Desktop wird plötzlich schwarz, wenn ich im Internet bin.

nomathemba · 16.12.2014, 14:45

Leider wurde alles schwarz, während ich den Scan Junkware Removal Tour durchlaufen lies. Ich konnte nicht mal mehr die txt Datei speichern!
Wie komme ich da nun wieder ran?

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.105 - Bericht erstellt am 16/12/2014 um 13:38:03
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.4 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Administrator - PAOLO
# Gestartet von : C:\Users\tha\Downloads\AdwCleaner_4.105.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : IePluginServices
Dienst Gefunden : c2cautoupdatesvc
Dienst Gefunden : c2cpnrsvc

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\ADMINI~1\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\user.js
Ordner Gefunden : C:\Program Files (x86)\eSupport.com
Ordner Gefunden : C:\Program Files (x86)\SupTab
Ordner Gefunden : C:\ProgramData\drivergenius
Ordner Gefunden : C:\ProgramData\IePluginServices
Ordner Gefunden : C:\Users\tha\AppData\Local\eSupport.com

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\ClickConnect
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SupHpUISoft
Schlüssel Gefunden : [x64] HKCU\Software\ClickConnect
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\SupHpUISoft
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\supWPM
Schlüssel Gefunden : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1412162651&from=cor&uid=ST1000LM014-SSHD-8GB_W381DE8GXXXXW381DE8G&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1412162651&from=cor&uid=ST1000LM014-SSHD-8GB_W381DE8GXXXXW381DE8G&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1412162651&from=cor&uid=ST1000LM014-SSHD-8GB_W381DE8GXXXXW381DE8G&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1412162651&from=cor&uid=ST1000LM014-SSHD-8GB_W381DE8GXXXXW381DE8G&q={searchTerms}

-\\ Mozilla Firefox v34.0.5 (x86 de)

[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-tab", false);
[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-win", false);
[xn2v2sx7.default] - Zeile gefunden : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0DtDzyyE0CtAtB0D0DyEtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
[xn2v2sx7.default] - Zeile gefunden : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0DtDzyyE0CtAtB0D0DyEtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzy[...]
[xn2v2sx7.default] - Zeile gefunden : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[xn2v2sx7.default] - Zeile gefunden : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[xn2v2sx7.default] - Zeile gefunden : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0DtDzyyE0CtAtB0D0DyEtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtB[...]

*************************

AdwCleaner[R0].txt - [5243 octets] - [16/12/2014 13:38:03]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [5303 octets] ##########

--- --- ---JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Pro x64
Ran by Administrator on 16.12.2014 at 14:25:22,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.12.2014 at 14:27:51,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
Ist sicherlich die falsche, wie komme ich an die erste txt Datei?

Warlord711 · 16.12.2014, 15:03

Hast du JRT jetzt erneut ausgeführt ?
Normalerweise erstellt er eine JRT.txt Datei am Speicherort der jrt.exe

nomathemba · 16.12.2014, 15:24

Ja, aber ich finde nicht mehr die Datei. Ich öffne lediglich den Administrator mit dem Suchlauf. Und während er sucht, stürzt mein Computer ab.

Warlord711 · 16.12.2014, 15:31

Ich hab da noch 2 Fragen:

Zitat:

Ja, aber ich finde nicht mehr die Datei. Ich öffne lediglich den Administrator mit dem Suchlauf. Und während er sucht, stürzt mein Computer ab.

Was genau meinst du damit ?

Zitat:

Seit über einer Woche kommt es vor, das wenn ich im Internet unterwegs bin, der Bildschirm plötzlich schwarz wird. Dann funktioniert nur noch das Schliessen "x".

Welches Schliessen "X" meinst du ?

nomathemba · 16.12.2014, 15:39

Nur noch die obere Leiste ist zu sehen, mit dem roten Kreuz für das Schließen der Seite.

Während der Scan läuft, stürzt als erstes das Internet ab, und daraufhin wird der gesamte Desctop dunkel bis schwarz und nur noch in der unteren Ecke ist das Windows Start Symbol zu sehen, das ich aber auch nicht aufrufen kann. So habe ich zweimal mit dem Drücken des Netzschalters den Computer heruntergefahren.

Warlord711 · 16.12.2014, 15:51

Also was definitiv ins Auge sticht:

Zitat:

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Es fehlen Treiber für den Chipsatz vom Rechner, damit lässt sich erstmal auch kein stabiles System aufsetzen.

Schau auf der Support-Seite vom Laptop und lade dir die passenden Chipsatz-Treiber für Win 8.1 64-bit herunter und installier diese.

