Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Deal Finder löschen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.07.2013, 20:54   #1
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Guten Abend,

vorweg: ich habe so gut wie keine Ahnung von Computern, befolge aber gerne jeden Schritt, den ihr mir hoffentlich zur Beseitigung meines Problems vorgebt.

Seit einigen Tagen ist mein Anti-Virus-Programm abgelaufen und ich habe mir Avira runtergeladen. Nun habe ich das Problem, dass sich immer, wenn ich mit Firefox surfe die Geschwindigkeit sehr stark verlangsamt und es sehr lange Ladezeiten gibt. Oft öffnet sich ein Fenster mit dem Namen "Deal Finder" und ich weiß nun nicht, was ich machen soll, um meinen PC zu sichern/schützen und wieder vernünftig surfen zu können. Ich hoffe ihr könnt mir helfen und wie gesagt, ich benötige wahrscheinlich ganz genaue Erklärungen, was ich zu tun habe.

Vielen Dank schon mal.

Geändert von MasterT83 (03.07.2013 um 21:02 Uhr)

Alt 03.07.2013, 21:16   #2
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.




Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten. (Hier gibt es eine Anleitung)
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.


Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Scan mit DDS (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags. (Anleitung)
__________________

__________________

Alt 03.07.2013, 21:45   #3
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 03/07/2013 um 22:28:08 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Tobias Ebeling - EBELINGT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias Ebeling\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [20201 octets] - [30/06/2013 12:47:07]
AdwCleaner[R2].txt - [1477 octets] - [03/07/2013 21:16:25]
AdwCleaner[S1].txt - [18593 octets] - [30/06/2013 12:47:52]
AdwCleaner[S2].txt - [1550 octets] - [03/07/2013 21:16:40]
AdwCleaner[S3].txt - [1125 octets] - [03/07/2013 22:28:08]

