Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe ich den Redirect Virus? Wie bekomme ich ihn weg? (https://www.trojaner-board.de/152938-habe-redirect-virus-bekomme-ihn-weg.html)

jaquu 23.04.2014 15:05
Habe ich den Redirect Virus? Wie bekomme ich ihn weg?
 
Hallo,
seit einigen Wochen habe ich, denke ich, einen Virus auf meinem Laptop!
Bei jeder Google Suche oder Seitenöffnung öffnen sich andere Werbefenster. Außerdem sind einzelne Wörter der suchen grün makiert und unterstrichen.:wtf:

Kann mir jemand helfen und mir sagen, wie ich das weg bekomme und was für Daten ich euch dazu geben muss? Das wäre super!!!!

Danke im Vorraus

cosinus 23.04.2014 15:13
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

jaquu 23.04.2014 15:26
Nein, vorher wurde nichts gefunden. hab jetzt versucht es so zu machen, wie du es gesagt hast! hier die FRST.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Jaqueline (administrator) on JAQUS on 23-04-2014 16:20:38
Running from C:\Users\Jaqueline\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Atheros Commnucations) C:\WINDOWS\system32\AdminService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Jaqueline\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] => C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe [572032 2014-01-23] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-27] (Bitdefender)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Spotify Web Helper] => C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-17] (Spotify Ltd)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {a3a07df4-84c4-11e3-be6e-ccaf78d8be02} - "E:\Startme.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {ab475adb-6c17-11e3-be66-78843cefab0d} - "E:\start.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {c1b48961-97d5-11e3-be73-ccaf78d8be02} - "F:\HTC_Sync_Manager_PC.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=40491EAF78D8BE01&affID=128491&tsp=5175
SearchScopes: HKCU - {57F16186-ED46-4B6D-BF4E-21CBD41BDEED} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=404962d0000000000000deaf78d8be01&r=546
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "spellcheck": {
      "confirm_dialog_shown": true,
      "use_spelling_service"
CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=40491EAF78D8BE01&affID=128491&tsp=5175"
CHR DefaultSearchKeyword: gmx.de
CHR DefaultSearchProvider: GMX Suche
CHR DefaultSearchURL: hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@ffox.suche@web&origin=searchplugin
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (SmallringFX MetalSliver Theme) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\amoaokkohdcekgomnddkdfocbifmiafo [2014-01-05]
CHR Extension: (Google Docs) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (YouTube) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Google-Suche) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (OnlineHD V6.0) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Google Mail) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 16:20 - 2014-04-23 16:21 - 00014273 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:20 - 2014-04-23 16:20 - 00000000 ____D () C:\FRST
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64.exe
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-17 10:12 - 2014-04-17 10:12 - 00993712 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-16 13:42 - 2014-04-16 13:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\sho4485.tmp
2014-04-16 11:40 - 2014-04-16 11:40 - 00448528 _____ () C:\Users\Jaqueline\Downloads\Player_Setup (2).exe
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-13 16:25 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-13 16:25 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-13 16:25 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-13 16:25 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-13 16:25 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-13 16:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-03-31 18:02 - 2014-03-27 18:08 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-31 18:02 - 2014-03-27 17:15 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-31 18:02 - 2014-03-27 17:15 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-29 09:17 - 2014-03-29 09:17 - 00626816 _____ () C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup.exe
2014-03-29 09:17 - 2014-03-29 09:17 - 00626816 _____ () C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup (1).exe
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-26 19:11 - 2014-04-23 16:16 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-03-26 19:11 - 2014-04-16 13:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 18:45 - 2014-03-30 17:35 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml

==================== One Month Modified Files and Folders =======

2014-04-23 16:21 - 2014-04-23 16:20 - 00014273 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:21 - 2014-01-09 14:06 - 00595968 ___SH () C:\Users\Jaqueline\Downloads\Thumbs.db
2014-04-23 16:20 - 2014-04-23 16:20 - 00000000 ____D () C:\FRST
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64.exe
2014-04-23 16:16 - 2014-03-26 19:11 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-04-23 16:15 - 2013-12-23 23:59 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 16:14 - 2014-01-21 20:04 - 01877192 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 16:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-23 15:55 - 2013-12-24 00:18 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Spotify
2014-04-23 15:34 - 2014-02-05 16:00 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B9ABAB9-9036-4E14-9127-D4EDE22FB5F6}
2014-04-23 15:25 - 2013-12-24 00:19 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Spotify
2014-04-20 13:02 - 2013-12-23 23:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3545342124-3751203487-2797069715-1001
2014-04-20 12:59 - 2013-12-24 19:53 - 00002010 _____ () C:\WINDOWS\Tasks\OnlineHD V6.0-chromeinstaller.job
2014-04-20 12:54 - 2013-12-24 19:54 - 00002244 _____ () C:\WINDOWS\Tasks\OnlineHD V6.0-firefoxinstaller.job
2014-04-20 12:54 - 2013-12-24 19:54 - 00001252 _____ () C:\WINDOWS\Tasks\OnlineHD V6.0-codedownloader.job
2014-04-20 11:15 - 2013-12-24 00:00 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-20 11:15 - 2013-12-23 23:59 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 11:07 - 2013-12-23 23:56 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Adobe
2014-04-17 10:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-17 10:20 - 2014-03-22 12:21 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:21 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:20 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-04-17 10:19 - 2013-12-29 19:22 - 00312832 ___SH () C:\Users\Jaqueline\Desktop\Thumbs.db
2014-04-17 10:12 - 2014-04-17 10:12 - 00993712 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-16 23:14 - 2013-12-24 15:50 - 00000000 ____D () C:\ProgramData\Origin
2014-04-16 22:48 - 2014-01-24 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:42 - 2014-01-24 14:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-16 22:32 - 2014-01-08 00:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-16 14:48 - 2014-01-21 20:12 - 00000000 __RDO () C:\Users\Jaqueline\SkyDrive
2014-04-16 14:44 - 2014-02-05 15:37 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-04-16 14:31 - 2014-01-06 17:40 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-16 14:25 - 2013-12-24 15:53 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-16 13:56 - 2013-12-24 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-16 13:48 - 2013-11-14 09:26 - 01778494 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-16 13:48 - 2013-11-14 09:11 - 00766026 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-16 13:48 - 2013-11-14 09:11 - 00159552 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-16 13:45 - 2014-03-26 19:11 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-04-16 13:45 - 2013-12-24 00:17 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Wise Care 365
2014-04-16 13:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-16 13:42 - 2014-04-16 13:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\sho4485.tmp
2014-04-16 13:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-16 13:40 - 2013-12-25 00:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-16 13:39 - 2013-12-25 00:37 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-16 11:40 - 2014-04-16 11:40 - 00448528 _____ () C:\Users\Jaqueline\Downloads\Player_Setup (2).exe
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-15 21:41 - 2013-08-22 16:46 - 00309517 _____ () C:\WINDOWS\setupact.log
2014-04-15 21:41 - 2013-08-22 16:46 - 00000262 _____ () C:\WINDOWS\setuperr.log
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-04-02 09:30 - 2014-02-17 17:57 - 00000000 ____D () C:\Users\Jaqueline\Desktop\matrei referat
2014-04-01 20:58 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\SoftGrid Client
2014-03-31 23:23 - 2014-03-05 17:39 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2014-03-05 17:39 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 03:16 - 2014-04-13 16:25 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-13 16:24 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 17:35 - 2014-03-26 18:45 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-29 09:17 - 2014-03-29 09:17 - 00626816 _____ () C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup.exe
2014-03-29 09:17 - 2014-03-29 09:17 - 00626816 _____ () C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup (1).exe
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-28 07:29 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\SoftGrid Client
2014-03-28 07:29 - 2014-01-20 20:23 - 00041472 ___SH () C:\Users\Jaqueline\Documents\Thumbs.db
2014-03-27 18:09 - 2013-12-23 20:42 - 00000000 ____D () C:\Users\Jaqueline\Documents\Bea Stick daten
2014-03-27 18:08 - 2014-03-31 18:02 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-27 17:15 - 2014-03-31 18:02 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-27 17:15 - 2014-03-31 18:02 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-27 12:13 - 2014-01-23 20:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files\Google
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-27 12:13 - 2013-11-14 00:18 - 00344150 _____ () C:\WINDOWS\PFRO.log
2014-03-27 12:13 - 2013-08-22 16:44 - 05184768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 11:51 - 2014-01-08 00:08 - 00227188 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 11:50 - 2014-01-08 00:08 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