Wenn du den Geräte-Manager aufrufst, z.b. per Windows Suchfunktion (Windows-Taste+S), müsstest du schon mind. 2 Einträge mit Ausrufezeichen finden.

nomathemba · 16.12.2014, 16:04

Diese beiden Treiber habe ich dort nie gefunden, und auch meine Suche im Netz danach lief nicht erfolgreich.
Laptops and netbooks :: IdeaPad Z Series laptops :: IdeaPad Z510 Notebook - Lenovo Support (US)

Warlord711 · 16.12.2014, 16:22

Hier:

http://download.lenovo.com/consumer/mobiles/dah01ww.exe

Es handelt sich dabei um die Chipsatz / Chipset Treiber

nomathemba · 16.12.2014, 17:16

Lieber Timo,
lieben Dank für Deine Zeit! War ja ein großes Stück Arbeit. Noch ein paar Fragen, die mir geblieben sind. Vielleicht haben Sie ja eine Antwort.
Ist mein Computer nun wieder sicher? Hatte ich eigentlich einen Virus? Hatte das irgendetwas mit "Chip" zu tun gehabt.
Den letzten Treiber "PCI-Kommunikationskontroller" fehlt immer noch. Soll ich weiterhin McAfee (habe ich käuflich erworben) vertrauen, obwohl er mir nie einen Fehler angezeigt hat? Java Package ist auch noch nicht gelöscht! Im Administrator existierte die auch nicht.

Warlord711 · 16.12.2014, 22:29

Hi !

Wir sind bei weitem nicht durch, mir war erstmal wichtig das die Treiber usw. erstmal vorhanden sind.

Installier noch http://download.lenovo.com/consumer/...ei150w8164.exe sowie das Solution Center von Lenovo - ist zwar nicht für Ideapad konzipiert, könnte aber helfen:

http://download.lenovo.com/ibmdl/pub..._x64_28001.exe

Lass uns erstmal darum kümmern das die Treiber alle sauber installiert sind, dann schauen wir weiter.

nomathemba · 17.12.2014, 09:08

Intel Manageability Engine sagt: "die Prüfung auf Updates konnte nicht abgeschlossen werden, bitte überprüfen Sie ihre Internetverbindung".

Soll ich die empfohlenden Aktionen vom Lenovo Solution Center jetzt durchführern?
1. Hardwarescan
2. Produktregistrierung
3. Erstellen eines Wiederherstellungsdatenträgers

Warlord711 · 17.12.2014, 09:38

1. definitiv

2.+3. bleibt dir überlassen

Ist im Gerätemanager noch ein Gerät mit Ausrufezeichen vorhanden ?

nomathemba · 17.12.2014, 09:40

Nein!

Warlord711 · 17.12.2014, 09:48

Ok, schauen wir mal wo wir jetzt stehen:

Bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

nomathemba · 17.12.2014, 10:22

Hardwaretest: Oder soll ich es lieber als Datei anhängen? Frst kommt sofort!

Abgebrochen

Mittwoch, 17. Dezember 2014 09:41:45

Lenovo Solution Center Protokolldatei
Ergebniscode: WCP23E000-DJ7X2K

Prozessor
Anzeigename Intel(R) Core(TM) i7-4702MQ Prozessor @ 2.20GHz
Modell Intel(R) Core(TM) i7-4702MQ Prozessor @ 2.20GHz
Hersteller INTEL
Anzahl der Kerne 4
Anzahl der Threads 8
Signatur 306C3h
Maximale Geschwindigkeit 2.2 Ghz
Aktuelle Geschwindigkeit 2,194703 GHz
Funktionen MMX, EM64T, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES, AVX, CLMUL, FMA, PSE, PSE-36, IDA/Turbo boost, HTT, XD, VMX
Cache L1 4 x 32 KB Daten, 4 x 32 KB Anweisungen
Cache L2 4 x 256 KB Vereinheitlicht
Cache L3 1 x 6 MB Vereinheitlicht
Diagnose
BT-Anweisungstest Bestanden
x87-Gleitpunktzahltest Bestanden
MMX-Test Bestanden
SSE-Test Bestanden
AES-Test Bestanden
Stresstest Bestanden
Ergebniscode: WME81V000-DJ7X2K

Speicher
Anzeigename Physischer Speicher
Physischer Speicher 8.000 GB
Index 0
Hersteller Unknown
Geschwindigkeit 1600 MHz
Größe 8.000 GB
Teilenummer SHARETRONIC
Seriennummer 00000000
Typ DDR3
Diagnose
Schnelle zufälligen Muster Test Bestanden
Erweiterter Integritätstest Bestanden
Adresstest Bestanden
Bit niedrig Test Bestanden
Bit high test Bestanden
Gehen ein links-Test Bestanden
Gehen ein rechts-Test Bestanden
Modulo 20 test Abgebrochen
Umzug Inversionen 8 Bit-Test Abgebrochen
Umzug Inversionen 32 Bit-Test Abgebrochen
Zufällige Muster Test Abgebrochen
Zufallszahlenfolge Test Abgebrochen
Block verschieben Test Abgebrochen
Ergebniscode: WMB000000-DJ7X2K