########## EOF - C:\AdwCleaner[S3].txt - [1185 octets] ##########
         
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Tobias Ebeling at 22:32:27 on 2013-07-03
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3960.2937 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\WINDOWS\system32\CxAudMsg64.exe
C:\Program Files\Elantech\ETDService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: LyricsWoofer: {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Google Update] "C:\Users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E7B4C999-97B6-417F-8B73-7133C46A1E9E} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E7B4C999-97B6-417F-8B73-7133C46A1E9E}\542656C696E676 : DHCPNameServer = 217.0.43.1 217.0.43.193 192.168.0.1
TCP: Interfaces\{E7B4C999-97B6-417F-8B73-7133C46A1E9E}\64259445A51224F68702733333030235C4 : DHCPNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=    
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Users\Tobias Ebeling\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-1-5 645952]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\Drivers\LhdX64.sys [2013-1-5 39008]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\Drivers\avkmgr.sys [2013-6-30 28600]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-30 84024]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-30 108088]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\Drivers\avgntflt.sys [2013-6-30 100712]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\WINDOWS\System32\BtwRSupportService.exe [2013-1-5 2227992]
R2 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2013-1-5 201376]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-11-23 83968]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\Drivers\bcbtums.sys [2013-1-5 169240]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\WINDOWS\System32\Drivers\btwampfl.sys [2013-1-5 161144]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\Drivers\btwl2cap.sys [2013-6-20 40248]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-11-23 323920]
R3 IntcDAud;Intel(R) Display-Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-9-5 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\Drivers\L1C63x64.sys [2012-8-14 110744]
R3 vm331avs;Digital Camera 1;C:\WINDOWS\System32\Drivers\vm331avs.sys [2013-1-5 975104]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-1-5 315536]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 wsvd;wsvd;C:\WINDOWS\System32\Drivers\wsvd.sys [2013-1-5 102376]
.
=============== Created Last 30 ================
.
2013-07-03 17:14:38	--------	d-----w-	C:\Program Files\Enigma Software Group
2013-07-03 17:14:25	--------	d-----w-	C:\WINDOWS\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-07-03 17:14:24	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-30 11:15:42	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Roaming\IrfanView
2013-06-30 11:15:42	--------	d-----w-	C:\Program Files (x86)\IrfanView
2013-06-30 10:47:33	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Roaming\Avira
2013-06-30 10:44:16	83672	----a-w-	C:\WINDOWS\System32\drivers\avnetflt.sys
2013-06-30 10:42:04	28600	----a-w-	C:\WINDOWS\System32\drivers\avkmgr.sys
2013-06-30 10:42:04	100712	----a-w-	C:\WINDOWS\System32\drivers\avgntflt.sys
2013-06-30 10:42:02	--------	d-----w-	C:\ProgramData\Avira
2013-06-30 10:42:02	--------	d-----w-	C:\Program Files (x86)\Avira
2013-06-30 10:35:17	--------	d-----w-	C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-06-30 10:35:16	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Roaming\DVDVideoSoft
2013-06-30 10:35:16	--------	d-----w-	C:\Program Files (x86)\DVDVideoSoft
2013-06-30 10:25:46	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Local\Freemium
2013-06-30 09:40:52	--------	d-----w-	C:\Program Files (x86)\Plus-HD-2.3
2013-06-30 09:38:15	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Local\DownloadGuide
2013-06-30 08:07:21	--------	d-----w-	C:\Users\Tobias Ebeling\AppData\Local\ChanSort
2013-06-20 19:04:09	--------	d-----w-	C:\WINDOWS\LastGood.Tmp
2013-06-20 18:53:09	40248	----a-w-	C:\WINDOWS\System32\drivers\btwl2cap.sys
2013-06-20 18:53:09	20856	----a-w-	C:\WINDOWS\System32\drivers\btwrchid.sys
2013-06-20 18:53:08	225144	----a-w-	C:\WINDOWS\System32\drivers\btwavdt.sys
2013-06-20 18:53:08	185208	----a-w-	C:\WINDOWS\System32\drivers\btwaudio.sys
2013-06-15 18:07:17	1300992	----a-w-	C:\WINDOWS\System32\gdi32.dll
2013-06-15 18:07:16	1022464	----a-w-	C:\WINDOWS\SysWow64\gdi32.dll
2013-06-15 18:07:15	888320	----a-w-	C:\WINDOWS\System32\autochk.exe
2013-06-15 18:07:15	542208	----a-w-	C:\WINDOWS\System32\untfs.dll
2013-06-15 18:07:14	793088	----a-w-	C:\WINDOWS\SysWow64\autochk.exe
2013-06-15 18:07:14	482816	----a-w-	C:\WINDOWS\SysWow64\untfs.dll
2013-06-13 16:52:31	733184	----a-w-	C:\WINDOWS\System32\win32spl.dll
2013-06-13 08:41:43	17271808	----a-w-	C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 08:41:42	16642560	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 07:05:41	1889280	----a-w-	C:\WINDOWS\System32\crypt32.dll
2013-06-13 07:05:41	1569792	----a-w-	C:\WINDOWS\SysWow64\crypt32.dll
2013-06-13 07:05:41	1255936	----a-w-	C:\WINDOWS\System32\certutil.exe
2013-06-13 07:05:40	68096	----a-w-	C:\WINDOWS\System32\cryptsvc.dll
2013-06-13 07:05:40	141312	----a-w-	C:\WINDOWS\System32\cryptnet.dll
2013-06-13 07:05:40	109056	----a-w-	C:\WINDOWS\SysWow64\cryptnet.dll
2013-06-13 07:05:40	1013248	----a-w-	C:\WINDOWS\SysWow64\certutil.exe
2013-06-13 05:40:55	2233600	----a-w-	C:\WINDOWS\System32\drivers\tcpip.sys
2013-06-13 05:40:51	30720	----a-w-	C:\WINDOWS\System32\cryptdlg.dll
2013-06-13 05:40:50	25088	----a-w-	C:\WINDOWS\SysWow64\cryptdlg.dll
.
==================== Find3M  ====================
.
2013-06-11 18:01:06	17617288	----a-w-	C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2013-06-04 22:09:22	78200	----a-w-	C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22	693112	----a-w-	C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-05-15 22:37:03	44032	----a-w-	C:\WINDOWS\SysWow64\UXInit.dll
2013-05-15 22:35:49	53760	----a-w-	C:\WINDOWS\System32\UXInit.dll
2013-05-14 13:14:01	2706432	----a-w-	C:\WINDOWS\System32\mshtml.tlb
2013-05-14 09:23:31	2706432	----a-w-	C:\WINDOWS\SysWow64\mshtml.tlb
2013-05-04 07:58:17	120736	----a-w-	C:\WINDOWS\System32\AuthHost.exe
2013-05-04 07:34:17	446720	----a-w-	C:\WINDOWS\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17	213248	----a-w-	C:\WINDOWS\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15	284416	----a-w-	C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-04 06:59:56	39424	----a-w-	C:\WINDOWS\System32\wuapp.exe
2013-05-04 06:59:51	1483776	----a-w-	C:\WINDOWS\System32\VSSVC.exe
2013-05-04 06:59:36	812544	----a-w-	C:\WINDOWS\System32\Magnify.exe
2013-05-04 06:59:25	98304	----a-w-	C:\WINDOWS\System32\wudriver.dll
2013-05-04 06:59:25	251904	----a-w-	C:\WINDOWS\System32\WUSettingsProvider.dll
2013-05-04 06:59:25	141824	----a-w-	C:\WINDOWS\System32\wuwebv.dll
2013-05-04 06:59:24	1619968	----a-w-	C:\WINDOWS\System32\wucltux.dll
2013-05-04 06:59:08	13644288	----a-w-	C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54	328192	----a-w-	C:\WINDOWS\System32\ubpm.dll
2013-05-04 06:58:54	10116096	----a-w-	C:\WINDOWS\System32\twinui.dll
2013-05-04 06:58:49	173568	----a-w-	C:\WINDOWS\System32\storewuauth.dll
2013-05-04 06:58:49	1332736	----a-w-	C:\WINDOWS\System32\sysmain.dll
2013-05-04 06:58:48	330240	----a-w-	C:\WINDOWS\System32\stobject.dll
2013-05-04 06:58:28	93696	----a-w-	C:\WINDOWS\System32\psmsrv.dll
2013-05-04 06:58:02	470528	----a-w-	C:\WINDOWS\System32\netprofmsvc.dll
2013-05-04 06:58:02	151552	----a-w-	C:\WINDOWS\System32\netprofm.dll
2013-05-04 06:58:01	169984	----a-w-	C:\WINDOWS\System32\netplwiz.dll
2013-05-04 06:57:59	17408	----a-w-	C:\WINDOWS\System32\muifontsetup.dll
2013-05-04 06:57:46	560640	----a-w-	C:\WINDOWS\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15	501760	----a-w-	C:\WINDOWS\System32\DevicePairing.dll
2013-05-04 06:57:05	179712	----a-w-	C:\WINDOWS\System32\bisrv.dll
2013-05-04 06:57:05	122368	----a-w-	C:\WINDOWS\System32\biwinrt.dll
2013-05-04 06:57:04	389120	----a-w-	C:\WINDOWS\System32\BCP47Langs.dll
2013-05-04 06:57:04	2305024	----a-w-	C:\WINDOWS\System32\authui.dll
2013-05-04 06:57:00	708096	----a-w-	C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00	1131520	----a-w-	C:\WINDOWS\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53	419840	----a-w-	C:\WINDOWS\System32\intl.cpl
2013-05-04 04:58:34	34304	----a-w-	C:\WINDOWS\SysWow64\wuapp.exe
2013-05-04 04:58:14	758784	----a-w-	C:\WINDOWS\SysWow64\Magnify.exe
2013-05-04 04:58:02	83968	----a-w-	C:\WINDOWS\SysWow64\wudriver.dll
2013-05-04 04:58:02	125952	----a-w-	C:\WINDOWS\SysWow64\wuwebv.dll
2013-05-04 04:57:49	10788864	----a-w-	C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39	8857088	----a-w-	C:\WINDOWS\SysWow64\twinui.dll
2013-05-04 04:57:39	247296	----a-w-	C:\WINDOWS\SysWow64\ubpm.dll
2013-05-04 04:57:35	303616	----a-w-	C:\WINDOWS\SysWow64\stobject.dll
2013-05-04 04:57:16	18432	----a-w-	C:\WINDOWS\SysWow64\npmproxy.dll
2013-05-04 04:57:04	151040	----a-w-	C:\WINDOWS\SysWow64\netplwiz.dll
2013-05-04 04:57:04	115712	----a-w-	C:\WINDOWS\SysWow64\netprofm.dll
2013-05-04 04:57:02	14336	----a-w-	C:\WINDOWS\SysWow64\muifontsetup.dll
2013-05-04 04:56:48	411136	----a-w-	C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14	449536	----a-w-	C:\WINDOWS\SysWow64\DevicePairing.dll
2013-05-04 04:56:06	92160	----a-w-	C:\WINDOWS\SysWow64\biwinrt.dll
2013-05-04 04:56:05	309760	----a-w-	C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05	2035712	----a-w-	C:\WINDOWS\SysWow64\authui.dll
2013-05-04 04:55:58	389632	----a-w-	C:\WINDOWS\SysWow64\intl.cpl
2013-05-04 04:51:38	14848	----a-w-	C:\WINDOWS\System32\rars.rs
2013-05-04 04:48:33	83968	----a-w-	C:\WINDOWS\System32\drivers\hidclass.sys
2013-05-04 04:48:26	27648	----a-w-	C:\WINDOWS\System32\drivers\hidusb.sys
2013-05-04 04:47:02	427520	----a-w-	C:\WINDOWS\System32\drivers\rdbss.sys
2013-05-04 04:10:47	14848	----a-w-	C:\WINDOWS\SysWow64\rars.rs
2013-04-28 22:30:55	1767936	----a-w-	C:\WINDOWS\SysWow64\wininet.dll
2013-04-28 22:30:12	2877440	----a-w-	C:\WINDOWS\SysWow64\jscript9.dll
2013-04-28 22:28:33	2241024	----a-w-	C:\WINDOWS\System32\wininet.dll
2013-04-28 22:28:29	915968	----a-w-	C:\WINDOWS\System32\uxtheme.dll
2013-04-28 22:28:00	3958784	----a-w-	C:\WINDOWS\System32\jscript9.dll
2013-04-16 02:34:44	1455368	----a-w-	C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35	444416	----a-w-	C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-11 06:40:48	6987528	----a-w-	C:\WINDOWS\System32\ntoskrnl.exe
2013-04-09 05:33:02	489576	----a-w-	C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02	446792	----a-w-	C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02	253544	----a-w-	C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02	86280	----a-w-	C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02	306952	----a-w-	C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 05:18:05	77960	----a-w-	C:\WINDOWS\System32\kdvm.dll
2013-04-09 05:17:57	1829408	----a-w-	C:\WINDOWS\System32\ntdll.dll
2013-04-09 04:52:07	816128	----a-w-	C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07	373760	----a-w-	C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:07	197120	----a-w-	C:\WINDOWS\System32\SearchFilterHost.exe
2013-04-09 04:52:07	126464	----a-w-	C:\WINDOWS\System32\Robocopy.exe
2013-04-09 04:52:06	804352	----a-w-	C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51	367616	----a-w-	C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45	523264	----a-w-	C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41	99840	----a-w-	C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41	456704	----a-w-	C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17	595456	----a-w-	C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17	391168	----a-w-	C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03	3552768	----a-w-	C:\WINDOWS\System32\tquery.dll
2013-04-09 04:50:53	414720	----a-w-	C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39	422400	----a-w-	C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39	1285632	----a-w-	C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03	96256	----a-w-	C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03	745984	----a-w-	C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:03	2107904	----a-w-	C:\WINDOWS\System32\mssrch.dll
2013-04-09 04:50:02	65024	----a-w-	C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02	435200	----a-w-	C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02	13824	----a-w-	C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54	1444864	----a-w-	C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:45	468992	----a-w-	C:\WINDOWS\System32\MFMediaEngine.dll
2013-04-09 04:49:45	281088	----a-w-	C:\WINDOWS\System32\mfreadwrite.dll
.
============= FINISH: 22:33:24,54 ===============
         
