Montiera.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3879709871-1962586687-2025067079-1001\$R12VYTP\1.3.17.3\startpoint.exe"
sh=68FC8BB80F387D030B7683E15E3681AAFDCBF6F4 ft=1 fh=8729ec73b3c6124c vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\uveZGBag\dat\janZajB.dll"
sh=68FC8BB80F387D030B7683E15E3681AAFDCBF6F4 ft=1 fh=8729ec73b3c6124c vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\uveZGBag\dat\janZajB.dll"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip"
sh=075478ED256C74207FB1540F41BE4934B47D549B ft=1 fh=5a1a58d6a5023955 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rhea\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe"
sehr sympathisch, die folgende Anwendung griff lieber auf Notepad+++ zu als auf ein Windoof Programm zur Erstellung der Textdatei :cool:
Code:
Results of screen317's Security Check version 0.99.93 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 7 Update 71 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
 Mozilla Thunderbird (31.3.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 20-12-2014 22:36:52
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\tobedeleted\mozF527.tmp
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\Rhea\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab:
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 20:33 - 2014-12-20 20:33 - 00852505 _____ () C:\Users\Rhea\Downloads\SecurityCheck.exe
2014-12-20 18:23 - 2014-12-20 18:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-20 18:22 - 2014-12-20 18:22 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu (1).exe
2014-12-20 18:15 - 2014-12-20 18:15 - 00000000 ____D () C:\Users\Rhea\Downloads\FRST-OlderVersion
2014-12-20 18:09 - 2014-12-20 18:10 - 00000478 _____ () C:\Users\Rhea\Documents\Fixlist.txt
2014-12-20 18:08 - 2014-12-20 18:08 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu.exe
2014-12-20 16:41 - 2014-12-20 16:41 - 00011811 _____ () C:\Users\Rhea\Desktop\Machtspiele.odt
2014-12-20 16:37 - 2014-12-20 16:37 - 00008931 _____ () C:\Users\Rhea\Desktop\jazz.odt
2014-12-20 16:25 - 2014-12-20 16:25 - 00010186 _____ () C:\Users\Rhea\Desktop\RTF überischt.odt
2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt
2014-12-19 18:59 - 2014-12-19 20:22 - 00001888 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt
2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt
2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt
2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt
2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt
2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt
2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert
2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-18 23:25 - 2014-12-20 21:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk
2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe
2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe
2014-12-17 18:53 - 2014-12-20 22:36 - 00016266 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-20 22:36 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-20 18:15 - 02122240 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:59 - 2014-12-19 18:51 - 00000000 ____D () C:\ProgramData\uveZGBag
2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-20 20:21 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 20:21 - 2014-06-26 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-20 18:39 - 2014-03-06 21:58 - 01527124 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-20 13:27 - 2014-03-06 22:26 - 08565450 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-20 11:55 - 2013-10-07 19:23 - 00031898 _____ () C:\WINDOWS\PFRO.log
2014-12-20 11:55 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-19 18:51 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-12-18 23:37 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 14:48 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Probleme gibt es nicht mehr nach mehreren Neustarts des Systems. :party: Heute nur ist kurz der Rechner im Hochfahren des Betriebssystem mit schwarzem Bildschirm hängengeblieben. Bis ich mit mehreren Resetversuchen das Problem wegbekommen habe war ich schon etwas gestresst. Habe trotzdem den Schnellstart von Windoof nicht deaktiviert.

P.S: bin morgen nicht online, erst Montag wieder, mach Dir also kein Stress. (den hab ich morgen dafür... :wtf:)

Einen guten 4. Advent! Hab vielen Dank bis dahin! Angelina.

schrauber 21.12.2014 19:59
Der letzte FRST Fix lief nicht, weil du alles in eine Zeile kopiert hast. Bitte drauf achten dass der Fix beim Speichern genau so aussieht wie in der Codebox, Zeile für Zeile.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$Recycle.Bin
C:\ProgramData\uveZGBag
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Dann bitte nochmal ein frisches FRST log.

