Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Kein Browser läuft mehr durch Adware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2014, 21:11   #1
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Hallo,

Habe wohl einen Virus o.ä. auf meinem System, Win7.

Symptome:

Zuerst erscheinen zwei kleinere schwarze Fenster für ca. 1 sek. oben rechts im Bildschirm während ich arbeite, browse... Dann sind sie drin und es geht los

Es öffnen sich ständig neue Fenster mit Werbung (FLV-Player u.ä. Angebots Reiter erscheinen von rechts und beim drüberfahren von Buttons mit der Maus. Browser ist total verseucht.

Was ich bisher getan habe:

Windows Systemwiederherstellung auf ein Datum wo noch alles ok war. Browser deinstalliert (firefox) und neu installiert. Am Anfang alles gut und irgendwann so nach 1-2 Tagen kommen dann wieder die zwei kleinen schwarzen Fenster

Nach einer Bereinigung des Systems durch Malwarebytes (ca. 80 Dateien in Quarantäne) läuft kein Browser (IE/FF) mehr.

Komme ich vielleicht um eine Neuinstallation herum?

Mein Virenprogramm ist ESET Smartsecurity 5

Alt 04.07.2014, 21:53   #2
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Hallo simran



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Wichtig:
Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________


Alt 04.07.2014, 23:21   #3
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Hallo Timo,

vielen Dank für deine schnelle Antwort

Hier die Ergebnisse der Scans:

By the way, was meinst du mit (#-Symbol im Eingabefenster der Webseite anklicken) ??

PS: Automatische Updates habe ich abgestellt, die hole ich mir über die Packs von WinFuture.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014[/B]
Ran by JP (administrator) on JP-THINK on 04-07-2014 23:02:59
Running from C:\Users\JP\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\003\xmkysecqun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Windows\vsnpstd3.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
() C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(3CX Ltd) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Psych\Runner.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\JP\AppData\Roaming\Bix\Dlls\Bix.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4090824 2012-11-16] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [NINJALI.EXE] => "C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe" /HideGUI
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [SSync] => C:\Users\JP\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [DataMgr] => C:\Users\JP\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-10-09] (HTTO Group, Ltd.)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [OMESupervisor] => C:\Users\JP\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [SCheck] => C:\Users\JP\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Snoozer] => C:\Users\JP\AppData\Roaming\Snz\Snz.exe [1209624 2013-12-24] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Intermediate] => C:\Users\JP\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [851968 2006-11-23] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Bix] => C:\Users\JP\AppData\Roaming\Bix\Dlls\BixLauncher.exe [24968 2014-05-05] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\MountPoints2: {93fbbe15-c8f1-11e1-aa6f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk
ShortcutTarget: 3CXPhone.lnk -> C:\Program Files (x86)\3CXPhone\3CXPhone.exe (3CX Ltd)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Runner.LNK
ShortcutTarget: Runner.LNK -> C:\Program Files (x86)\Psych\Runner.EXE ()
ShellIconOverlayIdentifiers: 0_OneComShellExt1 -> {F6BBFE20-F40C-449D-867A-70D304E407CC} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt2 -> {12BC1D5F-8949-451A-9F47-0240E9E31D11} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt3 -> {817B4083-0CBC-4538-BB47-746BA33CE791} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE491DE492
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: OfferMosquito - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\JP\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\JP\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 16 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 16 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default
FF Homepage: hxxp://gmx.at/
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF NetworkProxy: "http", "13.7.9.139"
FF NetworkProxy: "http_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\JP\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll ()
FF user.js: detected! => C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Secure Login - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\secureLogin@blueimp.net.xpi [2014-07-03]
FF Extension: Password Exporter - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-07-03]
FF Extension: Adblock Plus - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-26]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08]

Chrome: 
=======
CHR Extension: (OfferMosquito) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2014-05-03]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2014-05-03]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913184 2012-11-16] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe [172544 2014-07-01] () [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-10] () [File not signed]
S2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech                  )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209808 2012-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62024 2012-11-16] (ESET)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 23:02 - 2014-07-04 23:03 - 00026582 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 23:02 - 2014-07-04 23:03 - 00000000 ____D () C:\FRST
2014-07-04 23:01 - 2014-07-04 23:02 - 02083840 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:40 - 2014-07-04 20:41 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-04 18:39 - 2014-07-04 20:49 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-04 18:39 - 2014-07-04 18:39 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 13:29 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\Bix
2014-06-30 01:46 - 2014-07-03 11:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-07-03 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:43 - 2014-06-30 01:49 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:37 - 2014-06-23 15:38 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-18 19:09 - 2014-06-18 19:20 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-18 13:19 - 2014-07-03 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 11:33 - 2014-07-04 19:22 - 00000000 ____D () C:\ProgramData\Bix
2014-06-17 20:02 - 2014-06-17 20:00 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 21:03 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-15 20:59 - 2014-07-03 11:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-15 20:59 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-15 20:58 - 2014-07-03 11:03 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-15 20:58 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-15 20:45 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-05-24 11:25 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-15 20:45 - 2011-05-24 11:21 - 05746780 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-04-21 19:13 - 05775441 ____T (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-15 20:45 - 2011-04-21 19:13 - 00372812 ____T (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-15 20:45 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-15 20:45 - 2010-10-27 09:58 - 00139358 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-15 20:45 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-15 20:45 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-15 20:45 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-15 17:30 - 2014-07-03 11:06 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:29 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-06-15 17:29 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

==================== One Month Modified Files and Folders =======

2014-07-04 23:03 - 2014-07-04 23:02 - 00026582 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 23:03 - 2014-07-04 23:02 - 00000000 ____D () C:\FRST
2014-07-04 23:02 - 2014-07-04 23:01 - 02083840 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-04 22:54 - 2012-07-19 22:08 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Skype
2014-07-04 22:14 - 2013-10-08 12:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3.job
2014-07-04 22:05 - 2013-03-29 13:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 21:05 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 21:05 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 20:49 - 2014-07-04 18:39 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:41 - 2014-07-04 20:40 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-04 19:43 - 2012-07-08 13:42 - 01857084 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 19:25 - 2012-07-08 23:25 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-07-04 19:25 - 2012-07-08 23:25 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-07-04 19:25 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 19:22 - 2014-06-18 11:33 - 00000000 ____D () C:\ProgramData\Bix
2014-07-04 19:21 - 2012-11-26 17:52 - 00033707 _____ () C:\Windows\setupact.log
2014-07-04 19:21 - 2012-07-08 14:09 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 19:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 18:39 - 2014-07-04 18:39 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-07-03 21:55 - 2012-12-02 01:15 - 00021008 _____ () C:\Windows\PFRO.log
2014-07-03 21:55 - 2012-07-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-03 21:49 - 2014-06-18 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:54 - 2014-06-30 13:29 - 00000000 ____D () C:\Users\JP\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 11:31 - 2012-07-16 21:32 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-07-03 11:21 - 2012-07-14 12:42 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 11:21 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Mozilla
2014-07-03 11:14 - 2012-07-08 14:54 - 00000000 ____D () C:\Users\JP
2014-07-03 11:10 - 2014-06-30 01:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-03 11:10 - 2013-11-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
2014-07-03 11:09 - 2014-06-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-07-03 11:09 - 2014-06-15 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-07-03 11:09 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-07-03 11:09 - 2014-05-24 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-07-03 11:09 - 2014-05-24 16:34 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-07-03 11:09 - 2014-05-24 16:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-07-03 11:09 - 2014-05-19 21:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Eusing
2014-07-03 11:09 - 2014-04-11 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-07-03 11:09 - 2014-04-10 17:46 - 00000000 ____D () C:\Program Files\003
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-03 11:09 - 2013-11-23 19:25 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Audacity
2014-07-03 11:09 - 2013-11-10 17:56 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-07-03 11:09 - 2013-11-01 19:21 - 00000000 ____D () C:\Users\JP\AppData\Local\ext_offermosquito
2014-07-03 11:09 - 2013-07-10 08:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-03 11:09 - 2013-06-03 23:28 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OpenCandy
2014-07-03 11:09 - 2013-04-24 21:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-03 11:09 - 2013-04-10 22:16 - 00000000 ____D () C:\Users\JP\AppData\Roaming\dvdcss
2014-07-03 11:09 - 2012-07-24 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-03 11:09 - 2012-07-24 17:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\DVDVideoSoft
2014-07-03 11:09 - 2012-07-19 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-07-03 11:09 - 2012-07-11 22:12 - 00000000 ____D () C:\Users\JP\AppData\Local\3CX VoIP Phone
2014-07-03 11:09 - 2012-07-10 21:16 - 00000000 ____D () C:\Program Files\Waterfox
2014-07-03 11:09 - 2012-07-10 13:43 - 00000000 ____D () C:\Users\Gast
2014-07-03 11:09 - 2012-07-08 16:35 - 00000000 ____D () C:\Users\JP\AppData\Roaming\loadtbs
2014-07-03 11:09 - 2012-07-08 14:58 - 00000000 ____D () C:\Users\JP\AppData\Local\Google
2014-07-03 11:09 - 2012-07-08 14:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 11:09 - 2012-07-08 13:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-03 11:08 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-03 11:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-03 11:07 - 2012-07-08 23:44 - 00000000 ____D () C:\Users\JP\Desktop\Firma
2014-07-03 11:06 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-07-03 11:06 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-07-03 11:06 - 2012-07-10 13:46 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-07-03 11:06 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Local\Mozilla
2014-07-03 11:05 - 2012-07-08 13:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-03 11:03 - 2014-06-15 20:58 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 20:03 - 2014-04-10 17:47 - 00000000 ____D () C:\temp
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-07-02 16:38 - 2012-07-09 11:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Paint.NET
2014-06-30 17:57 - 2012-12-15 20:18 - 00000000 ____D () C:\Program Files (x86)\OnecomCloudDrive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 01:49 - 2014-06-30 01:43 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:38 - 2014-06-23 15:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-22 23:09 - 2013-10-08 12:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3
2014-06-22 23:09 - 2012-07-08 14:09 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 19:21 - 2013-11-01 19:04 - 00002029 _____ () C:\Users\Public\Desktop\Free DWG Viewer.lnk
2014-06-18 19:20 - 2014-06-18 19:09 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-17 20:00 - 2014-06-17 20:02 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-17 20:00 - 2013-03-29 13:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-17 20:00 - 2013-03-29 13:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-17 20:00 - 2012-07-23 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:30 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

