Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox stottert nur noch, sehr langsamer Seitenaufbau trotz schnellen Internets (https://www.trojaner-board.de/159590-firefox-stottert-nur-noch-sehr-langsamer-seitenaufbau-trotz-schnellen-internets.html)

Chris792 09.10.2014 21:45
Firefox stottert nur noch, sehr langsamer Seitenaufbau trotz schnellen Internets
 
Hallo liebe Community,

seit ca 2 Wochen nun ist mein PC bei der Internetnutzung seeeehr langsam.
Wenn ich normal mit Programmen arbeiten möchte, läuft soweit alles flüssig.

Vor diesen zwei Wochen hatte ich auch einen ersten Malware-Verdacht, den mir mein Antivirenprogramm Avast mitgeteilt hat.
Seitdem habe ich auch noch 2 weitere Meldungen bekommen (die betroffenen Dateien wurden in die Quarantäne verschoben)

Nun benutze ich gerade Linux von einem Live-Stick aus und das Internet läuft echt flüssig.

Vielleicht ist es noch gut zu wissen, dass ich gerade in Buenos Aires wohne.

Könnt ihr mir zur Behebung des Problems helfen?
(wrsh Identifikation der Malware und dann Löschung?)

Vielen lieben Dank euch!
Chris

schrauber 09.10.2014 22:06
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Chris792 09.10.2014 22:51
Anbei kommen die zwei txt-Dateien.
Danke dir schon mal!

Chris792 10.10.2014 01:12
Zitat:
Zitat von Chris792 (Beitrag 1369908)
Anbei kommen die zwei txt-Dateien.
Danke dir schon mal!
sorry....
Hier ist die FRST-Datei:

[CODE]
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Chris (administrator) on CHRIS-PC on 09-10-2014 18:45:28
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Software\avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Software\Teamviewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Object Browser) C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.exe
(iWebar) C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-6.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Mozilla Corporation) C:\Software\Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVAST Software) C:\Software\avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Software\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Software\avast\AvastUI.exe [4085896 2014-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-382975922-1326899409-4056930197-1000\...\MountPoints2: {bf64593f-137a-11e4-a7de-f0def1917869} - D:\noautorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Software\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A7228DDD84CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: No Name -> {11111111-1111-1111-1111-110611191115} ->  No File
BHO: No Name -> {11111111-1111-1111-1111-110611511123} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.20.0.10 200.69.24.10