Angelina 22.12.2014 11:59
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Rhea at 2014-12-22 12:01:13 Run:2
Running from C:\Users\Rhea\Downloads
Loaded Profiles: Rhea &  (Available profiles: Rhea)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
C:\ProgramData\uveZGBag
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51185;https=127.0.0.1:51185
ProxyEnable: [S-1-5-21-3879709871-1962586687-2025067079-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3879709871-1962586687-2025067079-1001] => 127.0.0.1:51185.:21320
FF Extension: Cliqz Beta - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi [2014-12-17]
Emptytemp:
       
*****************

C:\$Recycle.Bin => Moved successfully.
C:\ProgramData\uveZGBag => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\cliqz@cliqz.com.xpi => Moved successfully.
EmptyTemp: => Removed 421 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Rhea (administrator) on MNEMOSYNE on 22-12-2014 12:24:03
Running from C:\Users\Rhea\Downloads
Loaded Profile: Rhea (Available profiles: Rhea)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-10-28] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-06] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-06] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] ( (Atheros Communications))
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879709871-1962586687-2025067079-1001 -> {F069211F-C8C2-4343-B32B-590D4C601F95} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=591080004&q={searchTerms}&r=739
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default
FF NewTab:
FF Homepage: https://www.google.de
FF Keyword.URL:
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\searchplugins\startpointkms.xml
FF Extension: Adblock Plus - C:\Users\Rhea\AppData\Roaming\Mozilla\Firefox\Profiles\s003w570.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows (R) Win 7 DDK provider)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-06] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-06] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-06] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 12:21 - 2014-12-22 12:21 - 00000112 ____H () C:\Users\Rhea\Downloads\.~lock.Fixlog.txt#
2014-12-20 20:33 - 2014-12-20 20:33 - 00852505 _____ () C:\Users\Rhea\Downloads\SecurityCheck.exe
2014-12-20 18:23 - 2014-12-20 18:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-20 18:22 - 2014-12-20 18:22 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu (1).exe
2014-12-20 18:15 - 2014-12-20 18:15 - 00000000 ____D () C:\Users\Rhea\Downloads\FRST-OlderVersion
2014-12-20 18:09 - 2014-12-20 18:10 - 00000478 _____ () C:\Users\Rhea\Documents\Fixlist.txt
2014-12-20 18:08 - 2014-12-20 18:08 - 02347384 _____ (ESET) C:\Users\Rhea\Downloads\esetsmartinstaller_deu.exe
2014-12-20 16:41 - 2014-12-20 16:41 - 00011811 _____ () C:\Users\Rhea\Desktop\Machtspiele.odt
2014-12-20 16:37 - 2014-12-20 16:37 - 00008931 _____ () C:\Users\Rhea\Desktop\jazz.odt
2014-12-20 16:25 - 2014-12-20 16:25 - 00010186 _____ () C:\Users\Rhea\Desktop\RTF überischt.odt
2014-12-19 19:00 - 2014-12-19 19:00 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141218.txt
2014-12-19 18:59 - 2014-12-19 20:22 - 00001888 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141219.txt
2014-12-19 18:59 - 2014-12-19 18:59 - 00002069 _____ () C:\Users\Rhea\Downloads\mbam Suchlaufprotokoll 141218.txt
2014-12-19 18:58 - 2014-12-19 18:58 - 00004791 _____ () C:\Users\Rhea\Downloads\mbam Schutzprotokoll 141219.txt
2014-12-19 00:31 - 2014-12-19 00:31 - 00000687 _____ () C:\Users\Rhea\Downloads\JRT.txt
2014-12-19 00:29 - 2014-12-19 00:29 - 00000670 _____ () C:\Users\Rhea\Desktop\JRT.txt
2014-12-19 00:24 - 2014-12-19 00:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-19 00:17 - 2014-12-19 00:17 - 00007514 _____ () C:\Users\Rhea\Downloads\mbam.txt
2014-12-19 00:13 - 2014-12-19 00:13 - 01707646 _____ (Thisisu) C:\Users\Rhea\Downloads\JRT.exe
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StormAlert
2014-12-19 00:13 - 2014-12-19 00:13 - 00000000 ____D () C:\StormAlert
2014-12-19 00:06 - 2014-12-19 00:07 - 00023586 _____ () C:\Users\Rhea\Downloads\Addition.txt
2014-12-18 23:25 - 2014-12-22 12:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:25 - 2014-12-18 23:25 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 23:25 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 23:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-18 23:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 23:23 - 2014-12-18 23:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rhea\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 23:15 - 2014-12-18 23:15 - 00001295 _____ () C:\Users\Rhea\Desktop\Revo Uninstaller.lnk
2014-12-18 23:15 - 2014-12-18 23:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 22:54 - 2014-12-18 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95.exe
2014-12-18 22:54 - 2014-12-18 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rhea\Downloads\revosetup95 (1).exe
2014-12-17 18:53 - 2014-12-22 12:24 - 00015609 _____ () C:\Users\Rhea\Downloads\FRST.txt