--- --- ---


Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 25.04.2013 19:35:10
System Uptime: 03.07.2013 22:29:07 (0 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 210 GiB total, 174,64 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22,691 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 209 GiB total, 171,444 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 15.06.2013 20:24:50 - Windows Update
RP9: 19.06.2013 00:35:05 - Windows Update
RP11: 20.06.2013 20:43:07 - Broadcom BTW Restore Point
RP13: 28.06.2013 09:55:37 - Geplanter Prüfpunkt
RP14: 30.06.2013 11:39:42 - Clever Privacy
RP15: 03.07.2013 18:19:31 - Clever Privacy
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
Benutzerhandbuch
Bonjour
Conexant HD Audio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Advanced Audio v2
Energy Management
Free YouTube to MP3 Converter version 3.12.4.622
Google Chrome
Intel AppUp(SM) center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo pointing device
Lenovo PowerDVD10
Lenovo YouCam
Lenovo_Wireless_Driver
LyricsWoofer
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 de)
Mozilla Maintenance Service
Picasa 3
Plus-HD-2.3
Power2Go
Realtek USB 2.0 Card Reader
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
SugarSync Manager
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
UserGuide
VLC media player 2.0.6
Winamp
Winamp Erkennungs-Plug-in
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
Zattoo4 4.0.5
.
==== End Of File ===========================
         
__________________

Alt 03.07.2013, 22:02   #4
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Ja schön und ich soll jetzt raten, ob sich was verändert hat?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.07.2013, 22:05   #5
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Ich habe doch eingangs geschrieben, dass ich keine Ahnung habe. Daher weiß ich auch nicht, was ich jetzt hier gepostet habe und was ich nun machen soll.


Alt 03.07.2013, 22:37   #6
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Wenn du wie "eingangs" dein Problem beschreiben kannst, dann kannst du mir auch sagen, ob es noch besteht oder nicht .... denke ich zumindest.
__________________
--> Deal Finder löschen?

Alt 03.07.2013, 22:46   #7
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Achso, sorry. Es sind nach wie vor ungewöhnlich lange Ladezeiten beim Browser. In der Zeit kann ich auch nicht zwischen einzelnen Tabs wechseln. Allerdings tauch im Augenblick der "Deal Finder" nicht mehr auf.