Some content of TEMP:
====================
C:\Users\Jaqueline\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Jaqueline\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jaqueline\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\Jaqueline\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 14:47

==================== End Of Log ============================
--- --- ---

[/CODE]

und hier die Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Jaqueline at 2014-04-23 16:23:43
Running from C:\Users\Jaqueline\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.2.1.1 (HKLM-x32\...\{C83C3B4C-1AFF-4CEA-8078-74E7A3FE8F03}) (Version: 4.2.1.1 - The Document Foundation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7113.5007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
OnlineHD V6.0 (HKLM-x32\...\OnlineHD V6.0) (Version: 1.31.153.4 - installdaddy)
OnlineHDTV (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - OnlineHD.TV)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 5.01 (32 位元) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

29-03-2014 13:43:42 Geplanter Prüfpunkt
15-04-2014 19:38:02 Windows Update
16-04-2014 20:32:08 Installiert The Sims 3

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17CC7B39-2FF2-457C-A198-F3B46F0C7653} - System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E80EEED-76A8-418C-9639-DD869B4AFF19} - System32\Tasks\OnlineHD V6.0-chromeinstaller => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe [2013-12-24] (installdaddy)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E1D9A1A-8D43-4B50-8560-72AB0223CA10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {5258F037-E300-42A2-AACB-010CA2F1E265} - System32\Tasks\OnlineHD V6.0-firefoxinstaller => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe [2013-12-24] (installdaddy)
Task: {5F773655-134B-4F9B-8EA5-F1B71ADE058C} - System32\Tasks\OnlineHD V6.0-codedownloader => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe [2013-12-24] (installdaddy)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8447A0BD-DEEA-4946-AC1D-9924AEFA90D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {86998767-9DE8-4E07-9467-5EF0F3B92E91} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9A173414-AC48-49B7-8B85-D1ABF32D7DA6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-16] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A8BD6368-A261-427B-8990-E3105B98B780} - System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {AA683B5E-13C9-41AD-B4D2-E81B88516F78} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jaqueline.schwering@gmx.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\OnlineHD V6.0-chromeinstaller.job => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\OnlineHD V6.0-codedownloader.job => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe
Task: C:\WINDOWS\Tasks\OnlineHD V6.0-firefoxinstaller.job => C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-22 12:27 - 2013-06-19 12:45 - 00265080 ____N () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-12-24 00:19 - 2014-04-17 13:03 - 00602680 _____ () C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-03-27 13:45 - 2014-03-27 13:45 - 00204280 ____N () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-16 12:04 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-16 12:04 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2013-12-24 00:19 - 2014-04-17 13:03 - 36966968 _____ () C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\libcef.dll
2013-12-24 00:19 - 2014-04-17 13:03 - 00886840 _____ () C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-12-24 00:19 - 2014-04-17 13:03 - 00108600 _____ () C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Jaqueline\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Jaqueline\Downloads\Player_Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Jaqueline\Downloads\Player_Setup (2).exe:BDU
AlternateDataStreams: C:\Users\Jaqueline\Downloads\setup.exe:BDU
AlternateDataStreams: C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 01:11:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JAQUS)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/20/2014 01:11:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: JAQUS)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/19/2014 08:35:42 PM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20461 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2650

Startzeit: 01cf5bf5e51af3fb

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 2a5e0b15-c7f1-11e3-be77-ccaf78d8be02

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/19/2014 00:12:15 AM) (Source: Application Hang) (User: )
Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d14

Startzeit: 01cf5b5331415fe3

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe

Berichts-ID: 7cc5028b-c746-11e3-be77-ccaf78d8be02

Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager

Error: (04/19/2014 00:12:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: JAQUS)
Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/19/2014 00:12:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: JAQUS)
Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (04/18/2014 06:00:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/18/2014 00:39:24 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/17/2014 01:21:00 PM) (Source: Application Hang) (User: )
Description: Programm TS3W.exe, Version 0.2.0.209 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b4c