Steuerplatine
Anzeigename Steuerplatine
Anzahl der USB-Host-Controller: 3
Anzahl der PCI-Einheiten: 17
RTC vorhanden: Ja
Index 1
Steckp 00:00.0
Klassenname: Bridge
Unterklassenname: Host bridge
Index 2
Steckp 00:01.0
Klassenname: Bridge
Unterklassenname: PCI bridge
Index 3
Steckp 00:01.1
Klassenname: Bridge
Unterklassenname: PCI bridge
Index 4
Steckp 00:02.0
Klassenname: Display controller
Unterklassenname: VGA compatible controller
Index 5
Steckp 00:03.0
Klassenname: Multimedia controller
Unterklassenname: Audio device
Index 6
Steckp 00:14.0
Klassenname: Seriennummer: bus controller
Unterklassenname: USB controller
Index 7
Steckp 00:16.0
Klassenname: Communication controller
Unterklassenname: Communication controller
Index 8
Steckp 00:1a.0
Klassenname: Seriennummer: bus controller
Unterklassenname: USB controller
Index 9
Steckp 00:1b.0
Klassenname: Multimedia controller
Unterklassenname: Audio device
Index 10
Steckp 00:1c.0
Klassenname: Bridge
Unterklassenname: PCI bridge
Index 11
Steckp 00:1c.4
Klassenname: Bridge
Unterklassenname: PCI bridge
Index 12
Steckp 00:1d.0
Klassenname: Seriennummer: bus controller
Unterklassenname: USB controller
Index 13
Steckp 00:1f.0
Klassenname: Bridge
Unterklassenname: ISA bridge
Index 14
Steckp 00:1f.2
Klassenname: Mass storage controller
Unterklassenname: SATA controller
Index 15
Steckp 00:1f.3
Klassenname: Seriennummer: bus controller
Unterklassenname: SMBus
Index 16
Steckp 08:00.0
Klassenname: Network controller
Unterklassenname: Ethernet controller
Index 17
Steckp 09:00.0
Klassenname: Network controller
Unterklassenname: Network controller
Index 18
USB-Version 2.0
Klassenname: Vendor specific
Unterklassenname: Vendor specific
Hersteller-ID: 0x105B
Produkt: 0xE065
Herstellername: Broadcom Corp
Produkt-ID: BCM43142A0
Index 19
USB-Version 2.0
Klassenname: Miscellaneous device
Unterklassenname: Nicht verfügbar
Hersteller-ID: 0x13D3
Produkt: 0x5170
Herstellername: Nicht verfügbar
Produkt-ID: Nicht verfügbar
Diagnose
Chipsatztest Abgebrochen
PCI/PCI-e-Test Abgebrochen
USB-Test Abgebrochen
Ergebniscode: WOD000000-DJ7X2K

Optisches Laufwerk
Anzeigename DVD-RW DU8A5SH
Hersteller PLDS
Modell DVD-RW DU8A5SH
Seriennummer 8SSO10A11861L1CB4101YBK
Firmware BL61
Unterstützte Funktionen Removable disk, CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-R Sequential Recording, DVD-RAM, DVD-RW Restricted Overwrite, DVD-RW Sequential recording, DVD-R Dual Layer Sequential Recording, DVD-R Dual Layer Jump Recording, DVD+RW, DVD+R, DVD+R Dual Layer
Diagnose
Optischer Selbsttest ohne Medium Abgebrochen
Ergebniscode: WPE000000-DJ7X2K

PCI Express
Anzeigename PCI Express
PCI0 0:3.0
PCI1 0:1b.0
PCI2 8:0.0
PCI3 9:0.0
Index 0
Bus 0x0
Gerät 0x3
Funktion 0x0
Einheit verbunden Nein
Hersteller-ID 0x8086
Herstellername Intel Corporation
Klasse 0x4
Klassenname Multimedia controller
Unterklasse 0x3
Unterklassenname Audio device
Index 1
Bus 0x0
Gerät 0x1b
Funktion 0x0
Einheit verbunden Nein
Hersteller-ID 0x8086
Herstellername Intel Corporation
Klasse 0x4
Klassenname Multimedia controller
Unterklasse 0x3
Unterklassenname Audio device
Index 2
Bus 0x8
Gerät 0x0
Funktion 0x0
Einheit verbunden Ja
Hersteller-ID 0x10ec
Herstellername Realtek Semiconductor Co., Ltd.
Klasse 0x2
Klassenname Network controller
Unterklasse 0x0
Unterklassenname Ethernet controller
Index 3
Bus 0x9
Gerät 0x0
Funktion 0x0
Einheit verbunden Ja
Hersteller-ID 0x14e4
Herstellername Broadcom Corporation
Klasse 0x2
Klassenname Network controller
Unterklasse 0x80
Unterklassenname Network controller
Diagnose
PCI Express-Status-Test Abgebrochen
Ergebniscode: WHD000000-DJ7X2K