Alt 03.07.2013, 22:48   #8
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Okay, das ist ja schon mal was. Schauen wir weiter.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.07.2013, 23:25   #9
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Code:
ATTFilter
ComboFix 13-07-03.01 - Tobias Ebeling 04.07.2013   0:17.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3960.2740 [GMT 2:00]
ausgeführt von:: c:\users\Tobias Ebeling\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tobias Ebeling\AppData\Local\Microsoft\Windows\Temporary Internet Files\{444D40C6-BF38-41FB-930D-22032BE1D9FF}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-03 bis 2013-07-03  ))))))))))))))))))))))))))))))
.
.
2013-07-03 22:20 . 2013-07-03 22:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-03 17:14 . 2013-07-03 17:14	--------	d-----w-	c:\program files\Enigma Software Group
2013-07-03 17:14 . 2013-07-03 19:07	--------	d-----w-	c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-07-03 17:14 . 2013-07-03 17:14	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-30 11:15 . 2013-06-30 11:15	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\IrfanView
2013-06-30 11:15 . 2013-06-30 11:15	--------	d-----w-	c:\program files (x86)\IrfanView
2013-06-30 10:47 . 2013-06-30 10:47	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\Avira
2013-06-30 10:44 . 2013-07-03 15:57	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-30 10:42 . 2013-02-26 14:56	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-06-30 10:42 . 2013-02-26 14:56	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-06-30 10:42 . 2013-02-26 14:56	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-06-30 10:42 . 2013-06-30 10:42	--------	d-----w-	c:\programdata\Avira
2013-06-30 10:42 . 2013-06-30 10:42	--------	d-----w-	c:\program files (x86)\Avira
2013-06-30 10:35 . 2013-06-30 10:35	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-06-30 10:35 . 2013-06-30 11:21	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\DVDVideoSoft
2013-06-30 10:35 . 2013-06-30 10:35	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-06-30 10:25 . 2013-06-30 10:25	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\Freemium
2013-06-30 09:40 . 2013-06-30 09:41	--------	d-----w-	c:\program files (x86)\Plus-HD-2.3
2013-06-30 09:38 . 2013-06-30 09:38	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\DownloadGuide
2013-06-30 08:07 . 2013-06-30 08:07	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\ChanSort
2013-06-20 19:04 . 2013-06-21 16:31	--------	d-----w-	c:\windows\LastGood.Tmp
2013-06-20 18:53 . 2012-10-09 19:00	20856	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2013-06-20 18:53 . 2012-07-26 23:48	40248	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2013-06-20 18:53 . 2012-10-09 19:00	185208	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2013-06-20 18:53 . 2012-10-09 19:00	225144	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2013-06-17 20:36 . 2013-06-17 22:02	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\dvdcss
2013-06-15 18:07 . 2013-05-30 23:24	1257472	----a-w-	c:\windows\system32\kernel32.dll
2013-06-15 18:07 . 2013-05-23 23:01	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-06-15 18:07 . 2013-05-23 22:27	1022464	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-06-15 18:07 . 2013-05-15 02:25	888320	----a-w-	c:\windows\system32\autochk.exe
2013-06-15 18:07 . 2013-05-15 02:25	542208	----a-w-	c:\windows\system32\untfs.dll
2013-06-15 18:07 . 2013-05-15 02:24	793088	----a-w-	c:\windows\SysWow64\autochk.exe
2013-06-15 18:07 . 2013-05-15 02:24	482816	----a-w-	c:\windows\SysWow64\untfs.dll
2013-06-13 16:52 . 2013-04-27 05:20	733184	----a-w-	c:\windows\system32\win32spl.dll
2013-06-13 08:41 . 2013-05-10 02:42	17271808	----a-w-	c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 08:41 . 2013-05-10 02:21	16642560	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 07:05 . 2013-04-23 23:12	1569792	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-13 07:05 . 2013-04-23 22:56	1255936	----a-w-	c:\windows\system32\certutil.exe
2013-06-13 07:05 . 2013-04-23 22:55	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-06-13 07:05 . 2013-04-23 23:13	1013248	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-13 07:05 . 2013-04-23 23:12	109056	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-13 07:05 . 2013-04-23 22:55	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-13 07:05 . 2013-04-23 22:55	141312	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-13 05:40 . 2013-05-04 07:45	2233600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-13 05:40 . 2013-04-02 23:12	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-13 05:40 . 2013-04-02 23:37	25088	----a-w-	c:\windows\SysWow64\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 09:39 . 2013-04-27 12:24	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 18:01 . 2013-05-14 17:47	17617288	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-04 22:09 . 2012-07-26 08:14	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2012-07-26 08:14	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-25 09:59 . 2012-07-26 08:13	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-21 09:58 . 2013-04-25 17:37	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-16 02:34 . 2013-05-21 16:16	1455368	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 05:56 . 2013-05-17 09:22	444416	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40 . 2013-05-20 13:27	6987528	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-09 05:33 . 2013-05-20 13:30	446792	----a-w-	c:\windows\system32\AudioSes.dll
2013-04-09 05:33 . 2013-05-20 13:30	489576	----a-w-	c:\windows\system32\AudioEng.dll
2013-04-09 05:33 . 2013-05-20 13:30	253544	----a-w-	c:\windows\system32\audiodg.exe
2013-04-09 05:20 . 2013-05-20 13:30	306952	----a-w-	c:\windows\system32\kd_02_10ec.dll
2013-04-09 05:20 . 2013-05-20 13:30	86280	----a-w-	c:\windows\system32\kdnet.dll
2013-04-09 05:18 . 2013-05-20 13:30	77960	----a-w-	c:\windows\system32\kdvm.dll
2013-04-09 05:17 . 2013-05-20 13:30	1829408	----a-w-	c:\windows\system32\ntdll.dll
2013-04-09 04:52 . 2013-05-20 13:30	816128	----a-w-	c:\windows\system32\SearchIndexer.exe
2013-04-09 04:52 . 2013-05-20 13:30	373760	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2013-04-09 04:52 . 2013-05-20 13:30	197120	----a-w-	c:\windows\system32\SearchFilterHost.exe
2013-04-09 04:52 . 2013-05-20 13:30	126464	----a-w-	c:\windows\system32\Robocopy.exe
2013-04-09 04:52 . 2013-05-20 13:30	804352	----a-w-	c:\windows\system32\RecoveryDrive.exe
2013-04-09 04:51 . 2013-05-20 13:30	367616	----a-w-	c:\windows\system32\conhost.exe
2013-04-09 04:51 . 2013-05-20 13:30	523264	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-09 04:51 . 2013-05-20 13:30	456704	----a-w-	c:\windows\system32\wpncore.dll
2013-04-09 04:51 . 2013-05-20 13:30	99840	----a-w-	c:\windows\system32\wscsvc.dll
2013-04-09 04:51 . 2013-05-20 13:30	14267904	----a-w-	c:\windows\system32\wmp.dll
2013-04-09 04:51 . 2013-05-20 13:30	595456	----a-w-	c:\windows\system32\Windows.Networking.dll
2013-04-09 04:51 . 2013-05-20 13:30	391168	----a-w-	c:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51 . 2013-05-20 13:30	3552768	----a-w-	c:\windows\system32\tquery.dll
2013-04-09 04:50 . 2013-05-20 13:29	414720	----a-w-	c:\windows\system32\GenuineCenter.dll
2013-04-09 04:50 . 2013-05-20 13:30	1285632	----a-w-	c:\windows\system32\schedsvc.dll
2013-04-09 04:50 . 2013-05-20 13:30	422400	----a-w-	c:\windows\system32\schannel.dll
2013-04-09 04:50 . 2013-05-20 13:30	2107904	----a-w-	c:\windows\system32\mssrch.dll
2013-04-09 04:50 . 2013-05-20 13:29	745984	----a-w-	c:\windows\system32\mssvp.dll
2013-04-09 04:50 . 2013-05-20 13:29	96256	----a-w-	c:\windows\system32\mssprxy.dll
2013-04-09 04:50 . 2013-05-20 13:30	435200	----a-w-	c:\windows\system32\mssph.dll
2013-04-09 04:50 . 2013-05-20 13:29	13824	----a-w-	c:\windows\system32\msshooks.dll
2013-04-09 04:50 . 2013-05-20 13:29	65024	----a-w-	c:\windows\system32\msscntrs.dll
2013-04-09 04:49 . 2013-05-20 13:30	1444864	----a-w-	c:\windows\system32\MSAudDecMFT.dll
2013-04-09 04:49 . 2013-05-20 13:30	468992	----a-w-	c:\windows\system32\MFMediaEngine.dll
2013-04-09 04:49 . 2013-05-20 13:30	281088	----a-w-	c:\windows\system32\mfreadwrite.dll
2013-04-09 04:49 . 2013-05-20 13:30	817152	----a-w-	c:\windows\system32\kerberos.dll
2013-04-09 04:49 . 2013-05-20 13:30	210432	----a-w-	c:\windows\system32\iuilp.dll
2013-04-09 04:49 . 2013-05-20 13:30	231936	----a-w-	c:\windows\system32\fhengine.dll
2013-04-09 04:49 . 2013-05-20 13:29	50176	----a-w-	c:\windows\system32\fmifs.dll
2013-04-09 04:49 . 2013-05-20 13:30	172544	----a-w-	c:\windows\system32\dwmredir.dll
2013-04-09 04:49 . 2013-05-20 13:30	196096	----a-w-	c:\windows\system32\dmvdsitf.dll
2013-04-09 04:48 . 2013-05-20 13:30	785408	----a-w-	c:\windows\system32\audiosrv.dll
2013-04-09 04:48 . 2013-05-20 13:30	169472	----a-w-	c:\windows\system32\AudioEndpointBuilder.dll
2013-04-09 02:35 . 2013-05-20 13:30	4038144	----a-w-	c:\windows\system32\win32k.sys
2013-04-09 02:34 . 2013-05-20 13:30	95744	----a-w-	c:\windows\system32\drivers\hidbth.sys
2013-04-09 02:33 . 2013-05-20 13:29	60416	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2013-04-09 02:33 . 2013-05-20 13:30	623104	----a-w-	c:\windows\system32\drivers\srv2.sys
2013-04-09 02:32 . 2013-05-20 13:30	805376	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2013-04-09 02:31 . 2013-05-20 13:30	247808	----a-w-	c:\windows\system32\drivers\srvnet.sys
2013-04-09 02:31 . 2013-05-20 13:29	83456	----a-w-	c:\windows\system32\drivers\wanarp.sys
2013-04-08 23:44 . 2013-05-20 13:30	123880	----a-w-	c:\windows\SysWow64\wscapi.dll
2013-04-08 23:39 . 2013-05-20 13:30	1408896	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-04-08 23:37 . 2013-05-20 13:30	426024	----a-w-	c:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37 . 2013-05-20 13:30	324368	----a-w-	c:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52 . 2013-05-20 13:30	302592	----a-w-	c:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52 . 2013-05-20 13:30	670208	----a-w-	c:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52 . 2013-05-20 13:30	171008	----a-w-	c:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52 . 2013-05-20 13:30	106496	----a-w-	c:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52 . 2013-05-20 13:30	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-08 21:51 . 2013-05-20 13:30	411136	----a-w-	c:\windows\SysWow64\Windows.Networking.dll
2013-04-08 21:51 . 2013-05-20 13:30	268800	----a-w-	c:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-04-08 21:51 . 2013-05-20 13:30	2767360	----a-w-	c:\windows\SysWow64\tquery.dll
2013-04-08 21:51 . 2013-05-20 13:30	324096	----a-w-	c:\windows\SysWow64\schannel.dll
2013-04-08 21:51 . 2013-05-20 13:30	1593344	----a-w-	c:\windows\SysWow64\mssrch.dll
2013-04-08 21:51 . 2013-05-20 13:30	403968	----a-w-	c:\windows\SysWow64\mssph.dll
2013-04-08 21:51 . 2013-05-20 13:30	659456	----a-w-	c:\windows\SysWow64\mssvp.dll
2013-04-08 21:51 . 2013-05-20 13:29	186880	----a-w-	c:\windows\SysWow64\mssphtb.dll
2013-04-08 21:51 . 2013-05-20 13:29	35328	----a-w-	c:\windows\SysWow64\mssprxy.dll
2013-04-08 21:51 . 2013-05-20 13:29	10752	----a-w-	c:\windows\SysWow64\msshooks.dll
2013-04-08 21:51 . 2013-05-20 13:30	1113600	----a-w-	c:\windows\SysWow64\MSAudDecMFT.dll
2013-04-08 21:51 . 2013-05-20 13:30	214528	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2013-04-08 21:51 . 2013-05-20 13:29	361984	----a-w-	c:\windows\SysWow64\MFMediaEngine.dll
2013-04-08 21:51 . 2013-05-20 13:30	656896	----a-w-	c:\windows\SysWow64\kerberos.dll
2013-04-08 21:51 . 2013-05-20 13:29	41984	----a-w-	c:\windows\SysWow64\fmifs.dll
2013-04-08 21:51 . 2013-05-20 13:30	155648	----a-w-	c:\windows\SysWow64\dmvdsitf.dll
2013-04-04 23:30 . 2013-05-20 13:30	503080	----a-w-	c:\windows\system32\ci.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-25 508656]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-03 345144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-10-21 522616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-25 18:01]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001Core.job
- c:\users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-30 09:32]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001UA.job
- c:\users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-30 09:32]
.
2013-07-03 c:\windows\Tasks\Plus-HD-2.3-chromeinstaller.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-06-30 09:40]
.
2013-07-03 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-30 09:41]
.
2013-07-03 c:\windows\Tasks\Plus-HD-2.3-enabler.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-06-30 09:41]
.
2013-07-03 c:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-06-30 09:41]
.
2013-07-03 c:\windows\Tasks\Plus-HD-2.3-updater.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-06-30 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-01-05 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-01-05 191544]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - c:\program files (x86)\LyricsWoofer\116.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-lwoofer@lyricswoofer.co - c:\program files (x86)\LyricsWoofer\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-07-04  00:22:18
ComboFix-quarantined-files.txt  2013-07-03 22:22
.
Vor Suchlauf: 8 Verzeichnis(se), 187.386.478.592 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 187.437.559.808 Bytes frei
.
- - End Of File - - 2809E2E3C3F07A88E5A0B5911B2646DC
D41D8CD98F00B204E9800998ECF8427E
         