Startzeit: 01cf5a15e20b9144

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe

Berichts-ID: 58678f94-c622-11e3-be77-ccaf78d8be02

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/17/2014 10:16:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TS3SP04.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: avcuf32.dll, Version: 3.10.9020.5043, Zeitstempel: 0x5335b3a2
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00008ab7
ID des fehlerhaften Prozesses: 0x2ba8
Startzeit der fehlerhaften Anwendung: 0xTS3SP04.exe0
Pfad der fehlerhaften Anwendung: TS3SP04.exe1
Pfad des fehlerhaften Moduls: TS3SP04.exe2
Berichtskennung: TS3SP04.exe3
Vollständiger Name des fehlerhaften Pakets: TS3SP04.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TS3SP04.exe5


System errors:
=============
Error: (04/23/2014 03:31:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/20/2014 10:43:36 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/19/2014 03:40:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/19/2014 00:12:13 AM) (Source: DCOM) (User: JAQUS)
Description: Microsoft.Windows.PhotoManager

Error: (04/18/2014 00:09:29 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/17/2014 10:00:51 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/16/2014 11:09:11 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/15/2014 09:41:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/13/2014 04:20:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/02/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (04/20/2014 01:11:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JAQUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (04/20/2014 01:11:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: JAQUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (04/19/2014 08:35:42 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20461265001cf5bf5e51af3fb4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe2a5e0b15-c7f1-11e3-be77-ccaf78d8be02microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/19/2014 00:12:15 AM) (Source: Application Hang)(User: )
Description: PhotosApp.exe6.3.9600.165071d1401cf5b5331415fe34294967295C:\WINDOWS\FileManager\PhotosApp.exe7cc5028b-c746-11e3-be77-ccaf78d8be02FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

Error: (04/19/2014 00:12:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: JAQUS)
Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927142

Error: (04/19/2014 00:12:04 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: JAQUS)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager

Error: (04/18/2014 06:00:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/18/2014 00:39:24 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/17/2014 01:21:00 PM) (Source: Application Hang)(User: )
Description: TS3W.exe0.2.0.209b4c01cf5a15e20b91444294967295C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe58678f94-c622-11e3-be77-ccaf78d8be02

Error: (04/17/2014 10:16:15 AM) (Source: Application Error)(User: )
Description: TS3SP04.exe0.0.0.000000000avcuf32.dll3.10.9020.50435335b3a2c00000fd00008ab72ba801cf5a154bb5242bC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Packs\TS3SP04\TS3SP04.exeC:\Program Files\Bitdefender\Bitdefender\Active Virus Control\Avc3_00232_003\avcuf32.dll8ac227b2-c608-11e3-be77-ccaf78d8be02


CodeIntegrity Errors:
===================================
  Date: 2014-04-20 13:13:20.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:13:20.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 4043.86 MB
Available physical RAM: 1566.13 MB
Total Pagefile: 5187.49 MB
Available Pagefile: 1827.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.44 GB) (Free:381.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 977A69B6)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 23.04.2014 15:36
Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


jaquu 23.04.2014 16:58
Folglich schicke ich dir die Textdateien in Reihenfolge:

Schritt 1

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.04.2014
Suchlauf-Zeit: 17:24:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.23.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jaqueline

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269907
Verstrichene Zeit: 38 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 14
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [9f61af5169978d733426ff4f52b01ee2],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [42bef0107e82669aeb7071dde41e8a76],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [2ad67c843ac6ea16de11a5a8877b10f0],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [26dac33dd030976944016b1870922ad6],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [a7596b9540c0ac5451f43c47847e1ce4],
PUP.Optional.OnlineVid.A, HKLM\SOFTWARE\WOW6432NODE\OnlineHD V6.0, In Quarantäne, [e51bb8487a8637c98029a2e052b0ca36],
PUP.Optional.OnlineHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\OnlineHD V6.0, In Quarantäne, [13edf010a35dbf417028fe7f8979c937],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [4ab614ec57a93fc16175d9c0f013b64a],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [ef11808012ee867a67df1e65be440cf4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ac54b54bbd43ca3657ba2e7f4fb4e719],
PUP.Optional.OnlineHD.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\OnlineHD V6.0, In Quarantäne, [b54bae528b75c7394a4e7d008e74b848],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [b848f60aa65a5ca42255f37d936f7a86],
PUP.Optional.OnlineVid.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineHD V6.0, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, In Quarantäne, [e11f6a96db25837d89611b47f40e6c94],

Registrierungswerte: 2
PUP.Optional.Iminent.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [2ad67c843ac6ea16de11a5a8877b10f0],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3545342124-3751203487-2797069715-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [0ff12fd1659bd12f549b4a039969af51],

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 7
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [b050dd237f81cb3543af77e9ae54d030],
PUP.Optional.OpenCandy, C:\Users\Jaqueline\AppData\Roaming\OpenCandy, In Quarantäne, [669a659b0ef2a15f44b7431d0ef45ea2],
PUP.Optional.OpenCandy, C:\Users\Jaqueline\AppData\Roaming\OpenCandy\071150BCD2F948B681B17418AC4E6D58, In Quarantäne, [669a659b0ef2a15f44b7431d0ef45ea2],
PUP.Optional.OpenCandy, C:\Users\Jaqueline\AppData\Roaming\OpenCandy\27F17CA4345D4D038494E4CF8F10F8F3, In Quarantäne, [669a659b0ef2a15f44b7431d0ef45ea2],
PUP.Optional.Iminent.A, C:\Users\Jaqueline\AppData\Roaming\IminentToolbar, In Quarantäne, [0ef257a9be42907021a97be745bdd42c],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV, In Quarantäne, [e11f6a96db25837d89611b47f40e6c94],