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: Senses - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\Extensions\warnerroberts@hotmail.com [2014-10-09]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Software\avast\WebRep\FF
FF Extension: avast! Online Security - C:\Software\avast\WebRep\FF [2014-10-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Software\Firefox\firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Software\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Software\avast\AvastSvc.exe [50344 2014-10-01] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 TeamViewer9; C:\Software\Teamviewer\TeamViewer_Service.exe [5052224 2014-08-06] (TeamViewer GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-01] ()
S1 funfrm; C:\Windows\SysWow64\Drivers\funfrm.sys [53136 2014-08-02] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 18:45 - 2014-10-09 18:46 - 00013105 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-10-09 18:45 - 2014-10-09 18:45 - 00000000 ____D () C:\FRST
2014-10-09 18:44 - 2014-10-09 20:54 - 02109952 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-10-08 23:14 - 2014-10-08 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-10-06 20:02 - 2014-10-06 20:07 - 00000576 _____ () C:\Users\Chris\Desktop\MonitorOff.lnk
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Macromedia
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\Macromedia
2014-10-06 10:37 - 2014-10-06 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 10:37 - 2014-10-06 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 10:36 - 2014-10-06 10:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-10-06 10:09 - 2014-10-06 10:09 - 03453440 _____ () C:\Users\Chris\Downloads\Programacion_control_y_ejecucion_del_movimiento_2008.ppt
2014-10-05 10:35 - 2014-10-05 10:35 - 00000083 _____ () C:\Users\Chris\Desktop\Zitatesammlung.txt
2014-10-05 09:25 - 2014-10-09 18:41 - 00001187 _____ () C:\Windows\setupact.log
2014-10-05 09:25 - 2014-10-05 09:25 - 00000828 _____ () C:\Windows\PFRO.log
2014-10-05 09:25 - 2014-10-05 09:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 11:20 - 2014-10-04 11:20 - 00000000 ____D () C:\Windows\pss
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Local\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 21:32 - 2014-10-02 21:32 - 00000000 ____D () C:\Users\Chris\Desktop\Asimov_Foundation
2014-10-02 14:09 - 2014-10-02 14:09 - 00007607 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-10-02 08:36 - 2014-10-02 08:36 - 00028250 _____ () C:\Users\Chris\Documents\bookmarks_02.10.14.html
2014-10-01 12:05 - 2014-10-01 12:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-01 11:56 - 2014-10-01 11:56 - 00001678 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-01 11:56 - 2014-10-01 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-01 11:55 - 2014-10-09 02:17 - 00004142 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-01 11:55 - 2014-10-01 11:56 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-01 11:55 - 2014-10-01 11:55 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-01 11:55 - 2014-10-01 11:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-01 10:50 - 2014-10-01 10:50 - 00001012 _____ () C:\Users\Chris\Desktop\calibre.lnk
2014-10-01 10:38 - 2014-09-24 23:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:38 - 2014-09-24 22:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 01:10 - 2014-10-01 01:10 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-30 23:59 - 2014-09-30 23:59 - 00002984 _____ () C:\Windows\System32\Tasks\{C54A89D8-F4E2-4DEC-87BB-9CF0AD7C93E2}
2014-09-30 22:42 - 2014-10-09 18:42 - 00003784 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00003070 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-1.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00003070 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00002760 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00002760 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00002760 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00002760 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.job
2014-09-30 22:42 - 2014-10-09 18:42 - 00002416 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2.job
2014-09-30 22:42 - 2014-09-30 22:42 - 00006814 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4
2014-09-30 22:42 - 2014-09-30 22:42 - 00006100 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-1
2014-09-30 22:42 - 2014-09-30 22:42 - 00006100 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1
2014-09-30 22:42 - 2014-09-30 22:42 - 00005790 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5
2014-09-30 22:42 - 2014-09-30 22:42 - 00005790 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5
2014-09-30 22:42 - 2014-09-30 22:42 - 00005446 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2
2014-09-30 22:41 - 2014-10-09 18:42 - 00004810 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00004810 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00003784 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-6.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00003784 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00003440 _____ () C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-7.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00003440 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.job
2014-09-30 22:41 - 2014-10-09 18:42 - 00003440 _____ () C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.job
2014-09-30 22:41 - 2014-10-09 16:56 - 00000000 ____D () C:\Program Files (x86)\Senses
2014-09-30 22:41 - 2014-10-09 16:56 - 00000000 ____D () C:\Program Files (x86)\iWebar
2014-09-30 22:41 - 2014-09-30 22:41 - 00007840 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11
2014-09-30 22:41 - 2014-09-30 22:41 - 00007840 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11
2014-09-30 22:41 - 2014-09-30 22:41 - 00006812 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-6
2014-09-30 22:41 - 2014-09-30 22:41 - 00006812 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6
2014-09-30 22:41 - 2014-09-30 22:41 - 00006470 _____ () C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-7
2014-09-30 22:41 - 2014-09-30 22:41 - 00006470 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7
2014-09-30 22:41 - 2014-09-30 22:41 - 00006470 _____ () C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3
2014-09-30 22:41 - 2014-09-30 22:41 - 00000000 ____D () C:\Users\Chris\AppData\Local\globalUpdate
2014-09-30 22:41 - 2014-09-30 22:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-30 22:22 - 2014-09-30 23:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-30 22:22 - 2014-09-30 22:22 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-09-30 22:21 - 2014-09-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2014-09-30 22:21 - 2014-09-30 22:21 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashRpt
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-09-30 16:08 - 2014-09-30 16:13 - 00000000 ____D () C:\Users\Chris\Documents\Buchprojekt
2014-09-30 14:24 - 2014-10-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-30 14:15 - 2014-09-30 14:16 - 06004224 _____ () C:\Users\Chris\Downloads\SintNuc1.ppt
2014-09-30 14:15 - 2014-09-30 14:15 - 05917987 _____ () C:\Users\Chris\Downloads\SintNuc1.pptx
2014-09-29 10:32 - 2014-09-29 10:32 - 04305874 _____ () C:\Users\Chris\Downloads\X-Plane10DemoInstallerWindows.zip
2014-09-23 18:05 - 2014-09-09 19:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:05 - 2014-09-09 18:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 10:51 - 2014-09-17 10:51 - 00001113 _____ () C:\Users\Chris\Downloads\matlab2.m
2014-09-17 10:51 - 2014-09-17 10:51 - 00000592 _____ () C:\Users\Chris\Downloads\simulation.m
2014-09-16 22:47 - 2014-10-09 02:25 - 00000324 _____ () C:\Users\Chris\Desktop\todo.txt
2014-09-13 23:17 - 2014-09-13 23:18 - 00000000 ____D () C:\Users\Chris\Documents\MATLAB
2014-09-12 16:39 - 2014-09-12 16:39 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TeamViewer
2014-09-11 18:52 - 2014-09-11 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-09-11 18:48 - 2014-09-11 18:49 - 00976111 _____ () C:\Users\Chris\Downloads\pymc-2.3.3-py2.7-macosx-10.9-x86_64.egg
2014-09-11 15:10 - 2014-09-11 15:10 - 00000773 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-11 15:10 - 2014-09-11 15:10 - 00000761 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-11 15:10 - 2013-10-17 12:32 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-09-11 03:12 - 2014-08-19 15:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:12 - 2014-08-19 14:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:12 - 2014-08-18 20:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:12 - 2014-08-18 19:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:12 - 2014-08-18 19:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:12 - 2014-08-18 19:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:12 - 2014-08-18 19:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:12 - 2014-08-18 19:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:12 - 2014-08-18 19:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:12 - 2014-08-18 19:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:12 - 2014-08-18 19:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:12 - 2014-08-18 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:12 - 2014-08-18 19:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:12 - 2014-08-18 19:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:12 - 2014-08-18 19:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:12 - 2014-08-18 19:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:12 - 2014-08-18 19:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:12 - 2014-08-18 19:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:12 - 2014-08-18 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:12 - 2014-08-18 18:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:12 - 2014-08-18 18:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:12 - 2014-08-18 18:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:12 - 2014-08-18 18:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:12 - 2014-08-18 18:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:12 - 2014-08-18 18:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:12 - 2014-08-18 18:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:12 - 2014-08-18 18:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:12 - 2014-08-18 18:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:12 - 2014-08-18 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:12 - 2014-08-18 18:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:12 - 2014-08-18 18:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:12 - 2014-08-18 18:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:12 - 2014-08-18 18:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:12 - 2014-08-18 18:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:12 - 2014-08-18 18:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:12 - 2014-08-18 18:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:12 - 2014-08-18 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:12 - 2014-08-18 18:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:12 - 2014-08-18 18:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:12 - 2014-08-18 18:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:12 - 2014-08-18 18:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:12 - 2014-08-18 18:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:12 - 2014-08-18 18:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:12 - 2014-08-18 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:12 - 2014-08-18 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:12 - 2014-08-18 18:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:12 - 2014-08-18 18:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:12 - 2014-08-18 18:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:12 - 2014-08-18 18:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:12 - 2014-08-18 18:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:12 - 2014-08-18 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:12 - 2014-08-18 17:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:12 - 2014-08-18 17:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:12 - 2014-08-18 17:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:12 - 2014-08-18 17:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:12 - 2014-08-18 17:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:01 - 2014-06-26 23:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-26 22:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 23:43 - 2014-08-01 08:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 23:43 - 2014-08-01 08:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 23:37 - 2014-07-06 23:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 23:37 - 2014-07-06 23:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 23:37 - 2014-07-06 22:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 23:37 - 2014-07-06 22:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 23:37 - 2014-07-06 22:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 23:37 - 2014-06-24 00:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 23:37 - 2014-06-23 23:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 23:36 - 2014-09-04 23:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 23:36 - 2014-09-04 23:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 18:24 - 2014-10-01 10:39 - 00000207 _____ () C:\Users\Chris\Desktop\goodtoknow.txt
2014-09-09 14:59 - 2014-09-09 14:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Tracker Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 18:45 - 2011-04-12 04:43 - 00699134 _____ () C:\Windows\system32\perfh007.dat
2014-10-09 18:45 - 2011-04-12 04:43 - 00149242 _____ () C:\Windows\system32\perfc007.dat
2014-10-09 18:45 - 2009-07-14 02:13 - 01618440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 18:44 - 2014-06-10 14:46 - 01585546 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 18:43 - 2014-07-17 17:41 - 00000498 ____H () C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2014-10-09 18:41 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 17:31 - 2014-06-16 14:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-10-09 17:30 - 2014-08-03 17:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ViberPC
2014-10-09 16:56 - 2014-08-03 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Local\Viber
2014-10-09 13:48 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 13:48 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 11:02 - 2014-08-25 10:40 - 00000000 ____D () C:\Users\Chris\Desktop\Raspberry Pi
2014-10-08 23:14 - 2014-06-10 15:43 - 00000000 ____D () C:\Software
2014-10-08 21:33 - 2014-08-31 07:55 - 00000000 ____D () C:\Users\Chris\Desktop\Fotos_temp
2014-10-08 12:03 - 2014-07-19 16:42 - 00000464 _____ () C:\Users\Chris\Desktop\bbb.txt
2014-10-06 22:59 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2014-10-05 00:43 - 2014-08-04 17:33 - 00000000 ___RD () C:\Users\Chris\Dropbox
2014-10-04 15:40 - 2014-08-04 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 12:53 - 2014-08-26 23:06 - 00000000 ____D () C:\Users\Chris\Documents\Uni BsAs
2014-10-01 11:54 - 2014-06-10 15:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-01 11:44 - 2014-06-16 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:15 - 2014-08-31 19:20 - 00000000 ____D () C:\Users\Chris\Documents\Calibre-Bibliothek
2014-10-01 10:19 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-30 23:17 - 2014-06-10 15:51 - 00000075 _____ () C:\Users\Chris\Desktop\Programme.txt
2014-09-28 12:29 - 2014-07-17 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-20 01:11 - 2014-08-04 17:33 - 00001017 _____ () C:\Users\Chris\Desktop\Dropbox.lnk
2014-09-20 01:11 - 2014-08-04 17:31 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-21 00:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 23:24 - 2009-07-14 01:45 - 00454968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-11 19:34 - 2014-06-10 15:29 - 00116840 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-11 18:49 - 2014-09-06 21:33 - 00000422 _____ () C:\Users\Chris\Desktop\nützliches Matlab.txt
2014-09-11 03:11 - 2014-06-15 13:18 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:10 - 2014-06-23 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2014-06-23 13:56 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:01 - 2014-06-16 15:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfi1js8.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 22:52