Speichergeräte
Anzeigename ST1000LM014-SSHD-8GB - 931.51 GBs
Hersteller Seagate
Modell ST1000LM014-SSHD-8GB
Seriennummer W381DE8G
Firmware LVD3
Größe 931.51 GBs
Rotationsrate 5400 RPM
Temperatur 27 C
Größe des physischen Sektors 4096
Größe des logischen Sektors 512
Logische Sektoren 1953525168
Unterstützte Standards ATA8-ACS, ATA7-ATAPI, ATA6-ATAPI, ATA5-ATAPI, ATA4-ATAPI
Versionsangabe Nicht erkannte Version
Partitionsschema MBR
Index 1
Partitionstyp Primär
Dateisystem FAT32
Mountpunkt F:\
Seriennummer EE5C6E50
Größe 996.00 MBs
Belegt 30.43 MBs
Frei 965.57 MBs
Index 2
Partitionstyp Primär
Dateisystem IFS, HPFS, NTFS, exFAT
Mountpunkt C:\
Seriennummer 2C3D2DD4
Größe 930.53 GBs
Belegt 281.50 GBs
Frei 649.03 GBs
Diagnose
SMART-Statustest Abgebrochen
Gezielter Lesetest Abgebrochen
Zufälliger Suchtest Abgebrochen
Trichtersuchtest Abgebrochen
Kurzer SMART-Selbsttest Abgebrochen
Selbsttest für SMART-Laufwerk Abgebrochen
Ergebniscode: WVC000000-DJ7X2K

Grafikkarte
Anzeigename GeForce GT 740M
Position PCI bus 7, device 0, function 0
OpenCL-Version OpenCL 1.1 CUDA
OpenCL-Treiberversion 344.11
Anzahl der Kerne 2
Globale Arbeitsspeichergröße 2.00 GBs
Globale Cachegröße des Arbeitsspeichers 32.00 KBs
Lokale Arbeitsspeichergröße 48.00 KBs
Diagnose
Schnelltest des Grafikarbeitsspeichers Abgebrochen
Test der mathematischen Operationen Abgebrochen
Erweiterter Grafikarbeitsspeichertest Abgebrochen
Stresstest Abgebrochen
Ergebniscode: WVC000000-DJ7X2K

Grafikkarte
Anzeigename Intel(R) HD Graphics 4600
Position PCI bus 0, device 2, function 0
OpenCL-Version OpenCL 1.2
OpenCL-Treiberversion 10.18.10.3907
Anzahl der Kerne 20
Globale Arbeitsspeichergröße 1.39 GBs
Globale Cachegröße des Arbeitsspeichers 2.00 MBs
Lokale Arbeitsspeichergröße 64.00 KBs
Diagnose
Schnelltest des Grafikarbeitsspeichers Abgebrochen
Test der mathematischen Operationen Abgebrochen
Strukturpipelinetest Abgebrochen
Erweiterter Grafikarbeitsspeichertest Abgebrochen
Ergebniscode: WWF00F000-DJ7X2K

Drahtlos
Anzeigename Broadcom 802.11n-Netzwerkadapter
MAC Address 48:5A:B6

0:94:C3
Hersteller Broadcom
Name {7126D5C5-ABE5-4848-996B-AC34B988F149}
Produktname Broadcom 802.11n-Netzwerkadapter
Diagnose
Text bei aktivierter Funkverbindung Bestanden
Netzwerk-Scantest Bestanden
Test der Signalstärke Bestanden
Lokaler Verbindungstest Bestanden