Dateien: 38
PUP.Optional.OpenCandy.A, C:\Users\Jaqueline\AppData\Roaming\OpenCandy\27F17CA4345D4D038494E4CF8F10F8F3\Setupsft_chr_p1v7.exe, In Quarantäne, [fc047f8151af6b951fa1001fbe469c64],
PUP.Optional.ToolBarInstaller.A, C:\Users\Jaqueline\AppData\Local\Temp\BuenoSearchTB.exe, In Quarantäne, [b54b8d73f60aa65a74f27b89b74dfa06],
PUP.Optional.Iminent.A, C:\Users\Jaqueline\AppData\Local\Temp\IminentSetup-1-.exe, In Quarantäne, [c53b22de0af6956b50b62cfd5ca51de3],
PUP.Optional.Iminent, C:\Users\Jaqueline\AppData\Local\Temp\Umbrella.exe4fc6d, In Quarantäne, [59a73dc318e83fc123080ef55fa27c84],
PUP.Optional.Bandoo, C:\Users\Jaqueline\Downloads\iLividSetup-r400-n-bc (1).exe, In Quarantäne, [897715ebac54f60ac8505ca940c18a76],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup.exe, In Quarantäne, [8a76e21ef10f05fb455601bfc43f43bd],
PUP.Optional.Softonic.A, C:\Users\Jaqueline\Downloads\SoftonicDownloader_fuer_pdfbinder.exe, In Quarantäne, [d62adc24679932cea0d7ab709a670af6],
PUP.Optional.InstallCore.A, C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup (1).exe, In Quarantäne, [48b82dd302fe1de31b7fe72c996b847c],
PUP.Optional.InstallCore.A, C:\Users\Jaqueline\Downloads\uplayermediaplayer-setup.exe, In Quarantäne, [9868f40c54acd9272e6cc350af559d63],
PUP.Optional.Bandoo, C:\Users\Jaqueline\Downloads\iLividSetup-r400-n-bc (2).exe, In Quarantäne, [fe0244bcce329b650d0b40c51be649b7],
PUP.Optional.OpenCandy, C:\Users\Jaqueline\Downloads\DTLite4481-0347.exe, In Quarantäne, [ea16d92730d035cb72e53d138084916f],
PUP.Optional.Bandoo, C:\Users\Jaqueline\Downloads\iLividSetup-r400-n-bc (3).exe, In Quarantäne, [4cb454aceb15db2529ef35d02ed3e020],
PUP.Optional.Bandoo, C:\Users\Jaqueline\Downloads\iLividSetup-r400-n-bc.exe, In Quarantäne, [bc4414eca35deb156fa9887dbe437f81],
PUP.Optional.OptimumInstaller.A, C:\Users\Jaqueline\Downloads\Player-Chrome.exe, In Quarantäne, [a55b35cbbe42857b1d03a3a60bf60000],
PUP.Optional.BundleInstaller.A, C:\Users\Jaqueline\Downloads\Player_Setup (1).exe, In Quarantäne, [4bb512eeb44cc9370a7cdf278b7942be],
PUP.Optional.BundleInstaller.A, C:\Users\Jaqueline\Downloads\Player_Setup (2).exe, In Quarantäne, [7d8301ff22de9e627a60380ad8299d63],
PUP.Optional.DomalQ, C:\Users\Jaqueline\Downloads\player_setup.exe, In Quarantäne, [8e7218e86c948e728b31719606fe8a76],
PUP.Optional.Iminent.A, C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [7c84718f24dc32ceb02c1c551be727d9],
PUP.Optional.OnlineVid.A, C:\Windows\Tasks\OnlineHD V6.0-chromeinstaller.job, In Quarantäne, [c739b34d53adf40c347486fca16115eb],
PUP.Optional.OnlineVid.A, C:\Windows\Tasks\OnlineHD V6.0-codedownloader.job, In Quarantäne, [4db3a957b24e9769a008e49e8a78bf41],
PUP.Optional.OnlineVid.A, C:\Windows\Tasks\OnlineHD V6.0-firefoxinstaller.job, In Quarantäne, [35cb1de3926efd03a4045f2344bea759],
PUP.Optional.OpenCandy, C:\Users\Jaqueline\AppData\Roaming\OpenCandy\071150BCD2F948B681B17418AC4E6D58\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, In Quarantäne, [669a659b0ef2a15f44b7431d0ef45ea2],
PUP.Optional.Iminent.A, C:\Users\Jaqueline\AppData\Roaming\IminentToolbar\sqlite3.dll, In Quarantäne, [0ef257a9be42907021a97be745bdd42c],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\48260.crx, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\48260.xpi, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-buttonutil.dll, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-buttonutil.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-buttonutil64.dll, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-buttonutil64.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-helper.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0.ico, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\Uninstall.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD V6.0\utils.exe, In Quarantäne, [837d4db30df355ab3cad1a48966c9e62],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV\uninst.exe, In Quarantäne, [e11f6a96db25837d89611b47f40e6c94],
PUP.Optional.BuenoSearch.A, C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=40491EAF78D8BE01&affID=128491&tsp=5175" ],), Ersetzt,[26da000039c76c940ac3d08859ab5ea2]

Physische Sektoren: 0
(No malicious items detected)


(end)
Schritt 2

AdwCleaner Logfile:
Code:
# AdwCleaner v3.201 - Bericht erstellt am 23/04/2014 um 17:36:05
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Jaqueline - JAQUS
# Gestartet von : C:\Users\Jaqueline\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\SecretSauce
Ordner Gelöscht : C:\Users\Jaqueline\AppData\LocalLow\Softonic
Datei Gelöscht : C:\END

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] :
Gelöscht [Extension] : pkhojieggfgllhllcegoffdcnmdeojgb

*************************

AdwCleaner[R0].txt - [2770 octets] - [23/04/2014 17:34:44]
AdwCleaner[S0].txt - [2374 octets] - [23/04/2014 17:36:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2434 octets] ##########
--- --- ---