Es hat sich aber auch nach einem Neustart nichts an der langsamen Geschwindigkeit und langen Ladezeit bei Firefox geändert

Alt 03.07.2013, 23:47   #10
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Nein, das war an der Stelle auch nicht zu erwarten. Aber wenn du sinnfreie Software runterlädst dann ist das schon zu erwarten,d ass die Kiste in die Knie geht. Wir entfernen mal ein wenig:

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
    c:\program files (x86)\Plus-HD-2.3
    c:\program files\Enigma Software Group
    
    Driver::
    esgiguard
             

  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 04.07.2013, 00:04   #11
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Code:
ATTFilter
ComboFix 13-07-03.01 - Tobias Ebeling 04.07.2013   0:54.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3960.2967 [GMT 2:00]
ausgeführt von:: c:\users\Tobias Ebeling\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tobias Ebeling\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Plus-HD-2.3
c:\program files (x86)\Plus-HD-2.3\33426.crx
c:\program files (x86)\Plus-HD-2.3\33426.xpi
c:\program files (x86)\Plus-HD-2.3\background.html
c:\program files (x86)\Plus-HD-2.3\Installer.log
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-bg.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil.dll
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.dll
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-helper.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe
c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3.ico
c:\program files (x86)\Plus-HD-2.3\Uninstall.exe
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130703_191454.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_esgiguard
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-03 bis 2013-07-03  ))))))))))))))))))))))))))))))
.
.
2013-07-03 22:58 . 2013-07-03 22:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-03 22:22 . 2013-07-03 22:58	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\temp
2013-07-03 17:14 . 2013-07-03 19:07	--------	d-----w-	c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-07-03 17:14 . 2013-07-03 17:14	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-30 11:15 . 2013-06-30 11:15	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\IrfanView
2013-06-30 11:15 . 2013-06-30 11:15	--------	d-----w-	c:\program files (x86)\IrfanView
2013-06-30 10:47 . 2013-06-30 10:47	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\Avira
2013-06-30 10:44 . 2013-07-03 15:57	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-30 10:42 . 2013-02-26 14:56	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-06-30 10:42 . 2013-02-26 14:56	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-06-30 10:42 . 2013-02-26 14:56	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-06-30 10:42 . 2013-06-30 10:42	--------	d-----w-	c:\programdata\Avira
2013-06-30 10:42 . 2013-06-30 10:42	--------	d-----w-	c:\program files (x86)\Avira
2013-06-30 10:35 . 2013-06-30 10:35	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-06-30 10:35 . 2013-06-30 11:21	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\DVDVideoSoft
2013-06-30 10:35 . 2013-06-30 10:35	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-06-30 10:25 . 2013-06-30 10:25	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\Freemium
2013-06-30 09:38 . 2013-06-30 09:38	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\DownloadGuide
2013-06-30 08:07 . 2013-06-30 08:07	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Local\ChanSort
2013-06-20 19:04 . 2013-06-21 16:31	--------	d-----w-	c:\windows\LastGood.Tmp
2013-06-20 18:53 . 2012-10-09 19:00	20856	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2013-06-20 18:53 . 2012-07-26 23:48	40248	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2013-06-20 18:53 . 2012-10-09 19:00	185208	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2013-06-20 18:53 . 2012-10-09 19:00	225144	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2013-06-17 20:36 . 2013-06-17 22:02	--------	d-----w-	c:\users\Tobias Ebeling\AppData\Roaming\dvdcss
2013-06-15 18:07 . 2013-05-30 23:24	1257472	----a-w-	c:\windows\system32\kernel32.dll
2013-06-15 18:07 . 2013-05-23 23:01	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-06-15 18:07 . 2013-05-23 22:27	1022464	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-06-15 18:07 . 2013-05-15 02:25	888320	----a-w-	c:\windows\system32\autochk.exe
2013-06-15 18:07 . 2013-05-15 02:25	542208	----a-w-	c:\windows\system32\untfs.dll
2013-06-15 18:07 . 2013-05-15 02:24	793088	----a-w-	c:\windows\SysWow64\autochk.exe
2013-06-15 18:07 . 2013-05-15 02:24	482816	----a-w-	c:\windows\SysWow64\untfs.dll
2013-06-13 16:52 . 2013-04-27 05:20	733184	----a-w-	c:\windows\system32\win32spl.dll
2013-06-13 08:41 . 2013-05-10 02:42	17271808	----a-w-	c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 08:41 . 2013-05-10 02:21	16642560	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 07:05 . 2013-04-23 23:12	1569792	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-13 07:05 . 2013-04-23 22:56	1255936	----a-w-	c:\windows\system32\certutil.exe
2013-06-13 07:05 . 2013-04-23 22:55	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-06-13 07:05 . 2013-04-23 23:13	1013248	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-13 07:05 . 2013-04-23 23:12	109056	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-13 07:05 . 2013-04-23 22:55	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-13 07:05 . 2013-04-23 22:55	141312	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-13 05:40 . 2013-05-04 07:45	2233600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-13 05:40 . 2013-04-02 23:12	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-13 05:40 . 2013-04-02 23:37	25088	----a-w-	c:\windows\SysWow64\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 09:39 . 2013-04-27 12:24	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 18:01 . 2013-05-14 17:47	17617288	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-04 22:09 . 2012-07-26 08:14	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2012-07-26 08:14	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-25 09:59 . 2012-07-26 08:13	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-21 09:58 . 2013-04-25 17:37	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-16 02:34 . 2013-05-21 16:16	1455368	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 05:56 . 2013-05-17 09:22	444416	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40 . 2013-05-20 13:27	6987528	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-09 05:33 . 2013-05-20 13:30	446792	----a-w-	c:\windows\system32\AudioSes.dll
2013-04-09 05:33 . 2013-05-20 13:30	489576	----a-w-	c:\windows\system32\AudioEng.dll
2013-04-09 05:33 . 2013-05-20 13:30	253544	----a-w-	c:\windows\system32\audiodg.exe
2013-04-09 05:20 . 2013-05-20 13:30	306952	----a-w-	c:\windows\system32\kd_02_10ec.dll
2013-04-09 05:20 . 2013-05-20 13:30	86280	----a-w-	c:\windows\system32\kdnet.dll
2013-04-09 05:18 . 2013-05-20 13:30	77960	----a-w-	c:\windows\system32\kdvm.dll