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by tha (ATTENTION: The logged in user is not administrator) on PAOLO on 17-12-2014 10:17:46
Running from C:\Users\tha\Downloads
Loaded Profiles: tha & Administrator (Available profiles: tha & Kind 1_2_3 & Administrator & Gast)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mindjet) C:\Program Files\Mindjet\MindManager 15\MmReminderService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MMReminderService] => C:\Program Files\Mindjet\MindManager 15\MMReminderService.exe [123200 2014-10-03] (Mindjet)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1389048734-1753713617-1501943725-1001\...\RunOnce: [Adobe Speed Launcher] => 1418801345
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
ShortcutTarget: McAfee Online Backup Status.lnk -> C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1389048734-1753713617-1501943725-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1389048734-1753713617-1501943725-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
URLSearchHook: [S-1-5-21-1389048734-1753713617-1501943725-500] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1389048734-1753713617-1501943725-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0DtDzyyE0CtAtB0D0DyEtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtAyC0EzztByB0BtGtBtD0AtDtGtAtBtA0CtGyEtDtA0FtGyE0FtA0ByB0DtDzy0EtC0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyCtDtDzy0BzytGzztB0BzztGyEyD0CzztG0AzyzztAtGzyzyzyyC0F0D0AtAyBtDtA0B2Q&cr=1639524130&ir=
SearchScopes: HKU\S-1-5-21-1389048734-1753713617-1501943725-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0DtDzyyE0CtAtB0D0DyEtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtAyC0EzztByB0BtGtBtD0AtDtGtAtBtA0CtGyEtDtA0FtGyE0FtA0ByB0DtDzy0EtC0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyCtDtDzy0BzytGzztB0BzztGyEyD0CzztG0AzyzztAtGzyzyzyyC0F0D0AtAyBtDtA0B2Q&cr=1639524130&ir=
SearchScopes: HKU\S-1-5-21-1389048734-1753713617-1501943725-1001 -> {6B62D088-44EC-4C7A-97DD-B32E6010D241} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20141202&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 15\Mm8InternetExplorer.dll (Mindjet)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Avira Browser Safety - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\abs@avira.com [2014-10-02]
FF Extension: FoxyProxy Standard - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\foxyproxy@eric.h.jung [2014-09-30]
FF Extension: WOT - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-30]
FF Extension: NoScript - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-30]
FF Extension: Adblock Plus - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-30]
FF Extension: BetterPrivacy - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\xn2v2sx7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-09-30]
FF Extension: HTTPS-Everywhere - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-10-02]
FF Extension: DownloadHelper - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-02]
FF Extension: JonDoFox - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-09-08]
FF Extension: NoScript - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-04]
FF Extension: Cookie Controller - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-09-04]
FF Extension: No Name - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-04]
FF Extension: ProfileSwitcher - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-09-04]
FF Extension: FoxyProxy Standard - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer\Extensions\foxyproxy@eric.h.jung [2014-10-05]
FF Extension: WOT - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-10-05]
FF Extension: No Name - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-05]
FF Extension: No Name - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-04]
FF Extension: No Name - C:\Users\tha\AppData\Roaming\Mozilla\Firefox\Profiles\tm9h749x.Standard-Benutzer\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-02]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-05]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-12-01] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-10-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-09-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [184168 2014-05-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2014-10-24] (REALiX(tm))
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-20] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [67808 2014-05-20] (Mozy, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-10-01] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 10:11 - 2014-12-17 10:11 - 00023841 _____ () C:\Users\tha\Documents\Report.html
2014-12-17 08:52 - 2014-12-17 08:52 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-12-17 08:51 - 2014-12-17 08:51 - 00000000 ____D () C:\Users\tha\AppData\Roaming\LSC
2014-12-17 08:49 - 2014-12-17 09:41 - 00000000 ____D () C:\ProgramData\Lenovo
2014-12-17 08:49 - 2014-12-17 08:49 - 00002007 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-17 08:49 - 2014-12-17 08:49 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-17 08:48 - 2014-12-17 08:48 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 _____ () C:\WINDOWS\SysWOW64\agent.log
2014-12-17 08:41 - 2013-08-20 02:11 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2014-12-17 08:40 - 2014-12-17 08:40 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-12-17 08:40 - 2013-08-20 02:11 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2014-12-17 08:40 - 2013-08-20 02:11 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2014-12-17 08:35 - 2014-12-17 08:39 - 43382456 _____ (Lenovo Group Limited) C:\Users\tha\Downloads\lscsetup_x64_28001.exe
2014-12-17 08:34 - 2014-12-17 08:39 - 55443176 _____ (Lenovo Group Limited ) C:\Users\tha\Downloads\imei150w8164.exe
2014-12-16 17:03 - 2014-12-16 17:03 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-16 16:55 - 2014-12-16 16:55 - 00001018 _____ () C:\Users\Administrator\Desktop\Unknown Device Identifier.lnk
2014-12-16 16:55 - 2014-12-16 16:55 - 00000079 _____ () C:\Users\Administrator\Desktop\Huntersoft Free Download.url
2014-12-16 16:55 - 2014-12-16 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.02
2014-12-16 16:55 - 2014-12-16 16:55 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-12-16 16:48 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2014-12-16 16:47 - 2014-12-16 16:47 - 01548912 _____ (Lenovo Group Limited ) C:\Users\tha\Downloads\dah01ww.exe