Schritt 3:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Jaqueline on 23.04.2014 at 17:41:31,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{57F16186-ED46-4B6D-BF4E-21CBD41BDEED}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\syswow64\sho4485.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jaqueline\appdata\locallow\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2014 at 17:45:40,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 4:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Jaqueline (administrator) on JAQUS on 23-04-2014 17:52:36
Running from C:\Users\Jaqueline\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Atheros Commnucations) C:\WINDOWS\system32\AdminService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Spotify Web Helper] => C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-17] (Spotify Ltd)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {a3a07df4-84c4-11e3-be6e-ccaf78d8be02} - "E:\Startme.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {ab475adb-6c17-11e3-be66-78843cefab0d} - "E:\start.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {c1b48961-97d5-11e3-be73-ccaf78d8be02} - "F:\HTC_Sync_Manager_PC.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "spellcheck": {
      "confirm_dialog_shown": true,
      "use_spelling_service"
CHR DefaultSearchKeyword: gmx.de
CHR DefaultSearchProvider: GMX Suche
CHR DefaultSearchURL: hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@ffox.suche@web&origin=searchplugin
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (SmallringFX MetalSliver Theme) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\amoaokkohdcekgomnddkdfocbifmiafo [2014-01-05]
CHR Extension: (Google Docs) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (YouTube) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Google-Suche) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (OnlineHD V6.0) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Google Mail) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 17:47 - 2014-04-23 17:52 - 00013067 _____ () C:\Users\Jaqueline\Desktop\FRST.txt
2014-04-23 17:47 - 2014-04-23 17:47 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (2).exe
2014-04-23 17:45 - 2014-04-23 17:45 - 00001058 _____ () C:\Users\Jaqueline\Desktop\JRT.txt
2014-04-23 17:41 - 2014-04-23 17:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-23 17:40 - 2014-04-23 17:41 - 01016261 _____ (Thisisu) C:\Users\Jaqueline\Downloads\JRT.exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (1).exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00002526 _____ () C:\Users\Jaqueline\Desktop\AdwCleaner[S0].txt
2014-04-23 17:33 - 2014-04-23 17:40 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:32 - 2014-04-23 17:32 - 01345299 _____ () C:\Users\Jaqueline\Desktop\adwcleaner.exe
2014-04-23 17:32 - 2014-04-23 17:32 - 00010434 _____ () C:\Users\Jaqueline\Desktop\mbam.txt
2014-04-23 17:30 - 2014-04-23 17:30 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-23 16:44 - 2014-04-23 17:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:43 - 2014-04-23 16:43 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-23 16:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-23 16:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-23 16:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-23 16:42 - 2014-04-23 16:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jaqueline\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 16:21 - 2014-04-23 16:30 - 00027868 _____ () C:\Users\Jaqueline\Downloads\Addition.txt
2014-04-23 16:20 - 2014-04-23 17:52 - 00000000 ____D () C:\FRST
2014-04-23 16:20 - 2014-04-23 16:30 - 00040586 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Desktop\FRST64.exe
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-13 16:25 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-13 16:25 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-13 16:25 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-13 16:25 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-13 16:25 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-13 16:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-03-31 18:02 - 2014-03-27 18:08 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-31 18:02 - 2014-03-27 17:15 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-31 18:02 - 2014-03-27 17:15 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-26 19:11 - 2014-04-23 17:37 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-03-26 19:11 - 2014-04-23 17:16 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 18:45 - 2014-03-30 17:35 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml

==================== One Month Modified Files and Folders =======

2014-04-23 17:52 - 2014-04-23 17:47 - 00013067 _____ () C:\Users\Jaqueline\Desktop\FRST.txt
2014-04-23 17:52 - 2014-04-23 16:20 - 00000000 ____D () C:\FRST
2014-04-23 17:48 - 2013-12-23 23:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3545342124-3751203487-2797069715-1001
2014-04-23 17:47 - 2014-04-23 17:47 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (2).exe
2014-04-23 17:46 - 2014-01-09 14:06 - 00595968 ___SH () C:\Users\Jaqueline\Downloads\Thumbs.db
2014-04-23 17:45 - 2014-04-23 17:45 - 00001058 _____ () C:\Users\Jaqueline\Desktop\JRT.txt
2014-04-23 17:41 - 2014-04-23 17:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-23 17:41 - 2014-04-23 17:40 - 01016261 _____ (Thisisu) C:\Users\Jaqueline\Downloads\JRT.exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (1).exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00002526 _____ () C:\Users\Jaqueline\Desktop\AdwCleaner[S0].txt
2014-04-23 17:40 - 2014-04-23 17:33 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:39 - 2013-12-24 00:00 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 17:38 - 2014-01-21 20:12 - 00000000 __RDO () C:\Users\Jaqueline\SkyDrive
2014-04-23 17:38 - 2013-12-29 19:22 - 00312832 ___SH () C:\Users\Jaqueline\Desktop\Thumbs.db
2014-04-23 17:38 - 2013-12-24 00:17 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Wise Care 365
2014-04-23 17:38 - 2013-12-23 23:59 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 17:37 - 2014-04-23 16:44 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 17:37 - 2014-03-26 19:11 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-04-23 17:37 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 17:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-23 17:33 - 2013-11-14 09:26 - 01778494 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-23 17:33 - 2013-11-14 09:11 - 00766026 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-23 17:33 - 2013-11-14 09:11 - 00159552 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-23 17:32 - 2014-04-23 17:32 - 01345299 _____ () C:\Users\Jaqueline\Desktop\adwcleaner.exe
2014-04-23 17:32 - 2014-04-23 17:32 - 00010434 _____ () C:\Users\Jaqueline\Desktop\mbam.txt
2014-04-23 17:30 - 2014-04-23 17:30 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-23 17:27 - 2013-11-14 00:18 - 00358012 _____ () C:\WINDOWS\PFRO.log
2014-04-23 17:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-04-23 17:26 - 2014-01-21 20:04 - 01921974 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 17:16 - 2014-03-26 19:11 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-04-23 17:15 - 2013-12-23 23:59 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-23 16:57 - 2013-12-24 00:18 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Spotify
2014-04-23 16:43 - 2014-04-23 16:43 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-23 16:42 - 2014-04-23 16:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jaqueline\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 16:30 - 2014-04-23 16:21 - 00027868 _____ () C:\Users\Jaqueline\Downloads\Addition.txt
2014-04-23 16:30 - 2014-04-23 16:20 - 00040586 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Desktop\FRST64.exe
2014-04-23 15:34 - 2014-02-05 16:00 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B9ABAB9-9036-4E14-9127-D4EDE22FB5F6}
2014-04-23 15:25 - 2013-12-24 00:19 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Spotify
2014-04-20 11:07 - 2013-12-23 23:56 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Adobe
2014-04-17 10:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-17 10:20 - 2014-03-22 12:21 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:21 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:20 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-04-16 23:14 - 2013-12-24 15:50 - 00000000 ____D () C:\ProgramData\Origin
2014-04-16 22:48 - 2014-01-24 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:42 - 2014-01-24 14:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-16 22:32 - 2014-01-08 00:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-16 14:44 - 2014-02-05 15:37 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-04-16 14:31 - 2014-01-06 17:40 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-16 14:25 - 2013-12-24 15:53 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-16 13:56 - 2013-12-24 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-16 13:40 - 2013-12-25 00:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-16 13:39 - 2013-12-25 00:37 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-15 21:41 - 2013-08-22 16:46 - 00309517 _____ () C:\WINDOWS\setupact.log
2014-04-15 21:41 - 2013-08-22 16:46 - 00000262 _____ () C:\WINDOWS\setuperr.log
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-03 09:51 - 2014-04-23 16:43 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 16:43 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 16:43 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-04-02 09:30 - 2014-02-17 17:57 - 00000000 ____D () C:\Users\Jaqueline\Desktop\matrei referat
2014-04-01 20:58 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\SoftGrid Client
2014-03-31 23:23 - 2014-03-05 17:39 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2014-03-05 17:39 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 03:16 - 2014-04-13 16:25 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-13 16:24 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 17:35 - 2014-03-26 18:45 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-28 07:29 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\SoftGrid Client
2014-03-28 07:29 - 2014-01-20 20:23 - 00041472 ___SH () C:\Users\Jaqueline\Documents\Thumbs.db
2014-03-27 18:09 - 2013-12-23 20:42 - 00000000 ____D () C:\Users\Jaqueline\Documents\Bea Stick daten
2014-03-27 18:08 - 2014-03-31 18:02 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-27 17:15 - 2014-03-31 18:02 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-27 17:15 - 2014-03-31 18:02 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-27 12:13 - 2014-01-23 20:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files\Google
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-27 12:13 - 2013-08-22 16:44 - 05184768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 11:51 - 2014-01-08 00:08 - 00227188 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 11:50 - 2014-01-08 00:08 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