2014-12-17 18:53 - 2014-12-22 12:24 - 00000000 ____D () C:\FRST
2014-12-17 18:49 - 2014-12-20 18:15 - 02122240 _____ (Farbar) C:\Users\Rhea\Downloads\FRST64.exe
2014-12-17 16:39 - 2014-12-19 00:23 - 00000000 ____D () C:\AdwCleaner
2014-12-17 16:37 - 2014-12-17 16:37 - 02166272 _____ () C:\Users\Rhea\Downloads\AdwCleaner_4.105.exe
2014-12-16 17:43 - 2014-12-16 17:43 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-16 17:43 - 2014-12-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2014-12-18 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 17:42 - 2014-12-16 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 17:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-16 17:40 - 2014-12-16 17:40 - 01177424 _____ () C:\Users\Rhea\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-16 14:12 - 2014-12-16 14:12 - 00000000 ____D () C:\Users\Rhea\Documents\StreamTransport
2014-12-16 13:58 - 2014-12-18 23:20 - 00000000 ____D () C:\Users\Rhea\AppData\Local\StartPoint
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-12-16 13:56 - 2014-12-16 13:57 - 00000000 ____D () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2
2014-12-16 13:55 - 2014-12-16 13:56 - 17805707 _____ () C:\Users\Rhea\Downloads\streamtransport_1.1.6.2.zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-16 13:48 - 2014-12-16 13:48 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-16 13:14 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-12-16 13:14 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-12-16 11:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 11:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 16:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 16:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 16:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 16:42 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 16:42 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 16:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 16:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 16:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 16:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 01:55 - 2014-12-07 01:55 - 00066958 _____ () C:\Users\Rhea\Downloads\Hüffenhardt.gpx
2014-12-03 13:35 - 2014-12-03 13:35 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Wondershare
2014-12-03 13:34 - 2014-12-03 13:40 - 00000000 ____D () C:\Users\Rhea\AppData\Roaming\Wondershare
2014-12-01 11:19 - 2014-12-01 11:19 - 00069760 _____ () C:\Users\Rhea\Downloads\KühkopfWorms.gpx
2014-11-29 19:24 - 2014-11-29 19:52 - 00030859 _____ () C:\Users\Rhea\Desktop\Stellungnahme Dienstnacht.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 12:19 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-22 12:18 - 2014-03-06 22:26 - 08587482 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-22 12:18 - 2014-03-06 21:58 - 01652789 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:18 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-22 12:13 - 2014-05-23 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3879709871-1962586687-2025067079-1001
2014-12-22 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-22 11:58 - 2014-06-26 11:16 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Thunderbird
2014-12-20 23:47 - 2014-06-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 23:47 - 2014-06-26 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-20 11:55 - 2013-10-07 19:23 - 00031898 _____ () C:\WINDOWS\PFRO.log
2014-12-18 23:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-12-18 23:18 - 2014-05-22 23:25 - 00000000 ____D () C:\Users\Rhea\AppData\Local\CrashDumps
2014-12-18 19:38 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 22:14 - 2014-03-07 06:41 - 00767130 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 22:14 - 2014-03-07 06:41 - 00160216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 22:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 20:11 - 2013-08-22 15:46 - 00029657 _____ () C:\WINDOWS\setupact.log
2014-12-16 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 19:43 - 2014-07-11 17:43 - 00000000 ____D () C:\Users\Rhea\Documents\geschäftlich 2014
2014-12-16 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-13 17:24 - 2014-06-12 23:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:22 - 2014-06-12 23:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-03 13:48 - 2014-05-23 01:03 - 00000000 ____D () C:\Users\Rhea\AppData\Local\Packages
2014-12-01 19:47 - 2014-07-08 12:40 - 00000000 ____D () C:\Users\Rhea\Documents\gps Daten
2014-11-26 22:10 - 2014-06-14 18:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-06-14 18:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 17:21

==================== End Of Log ============================

schrauber 23.12.2014 11:50
Perfekt. Bestehen noch Probleme mit dem System?

Angelina 23.12.2014 20:16
:D Probleme?! Huh? War da je was?







;)

Angelina 23.12.2014 20:42
Frohe Weihnachten!

schrauber 24.12.2014 18:11
Gleichfalls!

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131