2014-12-16 14:27 - 2014-12-16 14:27 - 00000626 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-12-16 13:58 - 2014-12-16 13:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-16 13:57 - 2014-12-16 13:57 - 01707646 _____ (Thisisu) C:\Users\tha\Downloads\JRT.exe
2014-12-16 13:38 - 2014-12-16 13:54 - 00000000 ____D () C:\AdwCleaner
2014-12-16 13:37 - 2014-12-16 13:37 - 02166272 _____ () C:\Users\tha\Downloads\AdwCleaner_4.105.exe
2014-12-16 13:24 - 2014-12-16 13:24 - 00001280 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-12-16 11:21 - 2014-12-16 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 11:20 - 2014-12-16 11:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\tha\Downloads\revosetup95.exe
2014-12-15 21:50 - 2014-12-16 10:06 - 00122208 _____ () C:\Users\tha\Downloads\Addition.txt
2014-12-15 21:48 - 2014-12-17 10:19 - 00028739 _____ () C:\Users\tha\Downloads\FRST.txt
2014-12-15 21:48 - 2014-12-17 10:18 - 00000000 ____D () C:\FRST
2014-12-15 21:47 - 2014-12-15 21:47 - 02119168 _____ (Farbar) C:\Users\tha\Downloads\FRST64.exe
2014-12-15 00:48 - 2014-12-15 00:48 - 00082866 _____ () C:\Users\tha\Downloads\Extras.Txt
2014-12-15 00:46 - 2014-12-15 00:46 - 00147680 _____ () C:\Users\tha\Downloads\OTL.Txt
2014-12-12 17:58 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 17:58 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-12 17:57 - 2014-12-12 17:57 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-12 17:57 - 2014-12-12 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-12 17:57 - 2014-12-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-11 08:57 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 08:57 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 08:57 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 08:57 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 08:57 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 08:57 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 08:25 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:25 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 08:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-03 13:26 - 2014-12-03 13:26 - 00000000 ____D () C:\Users\tha\Documents\Eigene Maps
2014-12-02 22:36 - 2014-12-02 22:36 - 00019968 ___SH () C:\Users\tha\Documents\Thumbs.db
2014-12-02 22:31 - 2014-12-02 22:31 - 00000000 ____D () C:\Users\tha\AppData\Roaming\PACE Anti-Piracy
2014-12-02 22:31 - 2014-12-02 22:31 - 00000000 ____D () C:\Users\tha\AppData\Roaming\NVIDIA
2014-12-02 22:31 - 2014-12-02 22:31 - 00000000 ____D () C:\Users\tha\AppData\Local\PACE Anti-Piracy
2014-12-02 22:31 - 2014-12-02 22:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-02 21:40 - 2014-12-02 21:40 - 00001932 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-12-02 21:40 - 2014-12-02 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-02 21:39 - 2014-12-03 09:08 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
2014-12-02 21:39 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files\McAfee.com
2014-12-02 21:39 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files\McAfee
2014-12-02 21:39 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-12-02 21:39 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-12-02 21:39 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-12-02 21:39 - 2014-05-20 08:21 - 00067808 _____ (Mozy, Inc.) C:\WINDOWS\system32\Drivers\MOBK.sys
2014-12-02 21:39 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-12-02 21:38 - 2014-12-05 23:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-02 21:26 - 2014-12-02 21:39 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-02 21:26 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2014-12-02 21:25 - 2014-12-02 21:25 - 05295032 _____ (McAfee, Inc.) C:\Users\tha\Documents\Setup_serial_38K1t3QyWsg8tXUogRKKFg2_key.exe
2014-11-28 12:31 - 2014-12-04 23:01 - 00000000 ____D () C:\Users\tha\Documents\Projekt 11
2014-11-25 17:10 - 2014-11-25 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-11-25 14:22 - 2014-06-11 04:15 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2014-11-24 22:34 - 2014-11-24 22:34 - 00000000 ____D () C:\Users\tha\AppData\Roaming\Oracle
2014-11-24 22:04 - 2014-11-24 22:04 - 00638888 _____ (Oracle Corporation) C:\Users\tha\Downloads\jxpiinstall.exe
2014-11-24 21:46 - 2014-11-24 21:46 - 00000000 __SHD () C:\Users\tha\AppData\Local\EmieBrowserModeList
2014-11-23 11:11 - 2014-11-23 11:11 - 00000000 ____D () C:\Users\tha\AppData\Local\Mindjet
2014-11-23 11:10 - 2014-11-23 11:10 - 00002785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Mindjet MindManager 15.lnk
2014-11-23 11:10 - 2014-11-23 11:10 - 00002779 _____ () C:\Users\Public\Desktop\Mindjet MindManager 15.lnk
2014-11-23 11:10 - 2014-11-23 11:10 - 00000000 ____D () C:\Users\Administrator\Documents\Eigene Maps
2014-11-23 11:10 - 2014-11-23 11:10 - 00000000 ____D () C:\ProgramData\Mindjet
2014-11-23 11:10 - 2014-11-23 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 15
2014-11-23 11:10 - 2014-11-23 11:10 - 00000000 ____D () C:\Program Files\Mindjet
2014-11-23 11:04 - 2014-11-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{463F9BF0-77DB-4910-92A0-11C19B92619F}
2014-11-23 10:39 - 2014-11-23 10:49 - 219712296 _____ () C:\Users\tha\Downloads\MindManager_15.0.160_DE.exe
2014-11-19 12:14 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 12:14 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 12:14 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 12:14 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 20:47 - 2014-11-18 20:47 - 01691816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2014-11-18 16:49 - 2014-12-17 09:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-18 16:49 - 2014-12-16 12:10 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-18 14:01 - 2014-11-18 14:02 - 00021539 _____ () C:\Users\tha\Documents\Unbenannt 2.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 09:41 - 2014-10-01 09:16 - 00000000 ____D () C:\Users\tha\Documents\hausarbeit
2014-12-17 09:41 - 2013-08-22 15:46 - 00018076 _____ () C:\WINDOWS\setupact.log
2014-12-17 09:07 - 2014-09-30 18:42 - 01776899 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 08:49 - 2014-10-01 01:47 - 00000000 ____D () C:\Users\tha\AppData\Local\Adobe
2014-12-17 08:41 - 2014-10-02 07:14 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-17 08:41 - 2014-10-01 00:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-17 08:41 - 2014-10-01 00:02 - 00000000 ____D () C:\ProgramData\Intel