Some content of TEMP:
====================
C:\Users\Jaqueline\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jaqueline\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jaqueline\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 14:47

==================== End Of Log ============================
--- --- ---


Dieses mal zeigt er mir keine Addition.txt, woran liegt das?:killpc:

cosinus 23.04.2014 18:33
An einem Haken liegt das :blabla:

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

jaquu 23.04.2014 18:38
Ups, okay! dann hier nochmal schritt 4:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Jaqueline at 2014-04-23 19:35:41
Running from C:\Users\Jaqueline\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.2.1.1 (HKLM-x32\...\{C83C3B4C-1AFF-4CEA-8078-74E7A3FE8F03}) (Version: 4.2.1.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.7113.5007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 5.01 (32 位元) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

29-03-2014 13:43:42 Geplanter Prüfpunkt
15-04-2014 19:38:02 Windows Update
16-04-2014 20:32:08 Installiert The Sims 3
23-04-2014 14:41:17 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17CC7B39-2FF2-457C-A198-F3B46F0C7653} - System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E1D9A1A-8D43-4B50-8560-72AB0223CA10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8447A0BD-DEEA-4946-AC1D-9924AEFA90D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {86998767-9DE8-4E07-9467-5EF0F3B92E91} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9A173414-AC48-49B7-8B85-D1ABF32D7DA6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-16] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A8BD6368-A261-427B-8990-E3105B98B780} - System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {AA683B5E-13C9-41AD-B4D2-E81B88516F78} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jaqueline.schwering@gmx.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-02-13 19:19 - 2014-02-13 19:19 - 01041936 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxml2.dll
2014-02-13 19:19 - 2014-02-13 19:19 - 00080400 _____ () C:\Program Files (x86)\LibreOffice 4\program\python3.dll
2014-02-13 10:39 - 2014-02-13 10:39 - 00049152 _____ () C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.3\lib\_socket.pyd
2014-02-13 19:19 - 2014-02-13 19:19 - 00182800 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxslt.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-16 12:04 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-16 12:04 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-16 12:04 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Jaqueline\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/23/2014 07:35:00 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 07:09:35 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 07:09:05 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 07:08:35 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 06:39:12 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 06:38:42 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 06:25:19 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 06:24:49 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 06:24:19 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (04/23/2014 05:53:02 PM) (Source: DCOM) (User: JAQUS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-20 13:13:20.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:13:20.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-20 13:11:50.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4043.86 MB
Available physical RAM: 2346.64 MB
Total Pagefile: 5003.86 MB
Available Pagefile: 3256.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.44 GB) (Free:381.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 977A69B6)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Jaqueline (administrator) on JAQUS on 23-04-2014 19:35:16
Running from C:\Users\Jaqueline\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Atheros Commnucations) C:\WINDOWS\system32\AdminService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Spotify Web Helper] => C:\Users\Jaqueline\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-17] (Spotify Ltd)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {a3a07df4-84c4-11e3-be6e-ccaf78d8be02} - "E:\Startme.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {ab475adb-6c17-11e3-be66-78843cefab0d} - "E:\start.exe"
HKU\S-1-5-21-3545342124-3751203487-2797069715-1001\...\MountPoints2: {c1b48961-97d5-11e3-be73-ccaf78d8be02} - "F:\HTC_Sync_Manager_PC.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "spellcheck": {
      "confirm_dialog_shown": true,
      "use_spelling_service"
CHR DefaultSearchKeyword: gmx.de
CHR DefaultSearchProvider: GMX Suche
CHR DefaultSearchURL: hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@ffox.suche@web&origin=searchplugin
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (SmallringFX MetalSliver Theme) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\amoaokkohdcekgomnddkdfocbifmiafo [2014-01-05]
CHR Extension: (Google Docs) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (YouTube) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Google-Suche) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (OnlineHD V6.0) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Google Mail) - C:\Users\Jaqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 19:08 - 2014-04-23 19:08 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (4).exe
2014-04-23 19:04 - 2014-04-23 19:04 - 00070225 _____ () C:\Users\Jaqueline\Desktop\Deutsch HA.odt
2014-04-23 19:04 - 2014-04-23 19:04 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.Deutsch HA.odt#
2014-04-23 18:23 - 2014-04-23 18:23 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (3).exe
2014-04-23 17:47 - 2014-04-23 19:35 - 00013468 _____ () C:\Users\Jaqueline\Desktop\FRST.txt
2014-04-23 17:47 - 2014-04-23 17:47 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (2).exe
2014-04-23 17:45 - 2014-04-23 17:45 - 00001058 _____ () C:\Users\Jaqueline\Desktop\JRT.txt
2014-04-23 17:41 - 2014-04-23 17:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-23 17:40 - 2014-04-23 17:41 - 01016261 _____ (Thisisu) C:\Users\Jaqueline\Downloads\JRT.exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (1).exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00002526 _____ () C:\Users\Jaqueline\Desktop\AdwCleaner[S0].txt
2014-04-23 17:33 - 2014-04-23 17:40 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:32 - 2014-04-23 17:32 - 01345299 _____ () C:\Users\Jaqueline\Desktop\adwcleaner.exe
2014-04-23 17:32 - 2014-04-23 17:32 - 00010434 _____ () C:\Users\Jaqueline\Desktop\mbam.txt
2014-04-23 17:30 - 2014-04-23 17:30 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-23 16:44 - 2014-04-23 17:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:43 - 2014-04-23 16:43 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-23 16:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-23 16:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-23 16:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-23 16:42 - 2014-04-23 16:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jaqueline\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 16:21 - 2014-04-23 16:30 - 00027868 _____ () C:\Users\Jaqueline\Downloads\Addition.txt
2014-04-23 16:20 - 2014-04-23 19:35 - 00000000 ____D () C:\FRST
2014-04-23 16:20 - 2014-04-23 16:30 - 00040586 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Desktop\FRST64.exe
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-13 16:25 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-13 16:25 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-13 16:25 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-13 16:25 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-13 16:25 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-13 16:25 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-13 16:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-03-31 18:02 - 2014-03-27 18:08 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-31 18:02 - 2014-03-27 17:15 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-31 18:02 - 2014-03-27 17:15 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-26 19:11 - 2014-04-23 18:16 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-03-26 19:11 - 2014-04-23 18:16 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 18:45 - 2014-03-30 17:35 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml

==================== One Month Modified Files and Folders =======

2014-04-23 19:35 - 2014-04-23 17:47 - 00013468 _____ () C:\Users\Jaqueline\Desktop\FRST.txt
2014-04-23 19:35 - 2014-04-23 16:20 - 00000000 ____D () C:\FRST
2014-04-23 19:08 - 2014-04-23 19:08 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (4).exe
2014-04-23 19:04 - 2014-04-23 19:04 - 00070225 _____ () C:\Users\Jaqueline\Desktop\Deutsch HA.odt
2014-04-23 19:04 - 2014-04-23 19:04 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.Deutsch HA.odt#
2014-04-23 19:04 - 2013-12-29 19:22 - 00328192 ___SH () C:\Users\Jaqueline\Desktop\Thumbs.db
2014-04-23 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-23 18:34 - 2013-12-23 23:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3545342124-3751203487-2797069715-1001
2014-04-23 18:23 - 2014-04-23 18:23 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (3).exe
2014-04-23 18:16 - 2014-03-26 19:11 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf491666463019.job
2014-04-23 18:16 - 2014-03-26 19:11 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d.job
2014-04-23 18:16 - 2013-12-24 00:00 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 18:15 - 2013-12-23 23:59 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 17:47 - 2014-04-23 17:47 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (2).exe
2014-04-23 17:46 - 2014-01-09 14:06 - 00595968 ___SH () C:\Users\Jaqueline\Downloads\Thumbs.db
2014-04-23 17:45 - 2014-04-23 17:45 - 00001058 _____ () C:\Users\Jaqueline\Desktop\JRT.txt
2014-04-23 17:41 - 2014-04-23 17:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-23 17:41 - 2014-04-23 17:40 - 01016261 _____ (Thisisu) C:\Users\Jaqueline\Downloads\JRT.exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup (1).exe
2014-04-23 17:40 - 2014-04-23 17:40 - 00002526 _____ () C:\Users\Jaqueline\Desktop\AdwCleaner[S0].txt
2014-04-23 17:40 - 2014-04-23 17:33 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:38 - 2014-01-21 20:12 - 00000000 __RDO () C:\Users\Jaqueline\SkyDrive
2014-04-23 17:38 - 2013-12-24 00:17 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Wise Care 365
2014-04-23 17:38 - 2013-12-23 23:59 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 17:37 - 2014-04-23 16:44 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 17:37 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 17:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-23 17:33 - 2013-11-14 09:26 - 01778494 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-23 17:33 - 2013-11-14 09:11 - 00766026 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-23 17:33 - 2013-11-14 09:11 - 00159552 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-23 17:32 - 2014-04-23 17:32 - 01345299 _____ () C:\Users\Jaqueline\Desktop\adwcleaner.exe
2014-04-23 17:32 - 2014-04-23 17:32 - 00010434 _____ () C:\Users\Jaqueline\Desktop\mbam.txt
2014-04-23 17:30 - 2014-04-23 17:30 - 00991504 _____ () C:\Users\Jaqueline\Downloads\setup.exe
2014-04-23 17:27 - 2013-11-14 00:18 - 00358012 _____ () C:\WINDOWS\PFRO.log
2014-04-23 17:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-04-23 17:27 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP
2014-04-23 17:26 - 2014-01-21 20:04 - 01921974 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 16:57 - 2013-12-24 00:18 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\Spotify
2014-04-23 16:43 - 2014-04-23 16:43 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:43 - 2014-04-23 16:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-23 16:42 - 2014-04-23 16:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jaqueline\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 16:30 - 2014-04-23 16:21 - 00027868 _____ () C:\Users\Jaqueline\Downloads\Addition.txt
2014-04-23 16:30 - 2014-04-23 16:20 - 00040586 _____ () C:\Users\Jaqueline\Downloads\FRST.txt
2014-04-23 16:19 - 2014-04-23 16:19 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Downloads\FRST64 (1).exe
2014-04-23 16:18 - 2014-04-23 16:18 - 02061312 _____ (Farbar) C:\Users\Jaqueline\Desktop\FRST64.exe
2014-04-23 15:34 - 2014-02-05 16:00 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B9ABAB9-9036-4E14-9127-D4EDE22FB5F6}
2014-04-23 15:25 - 2013-12-24 00:19 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Spotify
2014-04-20 11:07 - 2013-12-23 23:56 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\Adobe
2014-04-17 10:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-17 10:20 - 2014-04-17 10:20 - 00281027 _____ () C:\ProgramData\1397722679.bdinstall.bin
2014-04-17 10:20 - 2014-04-17 10:20 - 00049288 _____ () C:\ProgramData\1397722782.bdinstall.bin
2014-04-17 10:20 - 2014-03-22 12:21 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:21 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-17 10:19 - 2014-03-22 12:20 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-04-16 23:14 - 2013-12-24 15:50 - 00000000 ____D () C:\ProgramData\Origin
2014-04-16 22:48 - 2014-01-24 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 22:42 - 2014-04-16 22:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:42 - 2014-01-24 14:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 22:37 - 2014-04-16 22:37 - 00000000 ____D () C:\Users\Jaqueline\Documents\Electronic Arts
2014-04-16 22:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-16 22:33 - 2014-04-16 22:33 - 00002088 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-16 22:32 - 2014-01-08 00:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-16 14:44 - 2014-02-05 15:37 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-04-16 14:31 - 2014-01-06 17:40 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-16 14:25 - 2013-12-24 15:53 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-16 13:56 - 2013-12-24 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-16 13:40 - 2013-12-25 00:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-16 13:39 - 2013-12-25 00:37 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-15 21:41 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-04-15 21:41 - 2013-08-22 16:46 - 00309517 _____ () C:\WINDOWS\setupact.log
2014-04-15 21:41 - 2013-08-22 16:46 - 00000262 _____ () C:\WINDOWS\setuperr.log
2014-04-13 16:21 - 2014-04-13 16:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-13 16:20 - 2014-04-13 16:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-03 09:51 - 2014-04-23 16:43 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 16:43 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 16:43 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 11:46 - 2014-04-02 11:46 - 00001868 _____ () C:\Users\Jaqueline\Desktop\TS3W.exe - Verknüpfung.lnk
2014-04-02 11:44 - 2014-04-02 11:44 - 00001853 _____ () C:\Users\Jaqueline\Desktop\TS3.exe - Verknüpfung.lnk
2014-04-02 09:30 - 2014-02-17 17:57 - 00000000 ____D () C:\Users\Jaqueline\Desktop\matrei referat
2014-04-01 20:58 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Roaming\SoftGrid Client
2014-03-31 23:23 - 2014-03-05 17:39 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2014-03-05 17:39 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 03:16 - 2014-04-13 16:25 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-13 16:24 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 17:35 - 2014-03-26 18:45 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-28 07:34 - 2014-03-28 07:34 - 00000000 __RHD () C:\MSOCache
2014-03-28 07:29 - 2014-03-22 10:35 - 00000000 ____D () C:\Users\Jaqueline\AppData\Local\SoftGrid Client
2014-03-28 07:29 - 2014-01-20 20:23 - 00041472 ___SH () C:\Users\Jaqueline\Documents\Thumbs.db
2014-03-27 18:09 - 2013-12-23 20:42 - 00000000 ____D () C:\Users\Jaqueline\Documents\Bea Stick daten
2014-03-27 18:08 - 2014-03-31 18:02 - 01844884 _____ () C:\Users\Jaqueline\Documents\Open%20englisch).odp_1odp
2014-03-27 17:15 - 2014-03-31 18:02 - 00064644 _____ () C:\Users\Jaqueline\Documents\Englisch%20Präsentation.docx_0odt
2014-03-27 17:15 - 2014-03-31 18:02 - 00052085 _____ () C:\Users\Jaqueline\Documents\Handout.docx_0odt
2014-03-27 12:16 - 2014-03-27 12:16 - 00000385 _____ () C:\Users\Jaqueline\AppData\Roaminguser_gensett.xml
2014-03-27 12:15 - 2014-03-27 12:15 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-03-27 12:13 - 2014-01-23 20:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files\Google
2014-03-27 12:13 - 2013-12-23 23:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-27 12:13 - 2013-08-22 16:44 - 05184768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 19:11 - 2014-03-26 19:11 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf491666463019
2014-03-26 19:11 - 2014-03-26 19:11 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf491663174c7d
2014-03-26 19:00 - 2014-03-26 19:00 - 00000097 ____H () C:\Users\Jaqueline\Desktop\.~lock.OpenDocument Präsentation (neu).odp#
2014-03-26 11:51 - 2014-01-08 00:08 - 00227188 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 11:50 - 2014-01-08 00:08 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