Some content of TEMP:
====================
C:\Users\JP\AppData\Local\Temp\bz4fpoh0.dll
C:\Users\JP\AppData\Local\Temp\CTWseAPI.dll
C:\Users\JP\AppData\Local\Temp\e81d398f-eb17-4c6f-ab19-feddf942f2ea.exe
C:\Users\JP\AppData\Local\Temp\oc1mghra.dll
C:\Users\JP\AppData\Local\Temp\sdanircmdc.exe
C:\Users\JP\AppData\Local\Temp\sdapskill.exe
C:\Users\JP\AppData\Local\Temp\sdaspwn.exe
C:\Users\JP\AppData\Local\Temp\SpOrder.dll
C:\Users\JP\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 16:00

==================== End Of Log ============================
         
--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014[/B]
Ran by JP at 2014-07-04 23:03:56
Running from C:\Users\JP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3CXPhone (HKLM-x32\...\{011BB39D-116F-408C-AB90-B590665B125A}) (Version: 4.0.23994.0 - 3CX)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bix 0.4.0.24786 (HKCU\...\Bix) (Version: 0.4.0.24786 - one.com, Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
C7200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Jukebox Driver (HKLM-x32\...\Creative Jukebox Driver) (Version:  - )
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ESET Smart Security (HKLM\...\{EE39D540-AB86-4F57-97CB-44D1CA5167F3}) (Version: 5.2.15.1 - ESET, spol. s r.o.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.2 (HKLM-x32\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.73 - IGC)
Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Google Chrome Frame (HKLM-x32\...\{02A5C383-FE94-3B52-9627-CE70B9301A0F}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.0.0010.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version:  - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
NOMAD Explorer (HKLM-x32\...\Creative File Manager) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
sipgate Faxdrucker (HKLM\...\{7C3D2E25-D221-4109-85DB-DE290DE9C9DA}) (Version: 1.0.0 - sipgate GmbH)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SuperMailer 6.10 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 6.10 - Mirko Boeer Softwareentwicklungen)
Supra Savings (HKLM\...\Supra Savings) (Version:  - SupraSavings) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13852 - TeamViewer)
The Psychedelic Screen Saver (HKLM-x32\...\Psych) (Version: Psych v2006.0204 - Synthesoft, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Waterfox 13.0 (x64 en-US) (HKLM\...\Waterfox 13.0 (x64 en-US)) (Version: 13.0 - Mozilla)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Restore Points  =========================

24-06-2014 11:20:44 Geplanter Prüfpunkt
29-06-2014 23:28:22 Entfernt Creative MediaSource 5
29-06-2014 23:29:18 Entfernt Creative Sync Manager (Unicode)
30-06-2014 10:19:22 Wiederherstellungsvorgang
30-06-2014 11:32:15 Entfernt Your Application Name
30-06-2014 12:55:32 Windows-Sicherung
30-06-2014 13:07:36 Firefoxis
30-06-2014 13:23:17 Wiederherstellungsvorgang
02-07-2014 18:43:09 Removed Skype™ 6.16
02-07-2014 18:45:47 Removed Google Chrome Frame
03-07-2014 09:00:50 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E2D0200-0AF2-4DBE-AF95-3A456AC99A57} - System32\Tasks\Opera scheduled Autoupdate 1404499682 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {5713969D-6546-414D-A1CA-47613F69DEA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {5B8FA26B-5D6D-404E-95B9-F1E3484D3D33} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for JP-THINK.JP => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo)
Task: {5C9DA692-8A55-4EF8-B6B9-D4479A8B55CD} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2011-12-21] (Lenovo)
Task: {92447A70-1B93-4EB5-9659-659F9977BA06} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-01-09] (Lenovo)
Task: {AACB634A-A78D-4CB9-8C6E-82E9A5257B60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {B7A0CCF9-FB8E-4B8E-B459-4DCB6F7FA1EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-17] (Adobe Systems Incorporated)
Task: {BFE6B31B-358D-4F6C-A635-5F17C962E052} - System32\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {E5CD0787-A092-4D11-8E0D-AA881F00B0CF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2011-12-21] (Lenovo)
Task: {E8D259FF-C45B-4B69-A84D-C84EF608BEE7} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-07-01 16:22 - 2014-07-01 16:22 - 00172544 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00110080 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00456192 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\ProtocolFilters.dll
2014-04-10 17:47 - 2014-04-10 17:47 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2012-07-08 13:59 - 2011-08-31 20:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-07-08 23:19 - 2011-05-19 14:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-07-08 13:56 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-07-08 13:56 - 2011-08-19 07:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2006-09-19 10:07 - 2006-09-19 10:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-05-24 16:41 - 2006-11-23 17:12 - 00851968 _____ () C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
2012-09-05 21:46 - 2006-02-04 15:52 - 00057344 _____ () C:\Program Files (x86)\Psych\Runner.EXE
2014-05-05 14:34 - 2014-05-05 14:34 - 21471624 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\Bix.exe
2012-07-08 14:00 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-07-08 14:00 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-05-24 16:41 - 2006-11-24 09:45 - 00192512 _____ () C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl
2014-06-15 20:58 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-15 20:58 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2014-06-15 20:58 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00024848 _____ () C:\Program Files (x86)\3CXPhone\avfilters\wavdest.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 00270336 _____ () C:\Program Files (x86)\3CXPhone\avfilters\lame.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 03843584 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ffdshow.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 05210449 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\libavcodec.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00901509 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\xvidcore.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00962008 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ff_x264.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00100864 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ff_wmv9.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00157184 _____ () C:\Program Files (x86)\3CXPhone\avfilters\libspeexdsp.dll
2014-05-05 11:00 - 2014-05-05 11:00 - 10191872 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\CLIWrapper_VC11.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00036864 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\zip.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00066048 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\zlib1.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00072192 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_thread-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00016384 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_system-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00040960 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_date_time-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00100352 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_filesystem-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00631808 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_regex-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00235520 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_serialization-vc110-mt-1_52.dll
2013-05-13 17:20 - 2013-05-13 17:20 - 00047616 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\INETConnection.dll
2014-06-18 13:19 - 2014-07-03 21:49 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-17 20:00 - 2014-06-17 20:00 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 07:40:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/04/2014 07:38:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/04/2014 07:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3057

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3057

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 01:03:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059


System errors:
=============
Error: (07/04/2014 11:04:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:04:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:03:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:03:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:03:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 11:03:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (07/04/2014 07:40:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Lenovo\lenovo solution center\App\diag\flex_comm_sample.exe

Error: (07/04/2014 07:38:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Lenovo\Lenovo Solution Center\App\diag\flex_comm_sample.exe

Error: (07/04/2014 07:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (07/04/2014 01:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3057

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3057

Error: (07/04/2014 01:03:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 01:03:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059


CodeIntegrity Errors:
===================================
  Date: 2013-04-13 22:18:33.554
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.244
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:32.954
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 4007.23 MB
Available physical RAM: 1200.36 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 4948.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:281 GB) (Free:154.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DR-07) (Removable) (Total:1.83 GB) (Free:0.99 GB) FAT
Drive f: (cbd_drive) (Removable) (Total:14.84 GB) (Free:8.16 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0B498970)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 05.07.2014, 14:50   #4
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Schritt 1

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 5

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte in der Antwort posten:
  • AdwCleaner Log
  • JRT Log
  • Malwarebytes Log
  • frisches FRST Log

Alt 06.07.2014, 01:07   #5
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Hallo Timo,

ich habe alles erledigt! Browser scheint in Ordnung zu sein!? Läuft zumindest.

Hier die Infos für dich.

Zu Schritt 1:

Die Software „SupraSavings“ konnte vom Uninstall-Programm nicht gefunden und somit auch nicht gelöscht bzw. deinstalliert werden!