==================== End Of Log ============================
--- --- ---


Hier kommt noch die Addition-Datei:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by Chris at 2014-10-09 18:47:03
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
calibre 64bit (HKLM\...\{170BA998-F98B-47E6-A70E-8AE7B6F9E156}) (Version: 2.1.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer(TM) Generäle Die Stunde Null  (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null  (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version:  - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EasyCapture (HKLM-x32\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
Igor Pro (HKLM-x32\...\Igor Pro) (Version: 6.3.4.1 (6.34A) - WaveMetrics, Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 17.00.2000.1517 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.0.0332 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2) (Version: version 2.0a - )
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
Seafile 3.0.4 (HKLM-x32\...\{0D56A3F4-7600-4280-91F8-0CDC43D5BFE3}) (Version: 3.0.4 - HaiWenHuZhi ltd.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Soldat 1.6.7 (HKLM-x32\...\Soldat_is1) (Version: 1.6.7 - Michal Marcinkowski)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-382975922-1326899409-4056930197-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07BA55C8-E8E6-4310-BCBA-2839FAF15396} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {07C87939-3388-4097-ADAB-F6E7E0E49778} - System32\Tasks\{A80626E0-8C3B-450C-AF2E-F5D6161600A6} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {124B3CF0-E4E8-43D8-90BE-FC2C7F98E38D} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-6 => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-6.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {1E889EAD-0EB4-463C-9127-C0267CBE027D} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {269480BA-E427-4A39-AE23-EE4FFEF3F635} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {29401A6D-FE7F-4C07-912E-BC76ADF01C8C} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {31C09448-7C8B-4A67-8EA1-B56AB7A64392} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {3B410747-809A-4500-83D5-FE5AD6F03017} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {4013EBB4-794B-484C-8D78-F55FFF9AEFD3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-28] (Microsoft Corporation)
Task: {4C00A456-23FD-4C31-9D99-4719F45314F8} - System32\Tasks\avast! Emergency Update => C:\Software\avast\AvastEmUpdate.exe [2014-10-01] (AVAST Software)
Task: {4D7CF5EC-479B-4E88-A141-E3A5220099E6} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2 => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-2.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {57518587-F976-4C4D-B9BC-737CE86199B9} - System32\Tasks\{121FEEE5-8FF7-4E07-91C3-75F4378FC190} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {58A079E0-3CAE-4337-8CFF-46A3DF1AD130} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5 => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {69D03FD1-19E3-4E56-B182-A69E348B02F4} - System32\Tasks\{9041B2D4-207B-4C2C-86FE-F90E5637094B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {6E7F21E6-793A-4114-98AC-95ACDA16A7B2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {84D0203C-81F1-4BBA-87E1-1272CFA6A1D1} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {A1DABF1F-7217-439F-9AB6-B7080AA118F6} - System32\Tasks\{C54A89D8-F4E2-4DEC-87BB-9CF0AD7C93E2} => Chrome.exe
Task: {A3DB7CB2-8320-4A06-BD49-039DF52ADA90} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Software\Matlab\bin\win64\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {AC00FBDD-40B1-4959-BD46-A25AEAE62778} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {B9A744C9-6A83-4B6A-81ED-4CF8A6DAEDDC} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11 => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-11.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {BE6274DC-BF19-46F5-8B9F-3C655BCE291C} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1 => C:\Program Files (x86)\Senses\Senses-codedownloader.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {C29C2FCD-FF52-41C2-BDB8-DB0B646F0F27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C67A168E-23B8-4F4E-8359-71A2A35863B8} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {C980F4B3-7ADD-4BEC-8573-EEDE39C56394} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-7 => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-7.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: {D51863F7-7EE6-4476-828C-ED383A7EFCDF} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {D9F6960B-0503-4632-9BC8-676CA7CC5BAB} - System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11 => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.exe [2014-09-30] (Object Browser) <==== ATTENTION
Task: {E4A8E9C0-E134-41F0-BA93-0618BD60B2D6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {F0F85EE1-7EC2-4A92-9065-D12AE1940397} - System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe [2014-09-30] (iWebar) <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1.job => C:\Program Files (x86)\Senses\Senses-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.job => C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-6.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-7.job => C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Software\Matlab\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2014-07-17 16:52 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-10 15:32 - 2014-03-20 01:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-06-10 15:27 - 2013-10-31 22:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-10 15:37 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-10-01 11:55 - 2014-10-01 11:55 - 00301152 _____ () C:\Software\avast\aswProperty.dll
2014-10-09 16:59 - 2014-10-09 16:59 - 02859008 _____ () C:\Software\avast\defs\14100901\algo.dll
2014-10-04 11:13 - 2014-09-24 02:09 - 03715184 _____ () C:\Software\Firefox\mozjs.dll
2014-10-01 11:55 - 2014-10-01 11:55 - 19329904 _____ () C:\Software\avast\libcef.dll
2014-10-06 10:37 - 2014-10-06 10:37 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