Some content of TEMP:
====================
C:\Users\Jaqueline\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jaqueline\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jaqueline\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 14:47

==================== End Of Log ============================
--- --- ---


Ich hoffe nun ist alles richtig :D

cosinus 23.04.2014 18:40
Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


jaquu 23.04.2014 20:35
Gut. Erneut fertig!

Schritt 1
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.04.2014
Suchlauf-Zeit: 20:06:33
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.23.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jaqueline

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269853
Verstrichene Zeit: 19 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 7
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (1).exe, In Quarantäne, [6c94ab555ca426dac979da969f62ac54],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (2).exe, In Quarantäne, [758bc43c3ec216ea113175fb7091bb45],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (3).exe, In Quarantäne, [a25e3cc459a7d0308cb6de9211f009f7],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (4).exe, In Quarantäne, [c739be42a35de8186cd63f3106fbbb45],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (5).exe, In Quarantäne, [14ec01ff0df3738d6fd3c5aba859f50b],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup (6).exe, In Quarantäne, [1fe115eb4cb48b75172bf17fdc258b75],
PUP.Optional.OutBrowse, C:\Users\Jaqueline\Downloads\setup.exe, In Quarantäne, [a858a85800008b75fb472d43dc2513ed],

Physische Sektoren: 0
(No malicious items detected)


(end)
Schritt 2

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7cfbcc423fa9404d9b2c8618a10bd165
# engine=17997
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 07:21:23
# local_time=2014-04-23 09:21:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 18457 15597180 0 0
# scanned=240400
# found=0
# cleaned=0
# scan_time=4107
ok so?

cosinus 23.04.2014 23:34
TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

jaquu 24.04.2014 15:19
Hab alles nun gemacht wie du es gesagt hast, leider plagen die grün markierten Worte und ungewollte Seitenöffnungen mich immer noch :((

Immer noch das selbe Problem :(

cosinus 24.04.2014 15:22
Erstell dir mal ein neues Profil und teste => http://support.mozilla.com/de/kb/Profile%20verwalten

jaquu 24.04.2014 15:28
Ich hab bisher Chrome benutzt weil Firefox vorher arg hing.

Hab es mir nun neu Installiert, da habe ich das nicht. Trotzdem ist es dann doch nicht weg, wenn das problem bei Chrome noch auftritt, oder?

cosinus 25.04.2014 00:04
Dann sinnigerweise mal Chrome resetten? :wtf:
Du schreibst nur Problem ist noch da, woher soll ich wissen welcher Browser, also poste ich was für den Firefox den meiner Erfahrung nach die meisten Leute verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19