Zu Schritt 2: Hier die Logdatei:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.214 - Bericht erstellt am 06/07/2014 um 00:59:23
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : JP - JP-THINK
# Gestartet von : C:\Users\JP\Downloads\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SecureAssist
Dienst Gelöscht : xmkysecqun64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\JP\AppData\Local\ext_offermosquito
Ordner Gelöscht : C:\Users\JP\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\JP\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Users\JP\AppData\Local\omesuperv.exe
Datei Gelöscht : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\invalidprefs.js
Datei Gelöscht : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OMESupervisor]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Schlüssel Gelöscht : HKLM\SOFTWARE\5ced98db66ae448
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nokia-software-updater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nokia-software-updater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sjphone_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sjphone_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Rr Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Supra Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Supra Savings

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\4pmuoq5j.default\prefs.js ]


[ Datei : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "787d2f89000000000000f0def1d0f97f");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15859");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.523:29:32");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "787d2f89000000000000f0def1d0f97f");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16010");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.26.8");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.26.818:19:01");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.26.8");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("iminent.LayoutId", "28");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1383326377687");
Zeile gelöscht : user_pref("iminent.version", "7.43.4.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.43.4.1\",\"InstallEventCTime\":1383326362158,\"InstallEvent\":\"True\"}");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"october2013\",\"id\":35,\"dispId\":\"CH-35\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizr[...]
Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

-\\ Google Chrome v

[ Datei : C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : gbmdkmlcnbapgegninelmjbfibaghdmk
Gelöscht [Extension] : mkcedibhemacmilmkpndpkoidlnmgngg

*************************

AdwCleaner[R0].txt - [25660 octets] - [06/07/2014 00:57:48]
AdwCleaner[S0].txt - [24379 octets] - [06/07/2014 00:59:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24440 octets] ##########
         