2014-12-17 08:40 - 2014-10-01 00:02 - 00000000 ____D () C:\Program Files\Intel
2014-12-17 08:28 - 2014-10-06 10:01 - 00000000 __RDO () C:\Users\tha\SkyDrive
2014-12-17 00:54 - 2014-10-01 18:28 - 00000000 ____D () C:\Users\tha\AppData\Roaming\Usenet.nl
2014-12-17 00:54 - 2014-10-01 02:01 - 00000000 ____D () C:\Users\tha\AppData\Roaming\vlc
2014-12-17 00:47 - 2014-10-01 09:19 - 00000000 ____D () C:\Users\tha\Documents\Usenet.nl
2014-12-16 16:52 - 2014-09-30 18:45 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 16:52 - 2013-08-23 00:24 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 16:52 - 2013-08-23 00:24 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-12-16 13:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-16 13:41 - 2013-08-22 15:44 - 05125280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-16 13:40 - 2014-09-30 18:38 - 00223568 _____ () C:\WINDOWS\PFRO.log
2014-12-16 13:12 - 2014-10-02 07:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AviraSpeedup
2014-12-16 13:12 - 2014-09-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-12-16 12:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-16 11:45 - 2014-10-01 12:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-12-16 11:28 - 2014-10-02 07:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2014-12-16 08:58 - 2014-05-20 08:22 - 00010788 _____ () C:\WINDOWS\MOBK.blk
2014-12-16 08:58 - 2014-05-20 08:22 - 00000396 _____ () C:\WINDOWS\MOBK.flt
2014-12-16 07:48 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-15 07:46 - 2014-10-24 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 13:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 11:54 - 2014-10-01 09:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 09:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 09:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 09:52 - 2014-10-01 09:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 09:51 - 2014-10-04 19:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 09:48 - 2014-10-04 19:52 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 21:04 - 2014-10-01 01:49 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-07 23:22 - 2014-09-30 18:51 - 00000000 ____D () C:\Users\tha\AppData\Local\Packages
2014-12-07 23:01 - 2014-11-08 20:42 - 00000000 ____D () C:\Users\tha\AppData\Roaming\dvdcss
2014-12-06 11:20 - 2014-10-07 19:21 - 00000000 ____D () C:\Users\Kind 1_2_3
2014-12-06 11:20 - 2014-10-05 10:56 - 00000000 ____D () C:\Users\Gast
2014-12-06 11:20 - 2014-10-01 09:11 - 00000000 ____D () C:\Users\Administrator
2014-12-06 00:02 - 2014-09-30 18:51 - 00000000 ____D () C:\Users\tha
2014-12-05 23:26 - 2014-10-02 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 11:29 - 2014-11-11 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-05 11:29 - 2014-10-02 07:15 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 11:29 - 2014-10-02 07:15 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-03 09:59 - 2014-10-26 12:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-02 22:37 - 2014-10-14 14:35 - 00000000 ____D () C:\Users\tha\Documents\Konzept und Projektentwicklung
2014-12-02 22:35 - 2014-10-01 10:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-02 22:32 - 2014-09-30 18:51 - 00000000 ____D () C:\Users\tha\AppData\Roaming\Adobe
2014-12-02 22:31 - 2013-09-17 04:39 - 00000000 ___HD () C:\Users\tha\AppData\Local\0EJFJDEW9ER
2014-12-02 22:31 - 2013-02-02 20:05 - 00000000 ___HD () C:\Users\tha\AppData\Local\fLFsQ8TcLX
2014-12-02 22:28 - 2014-10-01 09:17 - 00000000 ____D () C:\Users\tha\Documents\privates
2014-12-02 22:25 - 2014-10-01 09:16 - 00000000 ____D () C:\Users\tha\Documents\Neuer Ordner
2014-12-02 21:39 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-11-28 08:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-26 23:08 - 2014-10-22 11:55 - 00000000 ____D () C:\Users\tha\Documents\InDaHouse
2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 17:10 - 2014-10-01 12:39 - 00000000 ____D () C:\ProgramData\Cisco
2014-11-25 17:10 - 2014-10-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-11-25 14:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-24 22:08 - 2014-10-01 01:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 17:49 - 2014-10-22 15:48 - 00000000 ____D () C:\Users\tha\Documents\Medienrecht
2014-11-18 16:57 - 2014-10-01 10:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\AviraSetup177783234.exe
C:\Users\Administrator\AppData\Local\Temp\AviraSetup82306328.exe
C:\Users\Administrator\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by tha at 2014-12-17 10:20:03
Running from C:\Users\tha\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - Canon Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
flunatic 1.3 (HKLM-x32\...\flunatic_is1) (Version:  - Enjoy Speaking GmbH)
HWiNFO64 Version 4.46 (HKLM\...\HWiNFO64_is1) (Version: 4.46 - Martin Malík - REALiX)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Runtime Environment Packages (HKU\S-1-5-21-1389048734-1753713617-1501943725-1001\...\Java Runtime Environment Packages) (Version:  - ) <==== ATTENTION
Lenovo Solution Center (HKLM\...\{87D9837B-FFC4-45E2-8AE8-6F588EF30FD9}) (Version: 2.8.001.00 - Lenovo Group Limited)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1367 - McAfee, Inc.)
McAfee Online Backup (Version: 2.26.1.386 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mindjet MindManager 15 (HKLM\...\{6DC22521-28B0-40A0-A80E-5C71A4495D92}) (Version: 15.0.160 - Mindjet)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skat-Palast Version 1.0 (HKLM-x32\...\Skat-Palast_is1) (Version: 1.0 - Ruben Gerlach)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Unknown Device Identifier 8.02 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.02 - Huntersoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1389048734-1753713617-1501943725-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-16 13:58 - 00000827 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2014-08-13 23:24 - 2014-08-13 23:24 - 00453448 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-10-03 12:02 - 2014-10-03 12:02 - 00178992 _____ () C:\Program Files\Mindjet\MindManager 15\zlib64.dll
2014-12-01 18:18 - 2014-12-01 18:18 - 00148768 _____ () C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tha\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\tha\AppData\Local\Temp:SK31N4MMZi6fg3iGJ61t
AlternateDataStreams: C:\Users\tha\AppData\Local\Temporary Internet Files:7CQjgQ3l4n7dEXpu