2013-04-09 05:17 . 2013-05-20 13:30	1829408	----a-w-	c:\windows\system32\ntdll.dll
2013-04-09 04:52 . 2013-05-20 13:30	816128	----a-w-	c:\windows\system32\SearchIndexer.exe
2013-04-09 04:52 . 2013-05-20 13:30	373760	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2013-04-09 04:52 . 2013-05-20 13:30	197120	----a-w-	c:\windows\system32\SearchFilterHost.exe
2013-04-09 04:52 . 2013-05-20 13:30	126464	----a-w-	c:\windows\system32\Robocopy.exe
2013-04-09 04:52 . 2013-05-20 13:30	804352	----a-w-	c:\windows\system32\RecoveryDrive.exe
2013-04-09 04:51 . 2013-05-20 13:30	367616	----a-w-	c:\windows\system32\conhost.exe
2013-04-09 04:51 . 2013-05-20 13:30	523264	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-09 04:51 . 2013-05-20 13:30	456704	----a-w-	c:\windows\system32\wpncore.dll
2013-04-09 04:51 . 2013-05-20 13:30	99840	----a-w-	c:\windows\system32\wscsvc.dll
2013-04-09 04:51 . 2013-05-20 13:30	14267904	----a-w-	c:\windows\system32\wmp.dll
2013-04-09 04:51 . 2013-05-20 13:30	595456	----a-w-	c:\windows\system32\Windows.Networking.dll
2013-04-09 04:51 . 2013-05-20 13:30	391168	----a-w-	c:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51 . 2013-05-20 13:30	3552768	----a-w-	c:\windows\system32\tquery.dll
2013-04-09 04:50 . 2013-05-20 13:29	414720	----a-w-	c:\windows\system32\GenuineCenter.dll
2013-04-09 04:50 . 2013-05-20 13:30	1285632	----a-w-	c:\windows\system32\schedsvc.dll
2013-04-09 04:50 . 2013-05-20 13:30	422400	----a-w-	c:\windows\system32\schannel.dll
2013-04-09 04:50 . 2013-05-20 13:30	2107904	----a-w-	c:\windows\system32\mssrch.dll
2013-04-09 04:50 . 2013-05-20 13:29	745984	----a-w-	c:\windows\system32\mssvp.dll
2013-04-09 04:50 . 2013-05-20 13:29	96256	----a-w-	c:\windows\system32\mssprxy.dll
2013-04-09 04:50 . 2013-05-20 13:30	435200	----a-w-	c:\windows\system32\mssph.dll
2013-04-09 04:50 . 2013-05-20 13:29	13824	----a-w-	c:\windows\system32\msshooks.dll
2013-04-09 04:50 . 2013-05-20 13:29	65024	----a-w-	c:\windows\system32\msscntrs.dll
2013-04-09 04:49 . 2013-05-20 13:30	1444864	----a-w-	c:\windows\system32\MSAudDecMFT.dll
2013-04-09 04:49 . 2013-05-20 13:30	468992	----a-w-	c:\windows\system32\MFMediaEngine.dll
2013-04-09 04:49 . 2013-05-20 13:30	281088	----a-w-	c:\windows\system32\mfreadwrite.dll
2013-04-09 04:49 . 2013-05-20 13:30	817152	----a-w-	c:\windows\system32\kerberos.dll
2013-04-09 04:49 . 2013-05-20 13:30	210432	----a-w-	c:\windows\system32\iuilp.dll
2013-04-09 04:49 . 2013-05-20 13:30	231936	----a-w-	c:\windows\system32\fhengine.dll
2013-04-09 04:49 . 2013-05-20 13:29	50176	----a-w-	c:\windows\system32\fmifs.dll
2013-04-09 04:49 . 2013-05-20 13:30	172544	----a-w-	c:\windows\system32\dwmredir.dll
2013-04-09 04:49 . 2013-05-20 13:30	196096	----a-w-	c:\windows\system32\dmvdsitf.dll
2013-04-09 04:48 . 2013-05-20 13:30	785408	----a-w-	c:\windows\system32\audiosrv.dll
2013-04-09 04:48 . 2013-05-20 13:30	169472	----a-w-	c:\windows\system32\AudioEndpointBuilder.dll
2013-04-09 02:35 . 2013-05-20 13:30	4038144	----a-w-	c:\windows\system32\win32k.sys
2013-04-09 02:34 . 2013-05-20 13:30	95744	----a-w-	c:\windows\system32\drivers\hidbth.sys
2013-04-09 02:33 . 2013-05-20 13:29	60416	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2013-04-09 02:33 . 2013-05-20 13:30	623104	----a-w-	c:\windows\system32\drivers\srv2.sys
2013-04-09 02:32 . 2013-05-20 13:30	805376	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2013-04-09 02:31 . 2013-05-20 13:30	247808	----a-w-	c:\windows\system32\drivers\srvnet.sys
2013-04-09 02:31 . 2013-05-20 13:29	83456	----a-w-	c:\windows\system32\drivers\wanarp.sys
2013-04-08 23:44 . 2013-05-20 13:30	123880	----a-w-	c:\windows\SysWow64\wscapi.dll
2013-04-08 23:39 . 2013-05-20 13:30	1408896	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-04-08 23:37 . 2013-05-20 13:30	426024	----a-w-	c:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37 . 2013-05-20 13:30	324368	----a-w-	c:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52 . 2013-05-20 13:30	302592	----a-w-	c:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52 . 2013-05-20 13:30	670208	----a-w-	c:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52 . 2013-05-20 13:30	171008	----a-w-	c:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52 . 2013-05-20 13:30	106496	----a-w-	c:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52 . 2013-05-20 13:30	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-08 21:51 . 2013-05-20 13:30	411136	----a-w-	c:\windows\SysWow64\Windows.Networking.dll
2013-04-08 21:51 . 2013-05-20 13:30	268800	----a-w-	c:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-04-08 21:51 . 2013-05-20 13:30	2767360	----a-w-	c:\windows\SysWow64\tquery.dll
2013-04-08 21:51 . 2013-05-20 13:30	324096	----a-w-	c:\windows\SysWow64\schannel.dll
2013-04-08 21:51 . 2013-05-20 13:30	1593344	----a-w-	c:\windows\SysWow64\mssrch.dll
2013-04-08 21:51 . 2013-05-20 13:30	403968	----a-w-	c:\windows\SysWow64\mssph.dll
2013-04-08 21:51 . 2013-05-20 13:30	659456	----a-w-	c:\windows\SysWow64\mssvp.dll
2013-04-08 21:51 . 2013-05-20 13:29	186880	----a-w-	c:\windows\SysWow64\mssphtb.dll
2013-04-08 21:51 . 2013-05-20 13:29	35328	----a-w-	c:\windows\SysWow64\mssprxy.dll
2013-04-08 21:51 . 2013-05-20 13:29	10752	----a-w-	c:\windows\SysWow64\msshooks.dll
2013-04-08 21:51 . 2013-05-20 13:30	1113600	----a-w-	c:\windows\SysWow64\MSAudDecMFT.dll
2013-04-08 21:51 . 2013-05-20 13:30	214528	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2013-04-08 21:51 . 2013-05-20 13:29	361984	----a-w-	c:\windows\SysWow64\MFMediaEngine.dll
2013-04-08 21:51 . 2013-05-20 13:30	656896	----a-w-	c:\windows\SysWow64\kerberos.dll
2013-04-08 21:51 . 2013-05-20 13:29	41984	----a-w-	c:\windows\SysWow64\fmifs.dll
2013-04-08 21:51 . 2013-05-20 13:30	155648	----a-w-	c:\windows\SysWow64\dmvdsitf.dll
2013-04-04 23:30 . 2013-05-20 13:30	503080	----a-w-	c:\windows\system32\ci.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}]
c:\program files (x86)\LyricsWoofer\116.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-25 508656]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-03 345144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-10-21 522616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-25 18:01]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001Core.job
- c:\users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-30 09:32]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001UA.job
- c:\users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-30 09:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-01-05 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-01-05 191544]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-lwoofer@lyricswoofer.co - c:\program files (x86)\LyricsWoofer\uninstall.exe
AddRemove-Plus-HD-2.3 - c:\program files (x86)\Plus-HD-2.3\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-04  01:02:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-03 23:02
ComboFix2.txt  2013-07-03 22:22
.
Vor Suchlauf: 13 Verzeichnis(se), 187.502.260.224 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 187.263.418.368 Bytes frei
.
- - End Of File - - A198DA4B73BAA4FD4356AF7DD54C1272
D41D8CD98F00B204E9800998ECF8427E
         