--- --- ---

Zu Schritt 3:
Hier die Logdatei:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by JP on 06.07.2014 at 1:12:02,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3764543965-3534325117-72286844-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{04CE517E-5228-46CD-823C-AEDD132C69C2}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{46DD4684-869D-4ED9-A971-A66965778FD2}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{675E1D5E-7F99-408A-9653-97701A4AF69E}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{8B7B84DA-C7A4-4093-B308-E6D0A670400C}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{8E95F187-2436-4483-A527-DAA182C79B53}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{9EB09F5F-E0EA-4D63-9D48-E6901F4B6992}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{D56378BB-CB8F-46D5-B1EA-82D961399207}
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{E5036132-C402-4C61-B434-66D5A533D8BC}



~~~ FireFox

Emptied folder: C:\Users\JP\AppData\Roaming\mozilla\firefox\profiles\p9pq9xbx.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2014 at 1:19:30,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 4:
Suchlaufprotokoll:


Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.07.2014
Suchlauf-Zeit: 01:26:50
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.05.10
Rootkit Datenbank: v2014.07.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: JP

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326074
Verstrichene Zeit: 10 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe, 2476, Löschen bei Neustart, [c02eacef700b8ea82cb8808e907410f0]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.OfferMosquito, HKU\S-1-5-21-3764543965-3534325117-72286844-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, In Quarantäne, [7d7113884a310630adf601518d75f10f],
PUP.Optional.OfferMosquito, HKU\S-1-5-21-3764543965-3534325117-72286844-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82B16A3D-F03E-4565-A532-666B219C9A53}, In Quarantäne, [7d7113884a310630adf601518d75f10f],
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SupraSavingsService64, In Quarantäne, [c02eacef700b8ea82cb8808e907410f0],
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [2dc168331b60b0866a42f8d1a45eb848],

Registrierungswerte: 1
PUP.Optional.OfferMosquito, HKU\S-1-5-21-3764543965-3534325117-72286844-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OMESupervisor, C:\Users\Gast\AppData\Local\omesuperv.exe, In Quarantäne, [a44a9407dba09b9b84aa8385b45010f0]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings, In Quarantäne, [18d68912e59679bd4a523b656e948878],
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings\SSL, In Quarantäne, [18d68912e59679bd4a523b656e948878],
PUP.Optional.OfferMosquito.A, C:\Users\JP\AppData\Local\Google\Chrome\User Data\default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, In Quarantäne, [22cc1e7de69577bf301b33754ab85ea2],

Dateien: 4
PUP.Optional.Rapiddown, C:\Users\JP\AppData\Local\Temp\n1737\s1737.exe, In Quarantäne, [4ba3f8a3c6b5ca6c8d550760966b837d],
PUP.Optional.Softonic.A, C:\Users\JP\Downloads\SoftonicDownloader_fuer_videospin.exe, In Quarantäne, [a6481289e992e6506cef22043dc4eb15],
PUP.Optional.AdPeak.A, C:\Windows\Installer\5270f3e.msi, In Quarantäne, [d41a7724f78416204e3ba9947e8211ef],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe, Löschen bei Neustart, [c02eacef700b8ea82cb8808e907410f0],

Physische Sektoren: 0
(No malicious items detected)


(end)

Zu Schritt 5:
Frisches FRST Log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by JP (administrator) on JP-THINK on 06-07-2014 01:54:07
Running from C:\Users\JP\Downloads\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Windows\vsnpstd3.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(3CX Ltd) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
() C:\Program Files (x86)\Psych\Runner.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\JP\AppData\Roaming\Bix\Dlls\Bix.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4090824 2012-11-16] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [NINJALI.EXE] => "C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe" /HideGUI
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [851968 2006-11-23] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Bix] => C:\Users\JP\AppData\Roaming\Bix\Dlls\BixLauncher.exe [24968 2014-05-05] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\MountPoints2: {93fbbe15-c8f1-11e1-aa6f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk
ShortcutTarget: 3CXPhone.lnk -> C:\Program Files (x86)\3CXPhone\3CXPhone.exe (3CX Ltd)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Runner.LNK
ShortcutTarget: Runner.LNK -> C:\Program Files (x86)\Psych\Runner.EXE ()
ShellIconOverlayIdentifiers: 0_OneComShellExt1 -> {F6BBFE20-F40C-449D-867A-70D304E407CC} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt2 -> {12BC1D5F-8949-451A-9F47-0240E9E31D11} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt3 -> {817B4083-0CBC-4538-BB47-746BA33CE791} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1			d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default
FF Homepage: hxxp://gmx.at/
FF NetworkProxy: "http", "13.7.9.139"
FF NetworkProxy: "http_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\JP\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Secure Login - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\secureLogin@blueimp.net.xpi [2014-07-03]
FF Extension: Password Exporter - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-07-03]
FF Extension: Adblock Plus - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-26]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08]

Chrome: 
=======
CHR HomePage: 

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913184 2012-11-16] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech                  )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209808 2012-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62024 2012-11-16] (ESET)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 01:49 - 2014-07-06 01:49 - 00003268 _____ () C:\Users\JP\Desktop\mbam.txt
2014-07-06 01:44 - 2014-07-06 01:50 - 00000092 ____H () C:\Users\JP\Desktop\.~lock.Verlauf SchritteAdware.txt#
2014-07-06 01:26 - 2014-07-06 01:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 01:26 - 2014-07-06 01:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-06 01:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 01:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 01:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 01:23 - 2014-07-06 01:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JP\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 01:19 - 2014-07-06 01:27 - 00001902 _____ () C:\Users\JP\Desktop\JRT.txt
2014-07-06 01:12 - 2014-07-06 01:12 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 01:10 - 2014-07-06 01:10 - 01016261 _____ (Thisisu) C:\Users\JP\Downloads\JRT.exe
2014-07-06 01:03 - 2014-07-06 01:50 - 00030228 _____ () C:\Users\JP\Desktop\Verlauf SchritteAdware.txt
2014-07-06 00:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-06 00:57 - 2014-07-06 01:03 - 00000000 ____D () C:\AdwCleaner
2014-07-06 00:56 - 2014-07-06 00:56 - 01346519 _____ () C:\Users\JP\Downloads\adwcleaner_3.214.exe
2014-07-06 00:55 - 2014-07-06 00:55 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Lavasoft
2014-07-06 00:54 - 2014-07-06 00:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-05 23:00 - 2014-07-05 23:00 - 00000000 ____D () C:\MININT
2014-07-05 22:59 - 2014-07-05 22:59 - 01075776 _____ (OR Interactive Ltd) C:\Users\JP\Downloads\IDM2.exe
2014-07-05 22:55 - 2014-07-06 01:54 - 00000000 ____D () C:\Users\JP\Downloads\FRST-OlderVersion
2014-07-05 22:51 - 2014-07-05 22:51 - 00001275 _____ () C:\Users\JP\Desktop\Revo Uninstaller.lnk
2014-07-05 22:51 - 2014-07-05 22:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:50 - 2014-07-05 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup95.exe
2014-07-05 17:46 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\JP\Documents\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-05 14:11 - 2014-07-05 17:46 - 00000000 ____D () C:\ProgramData\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00001118 _____ () C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-05 14:09 - 2014-07-05 17:45 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-05 14:09 - 2014-07-05 14:09 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-05 14:05 - 2014-07-05 14:08 - 170203312 _____ () C:\Users\JP\Desktop\VideoSpin_2_0_Setup.exe
2014-07-05 01:07 - 2014-07-05 01:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\avidemux
2014-07-05 01:07 - 2014-07-05 01:54 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-07-05 01:02 - 2014-07-05 01:02 - 16456460 _____ () C:\Users\JP\Downloads\nw_33971_avidemuxwinvexe.exe
2014-07-04 23:03 - 2014-07-04 23:04 - 00041571 _____ () C:\Users\JP\Downloads\Addition.txt
2014-07-04 23:02 - 2014-07-06 01:54 - 00000000 ____D () C:\FRST
2014-07-04 23:02 - 2014-07-04 23:04 - 00045702 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 23:01 - 2014-07-05 22:55 - 02084352 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:40 - 2014-07-04 20:41 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-04 18:39 - 2014-07-06 01:40 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 13:29 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\Bix
2014-06-30 01:46 - 2014-07-06 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-07-06 01:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:43 - 2014-06-30 01:49 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:37 - 2014-06-23 15:38 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-18 19:09 - 2014-06-18 19:20 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-18 13:19 - 2014-07-03 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 11:33 - 2014-07-06 01:42 - 00000000 ____D () C:\ProgramData\Bix
2014-06-17 20:02 - 2014-06-17 20:00 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 21:03 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-15 20:59 - 2014-07-03 11:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-15 20:59 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-15 20:58 - 2014-07-03 11:03 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-15 20:58 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-15 20:45 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-05-24 11:25 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-15 20:45 - 2011-05-24 11:21 - 05746780 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-04-21 19:13 - 05775441 ____T (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-15 20:45 - 2011-04-21 19:13 - 00372812 ____T (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-15 20:45 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-15 20:45 - 2010-10-27 09:58 - 00139358 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-15 20:45 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-15 20:45 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-15 20:45 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-15 17:30 - 2014-07-03 11:06 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:29 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-06-15 17:29 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

==================== One Month Modified Files and Folders =======

2014-07-06 01:54 - 2014-07-05 22:55 - 00000000 ____D () C:\Users\JP\Downloads\FRST-OlderVersion
2014-07-06 01:54 - 2014-07-04 23:02 - 00000000 ____D () C:\FRST
2014-07-06 01:50 - 2014-07-06 01:44 - 00000092 ____H () C:\Users\JP\Desktop\.~lock.Verlauf SchritteAdware.txt#
2014-07-06 01:50 - 2014-07-06 01:03 - 00030228 _____ () C:\Users\JP\Desktop\Verlauf SchritteAdware.txt
2014-07-06 01:49 - 2014-07-06 01:49 - 00003268 _____ () C:\Users\JP\Desktop\mbam.txt
2014-07-06 01:48 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 01:48 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 01:45 - 2012-07-08 23:25 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-07-06 01:45 - 2012-07-08 23:25 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-07-06 01:45 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-06 01:43 - 2012-07-19 22:08 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Skype