========================= Accounts: ==========================

Administrator (S-1-5-21-382975922-1326899409-4056930197-500 - Administrator - Disabled)
Chris (S-1-5-21-382975922-1326899409-4056930197-1000 - Administrator - Enabled) => C:\Users\Chris
Gast (S-1-5-21-382975922-1326899409-4056930197-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-382975922-1326899409-4056930197-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2014 06:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 04:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1690
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/09/2014 01:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 09:49:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 03:24:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 10:39:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (10/07/2014 09:34:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x13a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/07/2014 03:52:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 08:53:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1600
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/07/2014 08:31:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).


System errors:
=============
Error: (10/09/2014 06:41:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/09/2014 06:41:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YouTubeAcceleratorService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/09/2014 06:41:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\funfrm.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/09/2014 05:35:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (10/09/2014 05:35:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (10/09/2014 01:41:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/09/2014 01:41:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YouTubeAcceleratorService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/09/2014 01:41:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\funfrm.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/09/2014 09:49:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/09/2014 09:49:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YouTubeAcceleratorService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (10/09/2014 06:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 04:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b169001cfe3fb66257ea1C:\Software\Firefox\plugin-container.exeC:\Software\Firefox\mozalloc.dlla6f5fa30-4fee-11e4-815c-f0def1917869

Error: (10/09/2014 01:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 09:49:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 03:24:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 10:39:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (10/07/2014 09:34:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b13a001cfe28f8b4925eaC:\Software\Firefox\plugin-container.exeC:\Software\Firefox\mozalloc.dllddf286af-4e82-11e4-950c-f0def1917869

Error: (10/07/2014 03:52:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 08:53:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b160001cfe225408548f6C:\Software\Firefox\plugin-container.exeC:\Software\Firefox\mozalloc.dll8682c39b-4e18-11e4-8234-f0def1917869

Error: (10/07/2014 08:31:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8075.23 MB
Available physical RAM: 6126.68 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 14077.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:92.87 GB) (Free:33.06 GB) NTFS
Drive d: () (Removable) (Total:1.92 GB) (Free:0.28 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8CFA3D33)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 086D9369)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

==================== End Of Log ============================

schrauber 10.10.2014 19:18
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chris792 14.10.2014 16:13
so hier das Log-File von Combo-Fix:

Code:
ComboFix 14-10-13.01 - Chris 14.10.2014  11:52:29.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8075.6237 [GMT -3:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iWebar\b8190179-f708-4731-8dbf-447b89c9d69c.dll
c:\program files (x86)\iWebar\db9904f0-4a97-42cc-bbd9-9111b16967f8.dll
c:\program files (x86)\Senses\9b6b6e4f-c233-41cb-b9a6-5390dc73c9fd.dll
c:\program files (x86)\Senses\ba041e1e-42b9-42eb-84ea-fd3bf1493236.dll
c:\programdata\Roaming
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-14 bis 2014-10-14  ))))))))))))))))))))))))))))))
.
.
2014-10-14 15:04 . 2014-10-14 15:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-14 14:53 . 2014-10-14 14:53        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8498739E-D4D9-41B6-BCF8-E3F986A189E3}\offreg.dll
2014-10-14 14:45 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8498739E-D4D9-41B6-BCF8-E3F986A189E3}\mpengine.dll
2014-10-10 00:54 . 2014-10-10 00:55        --------        d---a-w-        C:\.Trash-999
2014-10-09 21:45 . 2014-10-09 21:48        --------        d-----w-        C:\FRST
2014-10-06 14:38 . 2014-10-06 14:38        --------        d-----w-        c:\users\Chris\AppData\Local\Macromedia
2014-10-06 13:37 . 2014-10-06 13:37        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-06 13:37 . 2014-10-06 13:37        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-06 13:37 . 2014-10-06 13:37        --------        d-----w-        c:\windows\SysWow64\Macromed
2014-10-06 13:37 . 2014-10-06 13:37        --------        d-----w-        c:\windows\system32\Macromed
2014-10-06 13:36 . 2014-10-06 13:47        --------        d-----w-        c:\users\Chris\AppData\Local\Adobe
2014-10-04 14:15 . 2014-10-04 14:15        --------        d-----w-        c:\users\Chris\AppData\Local\Mozilla
2014-10-04 14:13 . 2014-10-04 14:13        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2014-10-01 15:05 . 2014-10-01 15:05        --------        d-----w-        c:\users\Chris\AppData\Roaming\AVAST Software
2014-10-01 14:55 . 2014-10-01 14:56        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-10-01 14:55 . 2014-10-01 14:55        92008        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2014-10-01 14:55 . 2014-10-01 14:55        224896        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-10-01 14:55 . 2014-10-01 14:55        1041168        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-10-01 14:55 . 2014-10-01 14:55        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-10-01 14:55 . 2014-10-01 14:55        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-10-01 14:55 . 2014-10-01 14:55        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-10-01 14:55 . 2014-10-01 14:55        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-10-01 14:55 . 2014-10-01 14:55        307344        ----a-w-        c:\windows\system32\aswBoot.exe
2014-10-01 14:55 . 2014-10-01 14:55        43152        ----a-w-        c:\windows\avastSS.scr
2014-10-01 13:38 . 2014-09-25 02:08        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-10-01 13:38 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-10-01 04:10 . 2014-10-01 04:10        --------        d-----w-        c:\program files (x86)\Skype
2014-10-01 01:41 . 2014-10-01 01:41        --------        d-----w-        c:\users\Chris\AppData\Local\globalUpdate
2014-10-01 01:41 . 2014-10-01 01:41        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-10-01 01:41 . 2014-10-14 15:03        --------        d-----w-        c:\program files (x86)\Senses
2014-10-01 01:41 . 2014-10-14 15:03        --------        d-----w-        c:\program files (x86)\iWebar
2014-10-01 01:22 . 2014-10-01 01:22        --------        d-----w-        c:\programdata\YTAHelper
2014-10-01 01:21 . 2014-10-01 01:21        172032        ----a-w-        c:\windows\SysWow64\AniGIF.ocx
2014-10-01 01:21 . 2014-10-01 01:21        --------        d-----w-        c:\users\Chris\AppData\Local\Installer
2014-10-01 01:21 . 2014-10-01 01:21        --------        d-----w-        c:\users\Chris\AppData\Local\CrashRpt
2014-09-30 17:24 . 2014-09-30 17:24        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-09-23 21:05 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-23 21:05 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-26 13:11 . 2014-07-17 19:59        590536        ----a-w-        c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-15 12:06 . 2010-11-21 03:27        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-11 06:02 . 2014-06-23 16:56        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-09-05 02:10 . 2014-09-11 02:36        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 02:36        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-30 15:10 . 2014-06-16 17:47        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-30 15:10 . 2014-06-16 17:48        319912        ----a-w-        c:\windows\system32\javaws.exe
2014-08-30 15:10 . 2014-06-16 17:47        191400        ----a-w-        c:\windows\system32\javaw.exe
2014-08-30 15:10 . 2014-06-16 17:47        190888        ----a-w-        c:\windows\system32\java.exe
2014-08-30 15:09 . 2014-08-27 01:33        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-28 16:19 . 2014-08-28 16:20        98344        ----a-w-        c:\windows\system32\drivers\btwaudio.sys
2014-08-28 16:19 . 2014-08-28 16:20        35104        ----a-w-        c:\windows\system32\drivers\btwl2cap.sys
2014-08-28 16:19 . 2014-08-28 16:20        132648        ----a-w-        c:\windows\system32\drivers\btwavdt.sys
2014-08-28 16:19 . 2014-08-28 16:19        54824        ----a-w-        c:\windows\system32\drivers\btusbflt.sys
2014-08-28 16:19 . 2014-08-28 16:20        21288        ----a-w-        c:\windows\system32\drivers\btwrchid.sys
2014-08-23 02:07 . 2014-08-28 01:25        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 01:25        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 01:25        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 06:12        374968        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 06:12        23591424        ----a-w-        c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 06:12        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 06:12        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 06:12        2793984        ----a-w-        c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 06:12        5833728        ----a-w-        c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 06:12        547328        ----a-w-        c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 06:12        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 06:12        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 06:12        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 06:12        51200        ----a-w-        c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 06:12        4232704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 06:12        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 06:12        596480        ----a-w-        c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 06:12        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 06:12        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 06:12        758272        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 06:12        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 06:12        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 06:12        446464        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 06:12        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 06:12        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 06:12        72704        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 06:12        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 06:12        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 06:12        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 06:12        85504        ----a-w-        c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 06:12        289280        ----a-w-        c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 06:12        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 06:12        597504        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 06:12        727040        ----a-w-        c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 06:12        707072        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 06:12        2104832        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 06:12        1249280        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 06:12        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 06:12        13588480        ----a-w-        c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 06:12        2310656        ----a-w-        c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 06:12        2014208        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 06:12        1068032        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 06:12        1447424        ----a-w-        c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 06:12        1812992        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 06:12        775168        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-08-02 19:27 . 2014-08-02 19:27        53136        ----a-w-        c:\windows\SysWow64\drivers\funfrm.sys
2014-08-02 19:27 . 2014-08-02 19:27        1024000        ----a-w-        c:\windows\SysWow64\CamOpEx.dll
2014-08-02 19:27 . 2014-08-02 19:27        626688        ----a-w-        c:\windows\msvcr80.dll
2014-08-02 19:27 . 2014-08-02 19:27        57344        ----a-w-        c:\windows\AsfHelper.dll
2014-08-01 11:53 . 2014-09-11 02:43        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 02:43        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 05:35 . 2014-07-25 05:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 02:47 . 2014-07-25 02:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-28 15:26        1729232        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-28 15:26        1729232        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-28 15:26        1729232        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-17 113656]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-20 6390104]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"AvastUI.exe"="c:\software\avast\AvastUI.exe" [2014-10-01 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0aswBoot.exe /M:102879cd /wow /dir:c:\software\avast
.
R1 funfrm;funfrm; [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\software\Teamviewer\TeamViewer_Service.exe;c:\software\Teamviewer\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1.job
- c:\program files (x86)\Senses\Senses-codedownloader.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.exe [2014-10-01 01:41]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.exe [2014-10-01 01:41]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.job
- c:\program files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11.job
- c:\program files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-11.exe [2014-10-01 01:41]
.
2014-10-14 c:\windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2.job
- c:\program files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-2.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5.job
- c:\program files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user.job
- c:\program files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe [2014-10-01 01:42]
.
2014-10-14 c:\windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-6.job
- c:\program files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-6.exe [2014-10-01 01:41]
.
2014-10-14 c:\windows\Tasks\MATLAB R2014a Startup Accelerator.job
- c:\software\Matlab\bin\win64\MATLABStartupAccelerator.exe [2014-07-17 10:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-28 15:26        2334416        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-28 15:26        2334416        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-28 15:26        2334416        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-01 14:55        634872        ----a-w-        c:\software\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-30 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-30 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-30 442352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 172.20.0.10 200.69.24.10
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110611191115} - (no file)
BHO-{11111111-1111-1111-1111-110611511123} - (no file)
BHO-{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-LinuxLive USB Creator - d:\software\Linux\Installation auf Stick\LinuxLive-Installation\LinuxLive USB Creator\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-14  12:09:06
ComboFix-quarantined-files.txt  2014-10-14 15:09
.
Vor Suchlauf: 13 Verzeichnis(se), 34.803.634.176 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 34.647.728.128 Bytes frei
.
- - End Of File - - 818879F61EDC22846DE010529AC85056
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.10.2014 12:03
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Chris792 18.10.2014 00:55
Ich habe nun alles nach Anleitung ausgeführt.
Anbei die Log-Files:

MalwareBites
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17.10.2014
Scan Time: 19:38:50
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.09.19.05
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319640
Time Elapsed: 11 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 39
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622512223}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644514423}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655515523}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666516623}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655515523}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666516623}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644514423}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\68671f62832e4803b34065d441f9a2210065123.Sandbox.1, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\68671f62832e4803b34065d441f9a2210065123.Sandbox, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\68671f62832e4803b34065d441f9a2210065123.Sandbox, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\68671f62832e4803b34065d441f9a2210065123.Sandbox.1, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622512223}, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, Quarantined, [3e43628d2c4fb28461e9a9832ed5817f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [2b5649a604779e9896b474b841c2dd23],
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\iWebar, Quarantined, [592808e7a0dbbf77a91187cfcd37f907],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [0e73c12e2f4ca096ed384ac7f310d927],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, Quarantined, [6b1623cc2259a88e4cfe111bb053ad53],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [552cdb140d6e8caa50fa54d8ea1922de],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [1a67bf30cbb02a0cb974fc76a46043bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [027f1dd26417e056cb639ad8c93bd729],
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, Quarantined, [d2afe30c3b4093a36e90c76cb74c7a86],
PUP.Optional.iWebar.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, Quarantined, [9be625ca4b30fc3a40be092a56adcb35],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, Quarantined, [d7aaa24d4932bc7a57625ba95fa458a8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [cdb49c534c2ffd39cdec50b4a75c5da3],
PUP.Optional.iWebar.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, Quarantined, [7a077e71ec8f24127ff1dd58857e966a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, Quarantined, [3a47fef1bebdef478a9294d0f50fda26],
PUP.Optional.Softonic.A, HKU\S-1-5-21-382975922-1326899409-4056930197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [daa731be2259e650b21561c6f60d17e9],

Registry Values: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [0e73c12e2f4ca096ed384ac7f310d927]

Registry Data: 0
(No malicious items detected)

Folders: 22
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Users\Chris\AppData\LocalLow\iWebar, Quarantined, [9ce5c728ccaf69cddafdc2168b774eb2],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{33E3282F-C1EC-400D-A042-B770989CA00C}, Quarantined, [dba61ed1afcc9a9cc61222cd966cec14],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\defaults, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\defaults\preferences, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\userCode, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\locale, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\locale\en-US, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin, Quarantined, [ed94767995e69b9b11bb52a427db8d73],

Files: 187
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-11.exe, Quarantined, [1e63d41b2d4e5bdba4216cc66d94c23e],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-2.exe, Quarantined, [82ff7b7425569c9a675e61d136cb758b],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-5.exe, Quarantined, [6c153fb0e3981d19b80d36fc31d055ab],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3-64.exe, Quarantined, [6819618e0b70f83e903501313ec37d83],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-bg.exe, Quarantined, [3c4538b73a4184b210b5d2603bc613ed],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-bho.dll, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-bho64.dll, Quarantined, [96eb737cde9dbf77794cd45e02ff1de3],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-buttonutil.exe, Quarantined, [8bf69e5198e31a1c9431230f52af22de],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-buttonutil64.exe, Quarantined, [265b717e007b0333af16a38ff30e2bd5],
PUP.Optional.crossRider.A, C:\Program Files (x86)\iWebar\utils.exe, Quarantined, [a5dc8867d3a80b2b4fc972ce0000b64a],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho.dll, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho64.dll, Quarantined, [7b06d11e69123ef84dd3951d30d133cd],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.exe, Quarantined, [daa73fb083f870c6aa76704222df5ba5],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.exe, Quarantined, [daa7da15007bb38378a8b6fccf321ae6],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.exe, Quarantined, [4e337976443783b327f93a780cf503fd],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.exe, Quarantined, [453ca7488eed0135ac74fcb6ff027c84],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.exe, Quarantined, [daa736b983f859dd21ff684ac83925db],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-64.exe, Quarantined, [ceb36887c7b4152168b87b3739c89868],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.exe, Quarantined, [463b5b94b8c339fd2df36e4459a86f91],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bg.exe, Quarantined, [b8c924cb6615a195c25e0fa327dac23e],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-buttonutil.exe, Quarantined, [9be622cdaccf102629f7377b37ca29d7],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-buttonutil64.exe, Quarantined, [97ea0be4c2b9092d1f01eac8c23fe51b],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-codedownloader.exe, Quarantined, [0180a946c0bb6bcba37d793924ddad53],
PUP.Optional.crossRider.A, C:\Program Files (x86)\Senses\utils.exe, Quarantined, [4a37af40097273c3ac6cbb85c43c8878],
PUP.Optional.GoobZo, C:\Users\Chris\AppData\Local\Installer\Installiwebar_28528\delay.exe, Quarantined, [a5dcae416d0e2016576f06eb22e27e82],
PUP.Optional.GoobZo, C:\Users\Chris\AppData\Local\Installer\Installsense_28095\delay.exe, Quarantined, [f28fc728bac1f6403a8ccb26e321bf41],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\background.html, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\1293297481.mxaddon, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184.crx, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\4696d05c-2f34-43ae-be32-b1dc97f8c184.xpi, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\64b8168d-d368-4f6b-93ff-fb57e8a4b674.crx, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\9b6b6e4f-c233-41cb-b9a6-5390dc73c9fd.crx, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\bgNova.html, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-buttonutil.dll, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-buttonutil64.dll, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses.ico, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Uninstall.exe, Quarantined, [334ef0ff5d1e092dca3df3162fd45ea2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1, Quarantined, [94ed27c81c5f063025fba56c4cb7b44c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11, Quarantined, [a5dc31be700b3105a67a3cd5996afa06],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3, Quarantined, [225fb33cdf9cfe38f62aea2728db926e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4, Quarantined, [354cc22d2853072f958b828f768df10f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5, Quarantined, [414038b7f685b28449d70a07bb48916f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user, Quarantined, [8af7549b4c2fc96de53b25ec798a8080],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6, Quarantined, [ea979758c5b6d363a37dd041ba49c937],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7, Quarantined, [0180f8f75a213df917098f82eb18956b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11, Quarantined, [bfc2f2fdb9c286b0b0700d04c142ce32],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2, Quarantined, [740d2ec14f2ce650cb552ce5fe05f50b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5, Quarantined, [4b36816efb807fb7cf51858c2dd641bf],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user, Quarantined, [f1900ce35724dc5a36ea1af75ea521df],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\background.html, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\1293297481.mxaddon, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\1a2f7a77-f02f-4409-9091-dd132ebc2f4c.crx, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3.crx, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\53385511-d284-4bcb-bcee-b6b52521c8e3.xpi, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\bgNova.html, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-buttonutil.dll, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar-buttonutil64.dll, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\iWebar.ico, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.iWebar.A, C:\Program Files (x86)\iWebar\Uninstall.exe, Quarantined, [e69b846b37440b2bbbfdf561c143b749],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-1.job, Quarantined, [324f628df98251e5b3f2541bee16817f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-11.job, Quarantined, [b7caa847dba049ed980d056acc387f81],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-3.job, Quarantined, [ccb58f604e2de1550c99f37c21e33ec2],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-4.job, Quarantined, [3e4327c8fb8023134f5699d6ac581ce4],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5.job, Quarantined, [463b05ea314a8ea830757ff0dd275ca4],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-5_user.job, Quarantined, [0081fcf389f276c08d184a25af55946c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-6.job, Quarantined, [e29fdc1339421026990ce68953b1c13f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4696d05c-2f34-43ae-be32-b1dc97f8c184-7.job, Quarantined, [2f52915e3d3eca6caef7c5aabc48bc44],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-11.job, Quarantined, [84fd4aa52e4d51e5089d79f611f37d83],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-2.job, Quarantined, [c9b8ba353942270f4c59125d19ebf709],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5.job, Quarantined, [800142ad94e7bc7abfe63a35f1136e92],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\53385511-d284-4bcb-bcee-b6b52521c8e3-5_user.job, Quarantined, [8ef3529d85f6979f51549dd28d77aa56],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome.manifest, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\install.rdf, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\257572ad8e80dbc696d34d8e3c3768a0.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\60505addc8adf9537521673f78cda741.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\82c4d4d23617edec75e0134f06b16b79.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\background.html, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\bcff9a2db65bf2194b345f9989a55b5a.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\browser.xul, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\dialog.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\e192902fadc0348c56d9bc43655c931a.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\ec99f0666f6ea163a82017cd4c69e0e8.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\options.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\options.xul, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\search_dialog.xul, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\22e7f6425bfe3545715758d527af9f69.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\7974916360cf3cf50bee1d39a5f379e0.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\7c58afff6a2f2ee3508d9f1400259354.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\8f4fac5fe31d653b464719f89fa9baee.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\93223383b389ac3b0469b37639d4ee6c.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\a811ccebeff3c64078de58fa3df0eff5.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\afae649f09f20d42fcde5ca6d09f7d87.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\c1822905f61470a2b5494cde24b05500.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\cff70a8cf85b25b5f604e80de6d2024d.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\dad61f127eeaa71915c41785bda26a20.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\daf901bb0e9b55ce24ed9facbd7cf5c0.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\e30e7acae9f80c25ea695d021ed63a6d.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\e4d509279f6526e84f39de4d37869b3b.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\eb875a7a13d080bac3161cf46f1d9ad7.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\f2e9732f7e5a9dd21bb676efb44696c4.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\api\f78b172734801cf4072b7eb4087bc986.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\0364472ef8c814e6fce811cb10e8c9ac.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\070e7b68f345ea0f655d4b09f25289d8.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\0831108ab7fceb990b5009609296bfb9.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\1f3298021c7474d67cbaee141117975e.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\200918703f04e10b56c8e7edd7a12d6e.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\28282577da88a45071880304e2899bdc.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\45f1a18c64c8f9da4edff293ca376d41.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\8181d2702b6318d20a0e7742faf3ddeb.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\9c1ce30aa76a99e88fb3e8d91df3e908.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\a1825d9d6dbd4e615e72df0986a239e9.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\a5e78c9376116c83373065e534a7524f.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\a82ebe43a2b99a42544ddee1631af682.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\cb2744645362940f13329cf3a097a253.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\d185a25ee43c131eb7fa9f9f5cfa11c9.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\d5483cc98c97a7c413e955b4a430b73c.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\dbbec850d3e0ad21a5ba132530c95578.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\dc9402c541e21b591b927474cb7bae5c.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\e40b1481d133f2d593fe615e624ea698.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\f12c71256b433217b3ef7fe5d916d003.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\fa803f74c0f9f43e2b98c8789b48f719.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\chrome\content\core\installer.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\defaults\preferences\prefs.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\manifest.xml, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins.json, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\223.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\1.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\102.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\104.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\123.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\13.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\14.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\16.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\17.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\177.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\180.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\182.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\183.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\184.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\192.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\193.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\195.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\207.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\21.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\22.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\220.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\221.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\226.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\239.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\244.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\246.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\262.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\263.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\268.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\273.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\28.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\281.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\288.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\300.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\4.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\47.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\64.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\7.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\72.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\78.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\9.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\91.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\plugins\98.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\userCode\background.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\extensionData\userCode\extension.js, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\locale\en-US\translations.dtd, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\button1.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\button2.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\button3.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\button4.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\button5.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\crossrider_statusbar.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\icon128.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\icon16.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\icon24.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\icon48.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\panelarrow-up.png, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\popup.html, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\skin.css, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\extensions\warnerroberts@hotmail.com\skin\update.css, Quarantined, [ed94767995e69b9b11bb52a427db8d73],
PUP.Optional.CrossRider.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "148ea6328f4af0fd8a0d2efebbf55af7");), Replaced,[770ab43badcecd696a7c3800dd28ac54]