Weiterhin noch keine Veränderung.

Alt 04.07.2013, 00:06   #12
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!


Schritt 3:

Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 04.07.2013, 07:28   #13
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.03.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Tobias Ebeling :: EBELINGT [Administrator]

04.07.2013 01:15:26
mbam-log-2013-07-04 (01-15-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213968
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4281c6af3dbb354db7dd615ec2fa1b43
# engine=14262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 12:27:04
# local_time=2013-07-04 02:27:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 9059 238320914 0 0
# compatibility_mode=5893 16776574 100 94 5852233 32403735 0 0
# scanned=174406
# found=0
# cleaned=0
# scan_time=3577
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Guten Morgen!
Die langen Ladezeiten des Browsers sind unverändert.

Alt 04.07.2013, 08:49   #14
ryder
/// TB-Ausbilder
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Ja daran haben wir auch noch nichts geändert.

Browserreset mit ZOEK

Achtung! Sichere vorher deine Bookmarks und persönlichen Einstellungen!

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Silent Runners
    • Firefox Defaults
    • Reset Chrome
    • Shortcut Fix
    • IE Defaults
    • Reset Hosts
    • Auto Clean
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 04.07.2013, 15:34   #15
MasterT83
 
Deal Finder löschen? - Standard

Deal Finder löschen?



Code:
ATTFilter
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by Tobias Ebeling on 04.07.2013 at 16:20:16,10.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

04.07.2013 16:21:15 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\prefs.js:

ProfilePath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default

user.js not found
---- Lines crossrider removed from prefs.js ----


---- Lines crossrider modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1623_.backup

==== Deleting Files \ Folders ======================

"C:\windows\SysNative\Tasks\EPUpdater" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Users\Tobias Ebeling\AppData\Local\DownloadGuide" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default
- Plus-HD-2.3 - %ProfilePath%\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default
3D928B3FE97C403A33F803B3D1A260C9	- C:\Users\Tobias Ebeling\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll -	Google Update
3D76B5C0E02ECC19C1F5756E8FD97F72	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jnikkfemnfogahcandhlchoengjbeaij - C:\Program Files (x86)\LyricsWoofer\116.crx[]

Docs - Tobias Ebeling - Default\Extensions\aohghmighlieiainnegkcijnfilokake
LyricsWoofer - Tobias Ebeling - Default\Extensions\jnikkfemnfogahcandhlchoengjbeaij
Plus-HD-2.3 - Tobias Ebeling - Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

==== Chrome Fix ======================

C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikkfemnfogahcandhlchoengjbeaij deleted successfully
C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{DAB515FE-C231-4B5E-9538-D6DBBFA5ECEE} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2003283359-3443890453-1627890408-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DAB515FE-C231-4B5E-9538-D6DBBFA5ECEE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Tobias Ebeling\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Tobias Ebeling\Desktop\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe 
C:\Users\Tobias Ebeling\Desktop\Zattoo.lnk - C:\Program Files (x86)\Zattoo4\Zattoo.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 
C:\Users\Public\Desktop\Benutzerhandbuch.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe 
C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe 
C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe --domain F0399437-FD0C-4A48-B101-F0314A6172E4
C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe 
C:\Users\Public\Desktop\Lenovo YouCam.lnk - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe 
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Public\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD-RW-Laufwerk (E) OTTO_S_ELEVEN.lnk - E:\ 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\edithewei2013.lnk - F:\Downloads\edithewei2013.zip 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth\GT-I9300.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTWUIExt.exe  /deviceAddr=1c66aa126d3e
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Readme anzeigen.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Bluetooth.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Libraries 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jnikkfemnfogahcandhlchoengjbeaij deleted successfully

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\WINDOWS\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\WINDOWS\system32\igfxpers.exe [Intel Corporation]
SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t [Conexant Systems, Inc.]
cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [Conexant Systems, Inc.]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [Lenovo (Beijing) Limited]
EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [Lenovo(beijing) Limited]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Dolby Advanced Audio v2 = "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [null data]
331BigDog = C:\Program Files (x86)\USB Camera\VM331STI.EXE [Vimicro]
YouCam Mirage = "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [CyberLink]
YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [CyberLink Corp.]
UpdateP2GShortCut = "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [CyberLink Corp.]
RemoteControl10 = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [CyberLink Corp.]
Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [Intel Corporation]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SugarSyncBackedUp\(Default) = {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}
  -> {HKLM...CLSID} = BackedUpOverlay Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]

SugarSyncPending\(Default) = {62CCD8E3-9C21-41E1-B55E-1E26DFC68511}
  -> {HKLM...CLSID} = PendingOverlay Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]

SugarSyncRoot\(Default) = {A759AFF6-5851-457D-A540-F4ECED148351}
  -> {HKLM...CLSID} = RootFolderOverlay Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]

SugarSyncShared\(Default) = {1574C9EF-7D58-488F-B358-8B78C1538F51}
  -> {HKLM...CLSID} = SharedOverlay Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = Lenovo
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]