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1389048734-1753713617-1501943725-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-1389048734-1753713617-1501943725-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1389048734-1753713617-1501943725-1003 - Limited - Enabled)
Kind 1_2_3 (S-1-5-21-1389048734-1753713617-1501943725-1004 - Limited - Enabled) => C:\Users\Kind 1_2_3
tha (S-1-5-21-1389048734-1753713617-1501943725-1001 - Limited - Enabled) => C:\Users\tha

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 08:38:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


System errors:
=============
Error: (12/17/2014 08:48:59 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (12/16/2014 02:42:00 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (12/17/2014 08:38:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


CodeIntegrity Errors:
===================================
  Date: 2014-12-01 14:34:14.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 14:34:14.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 14:33:44.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 14:33:43.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 21:03:19.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 21:03:19.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 20:34:57.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 20:34:57.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 20:34:57.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 20:34:57.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8108.36 MB
Available physical RAM: 5488.85 MB
Total Pagefile: 9388.36 MB
Available Pagefile: 6544.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.53 GB) (Free:649.02 GB) NTFS
Drive e: (15.0.4420.1017) (CDROM) (Total:0.76 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:0.97 GB) (Free:0.94 GB) FAT32 ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

--- --- ---

16.12.2014, 15:03	#17
Warlord711 /// TB-Ausbilder	Desktop wird plötzlich schwarz, wenn ich im Internet bin. Hast du JRT jetzt erneut ausgeführt ? Normalerweise erstellt er eine JRT.txt Datei am Speicherort der jrt.exe __________________ __________________

16.12.2014, 16:22	#23
Warlord711 /// TB-Ausbilder	Desktop wird plötzlich schwarz, wenn ich im Internet bin. Hier: http://download.lenovo.com/consumer/mobiles/dah01ww.exe Es handelt sich dabei um die Chipsatz / Chipset Treiber __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

17.12.2014, 09:38	#27
Warlord711 /// TB-Ausbilder	Desktop wird plötzlich schwarz, wenn ich im Internet bin. 1. definitiv 2.+3. bleibt dir überlassen Ist im Gerätemanager noch ein Gerät mit Ausrufezeichen vorhanden ? __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

17.12.2014, 09:48	#29
Warlord711 /// TB-Ausbilder	Desktop wird plötzlich schwarz, wenn ich im Internet bin. Ok, schauen wir mal wo wir jetzt stehen: Bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

Desktop wird plötzlich schwarz, wenn ich im Internet bin.

Plagegeister aller Art und deren Bekämpfung: Desktop wird plötzlich schwarz, wenn ich im Internet bin.