2014-07-06 01:42 - 2014-06-18 11:33 - 00000000 ____D () C:\ProgramData\Bix
2014-07-06 01:42 - 2012-07-08 14:09 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 01:41 - 2014-07-06 01:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 01:40 - 2014-07-04 18:39 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-07-06 01:40 - 2012-12-02 01:15 - 00023150 _____ () C:\Windows\PFRO.log
2014-07-06 01:40 - 2012-11-26 17:52 - 00033987 _____ () C:\Windows\setupact.log
2014-07-06 01:40 - 2012-07-08 13:42 - 01914582 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 01:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 01:39 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew
2014-07-06 01:27 - 2014-07-06 01:19 - 00001902 _____ () C:\Users\JP\Desktop\JRT.txt
2014-07-06 01:26 - 2014-07-06 01:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-06 01:26 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-06 01:26 - 2014-06-30 01:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-06 01:23 - 2014-07-06 01:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JP\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 01:14 - 2013-10-08 12:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3.job
2014-07-06 01:14 - 2012-07-16 21:32 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-07-06 01:12 - 2014-07-06 01:12 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 01:10 - 2014-07-06 01:10 - 01016261 _____ (Thisisu) C:\Users\JP\Downloads\JRT.exe
2014-07-06 01:05 - 2013-03-29 13:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 01:03 - 2014-07-06 00:57 - 00000000 ____D () C:\AdwCleaner
2014-07-06 01:01 - 2009-07-14 06:45 - 00350312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-06 00:56 - 2014-07-06 00:56 - 01346519 _____ () C:\Users\JP\Downloads\adwcleaner_3.214.exe
2014-07-06 00:55 - 2014-07-06 00:55 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Lavasoft
2014-07-06 00:54 - 2014-07-06 00:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-05 23:00 - 2014-07-05 23:00 - 00000000 ____D () C:\MININT
2014-07-05 23:00 - 2012-07-08 14:55 - 00088352 _____ () C:\Users\JP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 23:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-07-05 22:59 - 2014-07-05 22:59 - 01075776 _____ (OR Interactive Ltd) C:\Users\JP\Downloads\IDM2.exe
2014-07-05 22:55 - 2014-07-04 23:01 - 02084352 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-05 22:51 - 2014-07-05 22:51 - 00001275 _____ () C:\Users\JP\Desktop\Revo Uninstaller.lnk
2014-07-05 22:51 - 2014-07-05 22:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:50 - 2014-07-05 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup95.exe
2014-07-05 17:46 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\JP\Documents\Pinnacle VideoSpin
2014-07-05 17:46 - 2014-07-05 14:11 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-05 17:46 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Pinnacle VideoSpin
2014-07-05 17:45 - 2014-07-05 14:09 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-05 14:11 - 2014-07-05 14:11 - 00001118 _____ () C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-05 14:09 - 2014-07-05 14:09 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-05 14:09 - 2013-04-24 21:24 - 00000000 ____D () C:\Users\JP\AppData\Local\Downloaded Installations
2014-07-05 14:08 - 2014-07-05 14:05 - 170203312 _____ () C:\Users\JP\Desktop\VideoSpin_2_0_Setup.exe
2014-07-05 13:59 - 2012-07-08 23:45 - 00000000 ____D () C:\Users\JP\Desktop\Privado
2014-07-05 01:54 - 2014-07-05 01:07 - 00000000 ____D () C:\Users\JP\AppData\Roaming\avidemux
2014-07-05 01:54 - 2014-07-05 01:07 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-07-05 01:02 - 2014-07-05 01:02 - 16456460 _____ () C:\Users\JP\Downloads\nw_33971_avidemuxwinvexe.exe
2014-07-04 23:04 - 2014-07-04 23:03 - 00041571 _____ () C:\Users\JP\Downloads\Addition.txt
2014-07-04 23:04 - 2014-07-04 23:02 - 00045702 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:41 - 2014-07-04 20:40 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-03 21:55 - 2012-07-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-03 21:49 - 2014-06-18 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:54 - 2014-06-30 13:29 - 00000000 ____D () C:\Users\JP\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 11:21 - 2012-07-14 12:42 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 11:21 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Mozilla
2014-07-03 11:14 - 2012-07-08 14:54 - 00000000 ____D () C:\Users\JP
2014-07-03 11:10 - 2013-11-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
2014-07-03 11:09 - 2014-06-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-07-03 11:09 - 2014-06-15 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-07-03 11:09 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-07-03 11:09 - 2014-05-24 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-07-03 11:09 - 2014-05-24 16:34 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-07-03 11:09 - 2014-05-24 16:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-07-03 11:09 - 2014-05-19 21:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Eusing
2014-07-03 11:09 - 2014-04-11 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-03 11:09 - 2013-11-23 19:25 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Audacity
2014-07-03 11:09 - 2013-11-10 17:56 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-07-03 11:09 - 2013-07-10 08:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-03 11:09 - 2013-04-24 21:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-03 11:09 - 2013-04-10 22:16 - 00000000 ____D () C:\Users\JP\AppData\Roaming\dvdcss
2014-07-03 11:09 - 2012-07-24 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-03 11:09 - 2012-07-24 17:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\DVDVideoSoft
2014-07-03 11:09 - 2012-07-19 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-07-03 11:09 - 2012-07-11 22:12 - 00000000 ____D () C:\Users\JP\AppData\Local\3CX VoIP Phone
2014-07-03 11:09 - 2012-07-10 21:16 - 00000000 ____D () C:\Program Files\Waterfox
2014-07-03 11:09 - 2012-07-10 13:43 - 00000000 ____D () C:\Users\Gast
2014-07-03 11:09 - 2012-07-08 14:58 - 00000000 ____D () C:\Users\JP\AppData\Local\Google
2014-07-03 11:09 - 2012-07-08 14:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 11:09 - 2012-07-08 13:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-03 11:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-03 11:07 - 2012-07-08 23:44 - 00000000 ____D () C:\Users\JP\Desktop\Firma
2014-07-03 11:06 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-07-03 11:06 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-07-03 11:06 - 2012-07-10 13:46 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-07-03 11:06 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Local\Mozilla
2014-07-03 11:05 - 2012-07-08 13:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-03 11:03 - 2014-06-15 20:58 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 20:03 - 2014-04-10 17:47 - 00000000 ____D () C:\temp
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-07-02 16:38 - 2012-07-09 11:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Paint.NET
2014-06-30 17:57 - 2012-12-15 20:18 - 00000000 ____D () C:\Program Files (x86)\OnecomCloudDrive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 01:49 - 2014-06-30 01:43 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:38 - 2014-06-23 15:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-22 23:09 - 2013-10-08 12:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3
2014-06-22 23:09 - 2012-07-08 14:09 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 19:21 - 2013-11-01 19:04 - 00002029 _____ () C:\Users\Public\Desktop\Free DWG Viewer.lnk
2014-06-18 19:20 - 2014-06-18 19:09 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-17 20:00 - 2014-06-17 20:02 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-17 20:00 - 2013-03-29 13:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-17 20:00 - 2013-03-29 13:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-17 20:00 - 2012-07-23 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:30 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

Some content of TEMP:
====================
C:\Users\JP\AppData\Local\Temp\bz4fpoh0.dll
C:\Users\JP\AppData\Local\Temp\CTWseAPI.dll
C:\Users\JP\AppData\Local\Temp\e81d398f-eb17-4c6f-ab19-feddf942f2ea.exe
C:\Users\JP\AppData\Local\Temp\oc1mghra.dll
C:\Users\JP\AppData\Local\Temp\Quarantine.exe
C:\Users\JP\AppData\Local\Temp\sdanircmdc.exe
C:\Users\JP\AppData\Local\Temp\sdapskill.exe
C:\Users\JP\AppData\Local\Temp\sdaspwn.exe
C:\Users\JP\AppData\Local\Temp\SpOrder.dll
C:\Users\JP\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 16:00

==================== End Of Log ============================
         
--- --- ---


Alt 07.07.2014, 15:06   #6
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Das sieht schon ganz gut aus, machen wir so weiter:

(Achtung: Scan kann mehrere Stunden dauern)

Emsisoft Emergency Kit - Scanner

Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.

Los gehts
  • Lade und starte Emsisoft Emergency Kit
  • Die Programmdaten in das vorgegebene Verzeichnis C:\EEK entpacken lassen, das EEK startet automatisch
  • Wähle im Hauptmenü den Punkt Emergency Kit Scanner

  • Die Frage nach den Online Update unbedingt bestätigen

  • PuPs bestätigen

  • Nach erfolgtem Update auf das Icon für PC SCANNEN klicken

  • Im Scanmodusfenster den Punkt Detail Scan auswählen


    und mit starten
  • Nach Abschluss des Scans, das Hinweisfenster zu Emsisoft Anti-Malware schliessen
  • Mit Klick auf den Bericht öffnen und den Inhalt hier posten
  • Programm beenden und manuell den Ordner C:\EEK löschen

Alt 09.07.2014, 16:26   #7
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Scan durchgeführt.

Auf Bericht anzeigen geklickt. Open Office ging auf und es kam lediglich eine einzige Zeile mit irgendwelchen hieroglyphen auf dem doc bzw. odt zum Vorschein!?

Den Ordner C:\EEK habe ich jetzt noch nicht gelöscht.

Hmm...??

Alt 09.07.2014, 17:56   #8
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Schau bitte in C:\EEK\Run\Reports, dort sollte eine Datei namens a2scan_<Zeitstempel_vom_Scan>.txt liegen.

Den Inhalt bitte in #-CodeTags posten, ggf. per Rechtsklick-Öffnen mit...-NOTEPAD bzw. EDITOR öffnen.

Alt 10.07.2014, 10:39   #9
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Ok hier kommt der Bericht. Keine Ahnung was du mit "CodeTags" meinst!?

Kann ich den Ordner denn jetzt löschen?


Emsisoft Emergency Kit - Version 4.0
Letztes Update: 09.07.2014 14:57:13
Benutzerkonto: JP-THINK\JP

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 09.07.2014 14:58:52
Value: HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> INTERMEDIATE gefunden: Application.AdStart (A)
Value: HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> SCHECK gefunden: Application.AdStart (A)
Value: HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> SSYNC gefunden: Application.AdStart (A)
Value: HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\Users\JP\AppData\Local\Temp\OCS\ocs_v71a.exe.vir gefunden: Application.Bundler.DownloadSponsor.A (B)
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\uninstall_l.exe gefunden: Trojan.Generic.11461790 (B)
C:\Users\JP\Documents\samsung\Kies\Backup\GT-I8190\GT-I8190_\AUTOBACKUP\Others\Download\master_310_PansiMsg_20120731-04-41_e8d89d9_CHID_PANSI_HOMEPAGE.final_.apk -> resources.arsc gefunden: Android.Adware.Mobclick.A (B)
C:\Users\JP\Documents\samsung\Kies\Backup\GT-I8190\GT-I8190_\GT-I8190_20131217020558\Others\Download\master_310_PansiMsg_20120731-04-41_e8d89d9_CHID_PANSI_HOMEPAGE.final_.apk -> resources.arsc gefunden: Android.Adware.Mobclick.A (B)

Gescannt 225428
Gefunden 9

Scan Ende: 09.07.2014 16:13:19
Scan Zeit: 1:14:27

Alt 10.07.2014, 18:55   #10
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v INTERMEDIATE
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SCHECK