Physical Sectors: 0
(No malicious items detected)


(end)
AdwCleaner
AdwCleaner Logfile:
Code:
# AdwCleaner v4.000 - Bericht erstellt am 17/10/2014 um 20:11:44
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Chris - CHRIS-PC
# Gestartet von : C:\Users\Chris\Downloads\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : YouTubeAcceleratorService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Chris\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\Goobzo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Ordner Gelöscht : C:\ProgramData\YTAHelper

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Goobzo
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Goobzo
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\iWebar-nv
Schlüssel Gelöscht : HKLM\SOFTWARE\Senses-nv
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\iWebar-nv
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Senses-nv

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[oib0uo3x.default] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A838651%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%2[...]
[oib0uo3x.default] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20t%3Dnew%20RegExp[...]
[oib0uo3x.default] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
[oib0uo3x.default] - Zeile gelöscht : user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22[...]
[oib0uo3x.default] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "148ea6328f4af0fd8a0d2efebbf55af7");

*************************

AdwCleaner[R0].txt - [7144 octets] - [17/10/2014 20:05:31]
AdwCleaner[S0].txt - [6821 octets] - [17/10/2014 20:11:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6881 octets] ##########
--- --- ---

[/CODE]


JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by Chris on 17.10.2014 at 20:16:44,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.10.2014 at 20:25:28,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST_fresh

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Chris (administrator) on CHRIS-PC on 17-10-2014 20:41:18
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Software\avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Software\Teamviewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(AVAST Software) C:\Software\avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Software\Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Software\avast\AvastUI.exe [4085896 2014-10-01] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Software\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A7228DDD84CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {11111111-1111-1111-1111-110611191115} ->  No File
BHO: No Name -> {11111111-1111-1111-1111-110611511123} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.20.0.10 200.69.24.10