{2d3dd4c0-3bd7-11d2-821e-444553540000} = WdmidleDeviceShellExtension
  -> {HKLM...CLSID} = WdmidleDeviceShellExtension
                   \InProcServer32\(Default) = c:\program files (x86)\lenovo\energy management\powcpl.dll [null data]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise-Projekte
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM...CLSID} = iTunes
                   \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor
  -> {HKLM...CLSID} = Monitor Class
                   \InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = BtwCredentialProvider
  -> {HKLM...CLSID} = BtwCredentialProvider
                   \InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

SugarSync\(Default) = {305BC11B-5175-492B-B569-866547FCDA40}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}
  -> {HKLM...CLSID} = Monitor Class
                   \InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

SugarSync\(Default) = {305BC11B-5175-492B-B569-866547FCDA40}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]


Default executables:
--------------------

.hta
HKLM\SOFTWARE\Classes\htafile\(Default) = HTML Application
HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = C:\WINDOWS\SysWOW64\mshta.exe "%1" %* [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MagicUSBCable\
Provider = @%windir%\system32\migwiz\wet.dll,-588
CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}
  -> {HKLM...CLSID} = Magic USB Cable Class ID
                   \LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS]

MSFhConfigBackup\
Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100
InvokeProgID = FHConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

MSWPDNetworkConfigHandler\
Provider = @C:\WINDOWS\system32\wpdshext.dll,-503
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe"  "%L" [Cyberlink]

P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe"  "%L" [Cyberlink]

PDVD10PlayCDAudioOnArrival\
Provider = PowerDVD 10
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD10PlayDVDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD10PlaySVCDOnArrival\
Provider = PowerDVD 10
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD10PlayVCDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WinampMTPHandler\
Provider = Winamp
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files (x86)\Winamp\winamp.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
                   \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

WinampPlayMediaOnArrival\
Provider = Winamp
InvokeProgID = Winamp.File
InvokeVerb = Play
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files (x86)\Winamp\winamp.exe" "%1" [Nullsoft, Inc.]


Startup items in "Tobias Ebeling" & "All Users" startup folders:
----------------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
Bluetooth -> shortcut to: C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [Broadcom Corporation.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Desk 365 RunAsStdUser ->  launches: C:\Program Files (x86)\Desk 365\desk365.exe /autorun [file not found]
GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001Core ->  launches: C:\Users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001UA ->  launches: C:\Users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [CyberLink]
Software Updater ->  launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [file not found]
Software Updater Ui ->  launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
SmartScreenSpecific ->  launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
  -> {HKLM...CLSID} = Windows SmartScreen Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent /increment [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
StartupAppTask ->  launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
CleanupTemporaryState ->  launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan ->  launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
  -> {HKLM...CLSID} = Proactive Scan
                   \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
  -> {HKLM...CLSID} = BthSQM
                   \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS]
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
  -> {HKLM...CLSID} = DsmRefreshTask Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) ->  launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
  -> {HKLM...CLSID} = FhTaskHandler Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: A9A33436-678B-4c9c-A211-7CC38785E79D
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser ->  launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\WINDOWS\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup ->  launches: C:\WINDOWS\System32\lpksetup.exe -v [MS]
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder ->  launches: C:\WINDOWS\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
BindingWorkItemQueueHandler ->  launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
  -> {HKLM...CLSID} = Binding Engine Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
  -> {HKLM...Wow...CLSID} = Binding Engine Task Handler
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Sqm-Tasks ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
  -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
  -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                   \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers ->  launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup ->  launches: dism.exe /online /cleanup-image /startcomponentcleanup /asynchronous [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
  -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncInfo.dll [MS]
  -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncInfo.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
  -> {HKLM...CLSID} = Shell Create Object Task Delegate
                   \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
  -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                         \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
FamilySafetyMonitor ->  launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefresh ->  launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
  -> {HKLM...CLSID} = FamilySafety.WebSync
                   \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
IndexerAutomaticMaintenance ->  launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
  -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                   \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
  -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                         \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask ->  launches: %windir%\system32\SpaceAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
WsSwapAssessmentTask ->  launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
Maintenance Configurator ->  launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
  -> {HKLM...CLSID} = Maintenance Configurator
                   \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]
Manual Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
  -> {HKLM...CLSID} = Maintenance Launcher Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]
Regular Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
  -> {HKLM...CLSID} = Maintenance Launcher Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime ->  launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
  -> {HKLM...CLSID} = Time Synchronization Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-Maintenance ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start ->  launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WS
Badge Update ->  launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
  -> {HKLM...CLSID} = WinStore Tile Badge Updater
                   \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS]
License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
Sync Licenses ->  launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
  -> {HKLM...CLSID} = WinStore License Sync task
                   \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS]
WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
WSTask ->  launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Avira Echtzeit-Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Bluetooth Radio Control Service, BcmBtRSupport, C:\WINDOWS\system32\BtwRSupportService.exe [Broadcom Corporation.]
Bluetooth Service, btwdins, C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [Broadcom Corporation.]
Conexant Audio Message Service, CxAudMsg, C:\WINDOWS\system32\CxAudMsg64.exe [Conexant Systems Inc.]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Elan Service, ETDService, C:\Program Files\Elantech\ETDService.exe [ELAN Microelectronics Corp.]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS, 
<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS, 
<<!>> PEVSystemStart, Service




==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tobias Ebeling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tobias Ebeling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Tobias Ebeling\AppData\Local\Mozilla\Firefox\Profiles\criq7e9y.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\TOBIAS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04.07.2013 at 16:29:43,54 ======================
         
Ich kann nun wieder zwischen verschiedenen Tabs schnell hin und her wechseln, allerdings ist die Ladezeit und das Ladesymbol für die einzelnen Seiten immer noch deutlich verlangsamt.

Antwort

Themen zu Deal Finder löschen?
abend, abgelaufen, ahnung, avira, benötige, beseitigung, compu, computer, deal finder, fenster, finder, firefox, geschwindigkeit, guten, hoffe, lange, lange ladezeiten, langsam, löschen, namen, schritt, surfe, surfen, tagen, vernünftig, wahrscheinlich, öffnet



Ähnliche Themen: Deal Finder löschen?


  1. Deal-Finder und Java Update
    Log-Analyse und Auswertung - 18.05.2014 (16)
  2. Deal Finder Firefox stört beim surfen wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (17)
  3. Deal Finder entfernen
    Anleitungen, FAQs & Links - 18.12.2013 (2)
  4. Problem mit Firefox - Deal Finder & rot unterstrichene Wörter
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (9)
  5. Deal Finder, Delta Search verhindern
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (5)
  6. Deal Finder eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (7)
  7. Kriege Deal Finder nicht entfernt
    Log-Analyse und Auswertung - 04.10.2013 (3)
  8. Deal Finder - bin ebenfalls betroffen...
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (7)
  9. Plus Hd taucht immer wieder auf+Deal Finder
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (5)
  10. Deal Finder unter Windows 8 entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (5)
  11. Deal Finder kann nicht gelöscht werden!
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (1)
  12. Deal-Finder und unzählbare Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (20)
  13. Superfish Deal Finder Preisvergleich bei ebay
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (12)
  14. Deal Finder auf amazon + stij.exe
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (11)
  15. Deal Finder und Links Bilder
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (7)
  16. Browse to Save Deal Finder und Webseach
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (3)
  17. Deal Finder Nervensäge
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (11)

Zum Thema Deal Finder löschen? - Guten Abend, vorweg: ich habe so gut wie keine Ahnung von Computern, befolge aber gerne jeden Schritt, den ihr mir hoffentlich zur Beseitigung meines Problems vorgebt. Seit einigen Tagen ist - Deal Finder löschen?...
Archiv
Du betrachtest: Deal Finder löschen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.