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SSYNC
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLETASKMGR
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLEREGISTRYTOOLS
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 13.07.2014, 13:39   #11
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Fixlist.txt erstellt und auf Desktop gespeichert.

FRST gestartet und..."No fixlist.txt found" !??

Datei im FRST Ordner gespeichert, gleiche Fehlermeldung!?

Alt 13.07.2014, 16:25   #12
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Wahrscheinlich hast du im Notepad als Fixlist.txt abgespeichert, Notepad hängt selbst noch ein .txt dran. Also heisst die Datei jetzt fixlist.txt.txt

Und garantiert sind Dateinamenerweiterungen ausgeblendet ;-)

Wenn die Datei auf dem Desktop liegt und Fixlist.txt heisst, benenn sie dort mal in Fixlist um.

Alt 14.07.2014, 22:11   #13
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Nee, leider nicht. Da habe ich drauf geachtet. Erweiterungen sind jetzt eingeblendet. Siehe Screenshot. Immernoch das gleiche Problem....!
Angehängte Grafiken
Dateityp: png screenshot.png (10,0 KB, 94x aufgerufen)

Alt 15.07.2014, 11:29   #14
simran
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



OK, ich habs.

Fixlist.txt muss im gleichen Ordner sein wie FRST.exe

Hier der Bericht:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
Ran by JP at 2014-07-15 12:18:54 Run:1
Running from C:\Users\JP\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v INTERMEDIATE
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SCHECK
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SSYNC
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLETASKMGR
reg: reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLEREGISTRYTOOLS
*****************

C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 => Moved successfully.

========= reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v INTERMEDIATE =========

Registrierungswert INTERMEDIATE l”schen (Ja/Nein)? FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SCHECK =========

Registrierungswert SCHECK l”schen (Ja/Nein)? FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v SSYNC =========

Registrierungswert SSYNC l”schen (Ja/Nein)? FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLETASKMGR =========

Registrierungswert DISABLETASKMGR l”schen (Ja/Nein)? Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-3764543965-3534325117-72286844-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v DISABLEREGISTRYTOOLS =========

Registrierungswert DISABLEREGISTRYTOOLS l”schen (Ja/Nein)? Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


==== End of Fixlog ====


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by JP (administrator) on JP-THINK on 15-07-2014 12:25:30
Running from C:\Users\JP\Downloads\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Windows\vsnpstd3.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(3CX Ltd) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
() C:\Program Files (x86)\Psych\Runner.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\JP\AppData\Roaming\Bix\Dlls\Bix.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(dotPDN LLC) C:\Program Files\Paint.NET\PaintDotNet.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4090824 2012-11-16] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [NINJALI.EXE] => "C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe" /HideGUI
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [851968 2006-11-23] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\Run: [Bix] => C:\Users\JP\AppData\Roaming\Bix\Dlls\BixLauncher.exe [24968 2014-05-05] ()
HKU\S-1-5-21-3764543965-3534325117-72286844-1000\...\MountPoints2: {93fbbe15-c8f1-11e1-aa6f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk
ShortcutTarget: 3CXPhone.lnk -> C:\Program Files (x86)\3CXPhone\3CXPhone.exe (3CX Ltd)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Runner.LNK
ShortcutTarget: Runner.LNK -> C:\Program Files (x86)\Psych\Runner.EXE ()
ShellIconOverlayIdentifiers: 0_OneComShellExt1 -> {F6BBFE20-F40C-449D-867A-70D304E407CC} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt2 -> {12BC1D5F-8949-451A-9F47-0240E9E31D11} =>  No File
ShellIconOverlayIdentifiers: 0_OneComShellExt3 -> {817B4083-0CBC-4538-BB47-746BA33CE791} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1			d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default
FF Homepage: hxxp://gmx.at/
FF NetworkProxy: "http", "13.7.9.139"
FF NetworkProxy: "http_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\JP\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Secure Login - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\secureLogin@blueimp.net.xpi [2014-07-03]
FF Extension: Password Exporter - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-07-03]
FF Extension: Adblock Plus - C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\p9pq9xbx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: 

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913184 2012-11-16] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech                  )
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-09] (Emsisoft GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209808 2012-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62024 2012-11-16] (ESET)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 12:16 - 2014-07-15 12:25 - 00000000 ____D () C:\FRST
2014-07-13 15:13 - 2014-07-13 15:14 - 00000000 ____D () C:\Users\JP\AppData\Local\{924EC7C4-4739-4861-A24C-25A064669D99}
2014-07-13 15:13 - 2014-07-13 15:13 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Windows Live Writer
2014-07-13 15:13 - 2014-07-13 15:13 - 00000000 ____D () C:\Users\JP\AppData\Local\Windows Live Writer
2014-07-09 14:55 - 2014-07-09 17:22 - 00000000 ____D () C:\EEK
2014-07-09 14:55 - 2014-07-09 14:55 - 00000557 _____ () C:\Users\JP\Desktop\Emsisoft Emergency Kit.lnk
2014-07-09 14:36 - 2014-07-09 14:41 - 219988592 _____ () C:\Users\JP\Downloads\EmsisoftEmergencyKit.exe
2014-07-06 01:49 - 2014-07-06 01:49 - 00003268 _____ () C:\Users\JP\Desktop\mbam.txt
2014-07-06 01:26 - 2014-07-15 09:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 01:26 - 2014-07-06 01:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-06 01:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 01:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 01:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 01:23 - 2014-07-06 01:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JP\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 01:19 - 2014-07-06 01:27 - 00001902 _____ () C:\Users\JP\Desktop\JRT.txt
2014-07-06 01:12 - 2014-07-06 01:12 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 01:10 - 2014-07-06 01:10 - 01016261 _____ (Thisisu) C:\Users\JP\Downloads\JRT.exe
2014-07-06 01:03 - 2014-07-06 01:57 - 00079271 _____ () C:\Users\JP\Desktop\Verlauf SchritteAdware.txt
2014-07-06 00:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-06 00:57 - 2014-07-06 01:03 - 00000000 ____D () C:\AdwCleaner
2014-07-06 00:56 - 2014-07-06 00:56 - 01346519 _____ () C:\Users\JP\Downloads\adwcleaner_3.214.exe
2014-07-06 00:55 - 2014-07-06 00:55 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Lavasoft
2014-07-06 00:54 - 2014-07-06 00:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-05 23:00 - 2014-07-05 23:00 - 00000000 ____D () C:\MININT
2014-07-05 22:59 - 2014-07-05 22:59 - 01075776 _____ (OR Interactive Ltd) C:\Users\JP\Downloads\IDM2.exe
2014-07-05 22:55 - 2014-07-15 12:25 - 00000000 ____D () C:\Users\JP\Downloads\FRST-OlderVersion
2014-07-05 22:51 - 2014-07-05 22:51 - 00001275 _____ () C:\Users\JP\Desktop\Revo Uninstaller.lnk
2014-07-05 22:51 - 2014-07-05 22:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:50 - 2014-07-05 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup95.exe
2014-07-05 17:46 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\JP\Documents\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-05 14:11 - 2014-07-05 17:46 - 00000000 ____D () C:\ProgramData\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00001118 _____ () C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-05 14:09 - 2014-07-05 17:45 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-05 14:09 - 2014-07-05 14:09 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-05 14:05 - 2014-07-05 14:08 - 170203312 _____ () C:\Users\JP\Desktop\VideoSpin_2_0_Setup.exe
2014-07-05 01:07 - 2014-07-05 01:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\avidemux
2014-07-05 01:07 - 2014-07-05 01:54 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-07-05 01:02 - 2014-07-05 01:02 - 16456460 _____ () C:\Users\JP\Downloads\nw_33971_avidemuxwinvexe.exe
2014-07-04 23:03 - 2014-07-04 23:04 - 00041571 _____ () C:\Users\JP\Downloads\Addition.txt
2014-07-04 23:02 - 2014-07-04 23:04 - 00045702 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 23:01 - 2014-07-13 14:38 - 02086912 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:40 - 2014-07-04 20:41 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 13:29 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\Bix
2014-06-30 01:46 - 2014-07-06 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-07-06 01:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:43 - 2014-06-30 01:49 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:37 - 2014-06-23 15:38 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-18 19:09 - 2014-06-18 19:20 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-18 13:19 - 2014-07-03 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 11:33 - 2014-07-14 19:51 - 00000000 ____D () C:\ProgramData\Bix
2014-06-17 20:02 - 2014-06-17 20:00 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 21:03 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-06-15 20:59 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-15 20:59 - 2014-07-03 11:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-15 20:59 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-15 20:58 - 2014-07-03 11:03 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-15 20:58 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-15 20:45 - 2014-07-03 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-15 20:45 - 2011-05-24 11:25 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-15 20:45 - 2011-05-24 11:21 - 05746780 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00225256 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-05-17 14:48 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-15 20:45 - 2011-04-21 19:13 - 05775441 ____T (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-15 20:45 - 2011-04-21 19:13 - 00372812 ____T (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-15 20:45 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-15 20:45 - 2010-10-27 09:58 - 00139358 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-15 20:45 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-15 20:45 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-15 20:45 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-15 17:30 - 2014-07-03 11:06 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:29 - 2014-07-03 11:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-06-15 17:29 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive

==================== One Month Modified Files and Folders =======

2014-07-15 12:25 - 2014-07-15 12:16 - 00000000 ____D () C:\FRST
2014-07-15 12:25 - 2014-07-05 22:55 - 00000000 ____D () C:\Users\JP\Downloads\FRST-OlderVersion
2014-07-15 12:17 - 2012-07-08 23:25 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 12:17 - 2012-07-08 23:25 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 12:17 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 12:16 - 2012-07-19 22:08 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Skype
2014-07-15 12:14 - 2013-10-08 12:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3.job
2014-07-15 12:05 - 2013-03-29 13:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 09:23 - 2014-07-06 01:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 23:14 - 2012-07-08 14:09 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 23:10 - 2012-07-09 11:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Paint.NET
2014-07-14 22:31 - 2012-11-26 17:52 - 00034771 _____ () C:\Windows\setupact.log
2014-07-14 19:58 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 19:58 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 19:54 - 2012-07-08 13:42 - 01131825 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 19:51 - 2014-06-18 11:33 - 00000000 ____D () C:\ProgramData\Bix
2014-07-14 19:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 15:14 - 2014-07-13 15:13 - 00000000 ____D () C:\Users\JP\AppData\Local\{924EC7C4-4739-4861-A24C-25A064669D99}
2014-07-13 15:13 - 2014-07-13 15:13 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Windows Live Writer
2014-07-13 15:13 - 2014-07-13 15:13 - 00000000 ____D () C:\Users\JP\AppData\Local\Windows Live Writer
2014-07-13 15:13 - 2012-07-23 23:45 - 00000000 ____D () C:\Users\JP\AppData\Local\Windows Live
2014-07-13 14:38 - 2014-07-04 23:01 - 02086912 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2014-07-09 17:22 - 2014-07-09 14:55 - 00000000 ____D () C:\EEK
2014-07-09 14:55 - 2014-07-09 14:55 - 00000557 _____ () C:\Users\JP\Desktop\Emsisoft Emergency Kit.lnk
2014-07-09 14:41 - 2014-07-09 14:36 - 219988592 _____ () C:\Users\JP\Downloads\EmsisoftEmergencyKit.exe
2014-07-08 22:05 - 2013-03-29 13:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 22:05 - 2013-03-29 13:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 22:05 - 2012-07-23 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 17:04 - 2012-07-08 23:44 - 00000000 ____D () C:\Users\JP\Desktop\Firma
2014-07-06 22:25 - 2013-11-10 17:56 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-07-06 10:29 - 2012-12-02 01:15 - 00023496 _____ () C:\Windows\PFRO.log
2014-07-06 02:27 - 2012-07-08 23:45 - 00000000 ____D () C:\Users\JP\Desktop\Privado
2014-07-06 01:57 - 2014-07-06 01:03 - 00079271 _____ () C:\Users\JP\Desktop\Verlauf SchritteAdware.txt
2014-07-06 01:49 - 2014-07-06 01:49 - 00003268 _____ () C:\Users\JP\Desktop\mbam.txt
2014-07-06 01:40 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew
2014-07-06 01:27 - 2014-07-06 01:19 - 00001902 _____ () C:\Users\JP\Desktop\JRT.txt
2014-07-06 01:26 - 2014-07-06 01:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-06 01:26 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-06 01:26 - 2014-06-30 01:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-06 01:23 - 2014-07-06 01:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JP\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 01:14 - 2012-07-16 21:32 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-07-06 01:12 - 2014-07-06 01:12 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 01:10 - 2014-07-06 01:10 - 01016261 _____ (Thisisu) C:\Users\JP\Downloads\JRT.exe
2014-07-06 01:03 - 2014-07-06 00:57 - 00000000 ____D () C:\AdwCleaner
2014-07-06 01:01 - 2009-07-14 06:45 - 00350312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-06 00:59 - 2013-11-01 19:19 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Common
2014-07-06 00:56 - 2014-07-06 00:56 - 01346519 _____ () C:\Users\JP\Downloads\adwcleaner_3.214.exe
2014-07-06 00:55 - 2014-07-06 00:55 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Lavasoft
2014-07-06 00:54 - 2014-07-06 00:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-05 23:00 - 2014-07-05 23:00 - 00000000 ____D () C:\MININT
2014-07-05 23:00 - 2012-07-08 14:55 - 00088352 _____ () C:\Users\JP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 23:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-07-05 22:59 - 2014-07-05 22:59 - 01075776 _____ (OR Interactive Ltd) C:\Users\JP\Downloads\IDM2.exe
2014-07-05 22:51 - 2014-07-05 22:51 - 00001275 _____ () C:\Users\JP\Desktop\Revo Uninstaller.lnk
2014-07-05 22:51 - 2014-07-05 22:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:50 - 2014-07-05 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup95.exe
2014-07-05 17:46 - 2014-07-05 17:46 - 00000000 ____D () C:\Users\JP\Documents\Pinnacle VideoSpin
2014-07-05 17:46 - 2014-07-05 14:11 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-05 17:46 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Pinnacle VideoSpin
2014-07-05 17:45 - 2014-07-05 14:09 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-05 14:11 - 2014-07-05 14:11 - 00001118 _____ () C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
2014-07-05 14:11 - 2014-07-05 14:11 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-05 14:09 - 2014-07-05 14:09 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-05 14:09 - 2013-04-24 21:24 - 00000000 ____D () C:\Users\JP\AppData\Local\Downloaded Installations
2014-07-05 14:08 - 2014-07-05 14:05 - 170203312 _____ () C:\Users\JP\Desktop\VideoSpin_2_0_Setup.exe
2014-07-05 01:54 - 2014-07-05 01:07 - 00000000 ____D () C:\Users\JP\AppData\Roaming\avidemux
2014-07-05 01:54 - 2014-07-05 01:07 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-07-05 01:02 - 2014-07-05 01:02 - 16456460 _____ () C:\Users\JP\Downloads\nw_33971_avidemuxwinvexe.exe
2014-07-04 23:04 - 2014-07-04 23:03 - 00041571 _____ () C:\Users\JP\Downloads\Addition.txt
2014-07-04 23:04 - 2014-07-04 23:02 - 00045702 _____ () C:\Users\JP\Downloads\FRST.txt
2014-07-04 20:48 - 2014-07-04 20:48 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404499682
2014-07-04 20:48 - 2014-07-04 20:48 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Users\JP\AppData\Local\Opera Software
2014-07-04 20:48 - 2014-07-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-04 20:41 - 2014-07-04 20:40 - 27641968 _____ (Opera Software ASA) C:\Users\JP\Downloads\Opera_22.0.1471.70_Setup.exe
2014-07-03 21:55 - 2012-07-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-03 21:49 - 2014-06-18 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Bix
2014-07-03 11:54 - 2014-07-03 11:54 - 00000000 ____D () C:\Users\JP\AppData\Local\Bix
2014-07-03 11:54 - 2014-06-30 13:29 - 00000000 ____D () C:\Users\JP\Bix
2014-07-03 11:53 - 2014-07-03 11:53 - 16796272 _____ () C:\Users\JP\Downloads\Bix.exe
2014-07-03 11:21 - 2012-07-14 12:42 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 11:21 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Mozilla
2014-07-03 11:14 - 2012-07-08 14:54 - 00000000 ____D () C:\Users\JP
2014-07-03 11:10 - 2013-11-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
2014-07-03 11:09 - 2014-06-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\Users\JP\AppData\Roaming\ArcSoft
2014-07-03 11:09 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-07-03 11:09 - 2014-06-15 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-07-03 11:09 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2014-07-03 11:09 - 2014-05-24 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-07-03 11:09 - 2014-05-24 16:34 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-07-03 11:09 - 2014-05-24 16:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-07-03 11:09 - 2014-05-19 21:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Eusing
2014-07-03 11:09 - 2014-04-11 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-03 11:09 - 2014-04-09 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-03 11:09 - 2013-11-23 19:25 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Audacity
2014-07-03 11:09 - 2013-07-10 08:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-03 11:09 - 2013-04-24 21:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-03 11:09 - 2013-04-10 22:16 - 00000000 ____D () C:\Users\JP\AppData\Roaming\dvdcss
2014-07-03 11:09 - 2012-07-24 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-03 11:09 - 2012-07-24 17:54 - 00000000 ____D () C:\Users\JP\AppData\Roaming\DVDVideoSoft
2014-07-03 11:09 - 2012-07-19 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-07-03 11:09 - 2012-07-11 22:12 - 00000000 ____D () C:\Users\JP\AppData\Local\3CX VoIP Phone
2014-07-03 11:09 - 2012-07-10 21:16 - 00000000 ____D () C:\Program Files\Waterfox
2014-07-03 11:09 - 2012-07-10 13:43 - 00000000 ____D () C:\Users\Gast
2014-07-03 11:09 - 2012-07-08 14:58 - 00000000 ____D () C:\Users\JP\AppData\Local\Google
2014-07-03 11:09 - 2012-07-08 14:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 11:09 - 2012-07-08 13:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-03 11:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-03 11:06 - 2014-06-15 20:59 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-07-03 11:06 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Skype
2014-07-03 11:06 - 2012-07-10 13:46 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-07-03 11:06 - 2012-07-08 16:27 - 00000000 ____D () C:\Users\JP\AppData\Local\Mozilla
2014-07-03 11:05 - 2012-07-08 13:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-03 11:03 - 2014-06-15 20:58 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-07-03 10:51 - 2014-07-03 10:51 - 00000000 ____D () C:\Users\JP\Desktop\Alte Firefox-Daten
2014-07-02 20:03 - 2014-04-10 17:47 - 00000000 ____D () C:\temp
2014-07-02 17:53 - 2014-07-02 17:53 - 18260897 _____ () C:\Users\JP\Downloads\PDFXVwer_2.5.308.2.zip
2014-06-30 17:57 - 2012-12-15 20:18 - 00000000 ____D () C:\Program Files (x86)\OnecomCloudDrive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\Cloud Drive
2014-06-30 17:50 - 2014-06-30 17:50 - 00000000 ____D () C:\Users\JP\AppData\Roaming\OnecomCloudDrive
2014-06-30 01:49 - 2014-06-30 01:43 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Security System 2
2014-06-30 01:46 - 2014-06-30 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\ChromeExtensions
2014-06-30 01:40 - 2014-06-30 01:40 - 00000000 ____D () C:\Users\JP\AppData\Local\Tempa2e4139776528d5f64bbc3a36f0272f1
2014-06-23 15:38 - 2014-06-23 15:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\JP\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-22 23:09 - 2013-10-08 12:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3
2014-06-22 23:09 - 2012-07-08 14:09 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 19:21 - 2013-11-01 19:04 - 00002029 _____ () C:\Users\Public\Desktop\Free DWG Viewer.lnk
2014-06-18 19:20 - 2014-06-18 19:09 - 45493568 _____ (IGC) C:\Users\JP\Downloads\FreeDWGViewer.exe
2014-06-17 20:00 - 2014-06-17 20:02 - 00000030 _____ () C:\AVScanner.ini
2014-06-17 20:00 - 2014-06-17 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-15 21:05 - 2014-06-15 21:05 - 00000000 ____D () C:\Users\JP\AppData\Local\ArcSoft
2014-06-15 20:45 - 2014-06-15 20:45 - 00000000 ____D () C:\Users\JP\AppData\Roaming\InstallShield
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth-Exchange-Ordner
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\Cloud Drive
2014-06-15 17:30 - 2014-06-15 17:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Broadcom
2014-06-15 17:30 - 2014-06-15 17:29 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OnecomCloudDrive

Some content of TEMP:
====================
C:\Users\JP\AppData\Local\Temp\bz4fpoh0.dll
C:\Users\JP\AppData\Local\Temp\CTWseAPI.dll
C:\Users\JP\AppData\Local\Temp\e81d398f-eb17-4c6f-ab19-feddf942f2ea.exe
C:\Users\JP\AppData\Local\Temp\oc1mghra.dll
C:\Users\JP\AppData\Local\Temp\Quarantine.exe
C:\Users\JP\AppData\Local\Temp\sdanircmdc.exe
C:\Users\JP\AppData\Local\Temp\sdapskill.exe
C:\Users\JP\AppData\Local\Temp\sdaspwn.exe
C:\Users\JP\AppData\Local\Temp\SpOrder.dll
C:\Users\JP\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 12:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by JP at 2014-07-15 12:26:42
Running from C:\Users\JP\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3CXPhone (HKLM-x32\...\{011BB39D-116F-408C-AB90-B590665B125A}) (Version: 4.0.23994.0 - 3CX)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bix 0.4.0.24786 (HKCU\...\Bix) (Version: 0.4.0.24786 - one.com, Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
C7200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Jukebox Driver (HKLM-x32\...\Creative Jukebox Driver) (Version:  - )
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ESET Smart Security (HKLM\...\{EE39D540-AB86-4F57-97CB-44D1CA5167F3}) (Version: 5.2.15.1 - ESET, spol. s r.o.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.2 (HKLM-x32\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.73 - IGC)
Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Google Chrome Frame (HKLM-x32\...\{02A5C383-FE94-3B52-9627-CE70B9301A0F}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.0.0010.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
NOMAD Explorer (HKLM-x32\...\Creative File Manager) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
sipgate Faxdrucker (HKLM\...\{7C3D2E25-D221-4109-85DB-DE290DE9C9DA}) (Version: 1.0.0 - sipgate GmbH)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SuperMailer 6.10 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 6.10 - Mirko Boeer Softwareentwicklungen)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13852 - TeamViewer)
The Psychedelic Screen Saver (HKLM-x32\...\Psych) (Version: Psych v2006.0204 - Synthesoft, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Waterfox 13.0 (x64 en-US) (HKLM\...\Waterfox 13.0 (x64 en-US)) (Version: 13.0 - Mozilla)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Restore Points  =========================

29-06-2014 23:29:18 Entfernt Creative Sync Manager (Unicode)
30-06-2014 10:19:22 Wiederherstellungsvorgang
30-06-2014 11:32:15 Entfernt Your Application Name
30-06-2014 12:55:32 Windows-Sicherung
30-06-2014 13:07:36 Firefoxis
30-06-2014 13:23:17 Wiederherstellungsvorgang
02-07-2014 18:43:09 Removed Skype™ 6.16
02-07-2014 18:45:47 Removed Google Chrome Frame
03-07-2014 09:00:50 Wiederherstellungsvorgang
05-07-2014 12:10:20 Installed Pinnacle VideoSpin.
05-07-2014 22:54:03 AA11

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-05 23:00 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1			d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

Task: {0E2D0200-0AF2-4DBE-AF95-3A456AC99A57} - System32\Tasks\Opera scheduled Autoupdate 1404499682 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {5713969D-6546-414D-A1CA-47613F69DEA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {5B8FA26B-5D6D-404E-95B9-F1E3484D3D33} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for JP-THINK.JP => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo)
Task: {5C9DA692-8A55-4EF8-B6B9-D4479A8B55CD} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2011-12-21] (Lenovo)
Task: {92447A70-1B93-4EB5-9659-659F9977BA06} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-01-09] (Lenovo)
Task: {AACB634A-A78D-4CB9-8C6E-82E9A5257B60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {B7A0CCF9-FB8E-4B8E-B459-4DCB6F7FA1EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {BFE6B31B-358D-4F6C-A635-5F17C962E052} - System32\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {E5CD0787-A092-4D11-8E0D-AA881F00B0CF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2011-12-21] (Lenovo)
Task: {E8D259FF-C45B-4B69-A84D-C84EF608BEE7} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec410109bafe3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-07-08 13:59 - 2011-08-31 20:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-07-08 23:19 - 2011-05-19 14:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-07-08 13:56 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-07-08 13:56 - 2011-08-19 07:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2006-09-19 10:07 - 2006-09-19 10:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\JP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-05-24 16:41 - 2006-11-23 17:12 - 00851968 _____ () C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
2012-09-05 21:46 - 2006-02-04 15:52 - 00057344 _____ () C:\Program Files (x86)\Psych\Runner.EXE
2014-05-05 14:34 - 2014-05-05 14:34 - 21471624 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\Bix.exe
2013-09-28 16:42 - 2013-09-28 16:42 - 00240640 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.SystemL#\8753f1bfdf183e31e5dd49287af8125e\PaintDotNet.SystemLayer.Native.x64.ni.dll
2013-08-17 14:01 - 2013-08-17 14:01 - 00129600 _____ () C:\Program Files\Paint.NET\Native.x64\PaintDotNet.Native.x64.dll
2013-08-17 14:01 - 2013-08-17 14:01 - 00085568 _____ () C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x64.dll
2012-04-23 15:41 - 2012-04-23 15:41 - 00052736 _____ () C:\Program Files\Paint.NET\FileTypes\PhotoShop.dll
2012-07-08 14:00 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-07-08 14:00 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-05-24 16:41 - 2006-11-24 09:45 - 00192512 _____ () C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl
2014-06-15 20:58 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-15 20:58 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2014-06-15 20:58 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00024848 _____ () C:\Program Files (x86)\3CXPhone\avfilters\wavdest.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 00270336 _____ () C:\Program Files (x86)\3CXPhone\avfilters\lame.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 03843584 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ffdshow.ax
2011-03-23 09:21 - 2011-03-23 09:21 - 05210449 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\libavcodec.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00901509 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\xvidcore.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00962008 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ff_x264.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00100864 _____ () C:\Program Files (x86)\3CXPhone\ffdshow\ff_wmv9.dll
2011-03-23 09:21 - 2011-03-23 09:21 - 00157184 _____ () C:\Program Files (x86)\3CXPhone\avfilters\libspeexdsp.dll
2014-05-05 11:00 - 2014-05-05 11:00 - 10191872 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\CLIWrapper_VC11.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00036864 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\zip.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00066048 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\zlib1.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00072192 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_thread-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00016384 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_system-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00040960 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_date_time-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00100352 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_filesystem-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00631808 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_regex-vc110-mt-1_52.dll
2013-05-14 13:19 - 2013-05-14 13:19 - 00235520 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\boost_serialization-vc110-mt-1_52.dll
2013-05-13 17:20 - 2013-05-13 17:20 - 00047616 _____ () C:\Users\JP\AppData\Roaming\Bix\Dlls\INETConnection.dll
2014-06-18 13:19 - 2014-07-03 21:49 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 22:05 - 2014-07-08 22:05 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5054

Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5054

Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4040

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4040

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044


System errors:
=============
Error: (07/10/2014 11:41:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (07/10/2014 11:41:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (07/10/2014 11:41:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/06/2014 10:34:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/06/2014 02:40:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5054

Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5054

Error: (07/14/2014 11:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4040

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4040

Error: (07/14/2014 11:50:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (07/14/2014 11:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 11:50:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044


CodeIntegrity Errors:
===================================
  Date: 2013-04-13 22:18:33.554
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.244
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:33.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-13 22:18:32.954
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 71%
Total physical RAM: 4007.23 MB
Available physical RAM: 1134.89 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 3977.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:281 GB) (Free:152.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.83 GB) (Free:1.33 GB) FAT
Drive f: (cbd_drive) (Removable) (Total:14.84 GB) (Free:8.07 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0B498970)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Alt 15.07.2014, 19:57   #15
Warlord711
/// TB-Ausbilder
 
Kein Browser läuft mehr durch Adware - Standard

Kein Browser läuft mehr durch Adware



Sieht soweit gut aus.

Kannst du mir sagen, ob der Proxy im Firefox so gewollt ist ?

Code:
ATTFilter
FF NetworkProxy: "http", "13.7.9.139"
FF NetworkProxy: "http_port", 80
         
Gib mir bitte dazu eine kurze Rückmeldung, auch bezüglich deines anfänglichen Problems, Werbung, kleine schwarze Fenster usw.

Antwort

Themen zu Kein Browser läuft mehr durch Adware
adware, bildschirm, browser, dateien, deinstalliert, firefox, malwarebytes, neue, neuinstallation, programm, pup.optional.adpeak.a, pup.optional.offermosquito, pup.optional.offermosquito.a, pup.optional.rapiddown, pup.optional.softonic.a, pup.optional.suprasavings.a, quarantäne, reiter, security, sweetpage, sweetpage entfernen, systemwiederherstellung, total, werbung, win



Ähnliche Themen: Kein Browser läuft mehr durch Adware


  1. neuer laptop läuft gar nix mehr! kein internet, keine anwendungen
    Plagegeister aller Art und deren Bekämpfung - 26.12.2015 (19)
  2. Win 10: Chrome öffnet ungefragt Tabs; Virenscan läuft nicht mehr durch
    Log-Analyse und Auswertung - 25.08.2015 (12)
  3. Virus hat Browser lahm gelegt - kein Internet mehr!
    Log-Analyse und Auswertung - 02.06.2015 (9)
  4. Kein Internetzugriff, nur durch Browser.
    Plagegeister aller Art und deren Bekämpfung - 09.04.2015 (7)
  5. Laptop WIN7: funktioniert kein WLAN mehr, Mozilla spinnt rum, Intel RST Service läuft nicht, Meldungen im Wartungscenter
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (37)
  6. Laptop WIN7: funktioniert kein WLAN mehr, Mozilla spinnt rum, Intel RST Service läuft nicht, Meldungen im Wartungscenter
    Alles rund um Windows - 07.10.2014 (1)
  7. kein WLAN mehr, dafür AdWare
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (3)
  8. Kein Browser geht mehr ausser Firefox
    Log-Analyse und Auswertung - 18.02.2014 (23)
  9. Win8.1: Nach Phishing Mail läuft das Internet erst langsam, jetzt nicht mehr; kein PopUp o.ä.
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (13)
  10. Browser öffnet keine Webseiten mehr - Internet läuft!
    Log-Analyse und Auswertung - 13.06.2011 (20)
  11. Es Funktioniert kein Browser mehr
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (30)
  12. Kein Browser lässt sich mehr starten!
    Log-Analyse und Auswertung - 19.04.2010 (30)
  13. Browser gehen durch viren net mehr-.-
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  14. Msn&Icq läuft problemlos, nach einiger Zeit aber kein Seitenaufbau mehr
    Log-Analyse und Auswertung - 06.01.2010 (1)
  15. AntiVir und Ad-Aware läuft nicht mehr durch
    Log-Analyse und Auswertung - 02.07.2009 (2)
  16. gmer läuft nicht mehr durch - rootkit eingefangen?
    Log-Analyse und Auswertung - 06.05.2009 (1)
  17. Internetverbindung steht - kein Browser läuft!
    Log-Analyse und Auswertung - 01.01.2007 (4)

Zum Thema Kein Browser läuft mehr durch Adware - Hallo, Habe wohl einen Virus o.ä. auf meinem System, Win7. Symptome: Zuerst erscheinen zwei kleinere schwarze Fenster für ca. 1 sek. oben rechts im Bildschirm während ich arbeite, browse... Dann - Kein Browser läuft mehr durch Adware...
Archiv
Du betrachtest: Kein Browser läuft mehr durch Adware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.