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Software\avast\WebRep\FF
FF Extension: avast! Online Security - C:\Software\avast\WebRep\FF [2014-10-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Software\Firefox\firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Software\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Software\avast\AvastSvc.exe [50344 2014-10-01] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 TeamViewer9; C:\Software\Teamviewer\TeamViewer_Service.exe [5052224 2014-08-06] (TeamViewer GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-01] ()
S1 funfrm; C:\Windows\SysWow64\Drivers\funfrm.sys [53136 2014-08-02] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 20:39 - 2014-10-17 20:39 - 02112000 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-10-17 20:25 - 2014-10-17 20:26 - 00000625 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-10-17 20:16 - 2014-10-17 20:16 - 00000000 ____D () C:\Windows\ERUNT
2014-10-17 20:14 - 2014-10-17 20:14 - 00006977 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-10-17 20:04 - 2014-10-17 20:12 - 00000000 ____D () C:\AdwCleaner
2014-10-17 19:58 - 2014-10-17 19:58 - 00046952 _____ () C:\Users\Chris\Desktop\mbam.txt
2014-10-17 19:26 - 2014-10-17 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 19:26 - 2014-10-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 19:25 - 2014-10-17 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:25 - 2014-10-17 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 20:24 - 2014-10-16 20:23 - 01705698 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2014-10-16 20:24 - 2014-10-16 20:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-16 20:24 - 2014-10-16 20:20 - 01976320 _____ () C:\Users\Chris\Downloads\AdwCleaner_4.000.exe
2014-10-14 14:06 - 2014-10-14 14:06 - 00000000 ____D () C:\Users\Chris\Documents\Adobe
2014-10-14 14:04 - 2014-10-14 14:04 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-14 13:38 - 2014-10-14 13:38 - 00002035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-10-14 13:38 - 2014-10-14 13:38 - 00002015 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-10-14 13:38 - 2014-10-14 13:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-14 13:36 - 2014-10-14 13:36 - 00000000 ____D () C:\Program Files\Adobe
2014-10-14 12:56 - 2014-10-14 12:56 - 00000000 ___RD () C:\Users\Chris\Creative Cloud Files
2014-10-14 12:51 - 2014-10-14 13:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 12:50 - 2014-10-14 12:50 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-10-14 12:50 - 2014-10-14 12:50 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-10-14 12:50 - 2014-10-14 12:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-14 12:41 - 2014-10-14 12:41 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Chris\Downloads\CreativeCloudSet-Up.exe
2014-10-14 12:09 - 2014-10-14 12:09 - 00026656 _____ () C:\Users\Chris\Desktop\ComboFix.txt
2014-10-14 11:49 - 2014-10-14 12:09 - 00000000 ____D () C:\Qoobox
2014-10-14 11:49 - 2014-10-14 12:05 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 11:49 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 11:49 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 11:49 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 21:54 - 2014-10-09 21:55 - 00000000 ____D () C:\.Trash-999
2014-10-09 18:47 - 2014-10-09 18:48 - 00031506 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-10-09 18:45 - 2014-10-17 20:42 - 00013347 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-10-09 18:45 - 2014-10-17 20:41 - 00000000 ____D () C:\FRST
2014-10-08 23:14 - 2014-10-08 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-10-06 20:02 - 2014-10-06 20:07 - 00000576 _____ () C:\Users\Chris\Desktop\MonitorOff.lnk
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Macromedia
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\Macromedia
2014-10-06 10:37 - 2014-10-06 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 10:37 - 2014-10-06 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 10:36 - 2014-10-17 12:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-10-06 10:09 - 2014-10-06 10:09 - 03453440 _____ () C:\Users\Chris\Downloads\Programacion_control_y_ejecucion_del_movimiento_2008.ppt
2014-10-05 10:35 - 2014-10-05 10:35 - 00000083 _____ () C:\Users\Chris\Desktop\Zitatesammlung.txt
2014-10-05 09:25 - 2014-10-17 20:36 - 00002083 _____ () C:\Windows\setupact.log
2014-10-05 09:25 - 2014-10-17 20:13 - 00078472 _____ () C:\Windows\PFRO.log
2014-10-05 09:25 - 2014-10-05 09:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 11:20 - 2014-10-04 11:20 - 00000000 ____D () C:\Windows\pss
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Local\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 21:32 - 2014-10-02 21:32 - 00000000 ____D () C:\Users\Chris\Desktop\Asimov_Foundation
2014-10-02 14:09 - 2014-10-02 14:09 - 00007607 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-10-02 08:36 - 2014-10-02 08:36 - 00028250 _____ () C:\Users\Chris\Documents\bookmarks_02.10.14.html
2014-10-01 12:05 - 2014-10-01 12:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-01 11:56 - 2014-10-01 11:56 - 00001678 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-01 11:56 - 2014-10-01 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-01 11:55 - 2014-10-17 20:00 - 00004142 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-01 11:55 - 2014-10-01 11:56 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-01 11:55 - 2014-10-01 11:55 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-01 11:55 - 2014-10-01 11:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-01 10:50 - 2014-10-01 10:50 - 00001012 _____ () C:\Users\Chris\Desktop\calibre.lnk
2014-10-01 10:38 - 2014-09-24 23:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:38 - 2014-09-24 22:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 01:10 - 2014-10-01 01:10 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-30 23:59 - 2014-09-30 23:59 - 00002984 _____ () C:\Windows\System32\Tasks\{C54A89D8-F4E2-4DEC-87BB-9CF0AD7C93E2}
2014-09-30 22:22 - 2014-09-30 23:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-30 22:21 - 2014-09-30 22:21 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashRpt
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-09-30 16:08 - 2014-10-14 16:24 - 00000000 ____D () C:\Users\Chris\Documents\Buchprojekt
2014-09-30 14:24 - 2014-10-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-30 14:15 - 2014-09-30 14:16 - 06004224 _____ () C:\Users\Chris\Downloads\SintNuc1.ppt
2014-09-30 14:15 - 2014-09-30 14:15 - 05917987 _____ () C:\Users\Chris\Downloads\SintNuc1.pptx
2014-09-29 10:32 - 2014-09-29 10:32 - 04305874 _____ () C:\Users\Chris\Downloads\X-Plane10DemoInstallerWindows.zip
2014-09-23 18:05 - 2014-09-09 19:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:05 - 2014-09-09 18:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 10:51 - 2014-09-17 10:51 - 00001113 _____ () C:\Users\Chris\Downloads\matlab2.m
2014-09-17 10:51 - 2014-09-17 10:51 - 00000592 _____ () C:\Users\Chris\Downloads\simulation.m

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 20:40 - 2011-04-12 04:43 - 00699134 _____ () C:\Windows\system32\perfh007.dat
2014-10-17 20:40 - 2011-04-12 04:43 - 00149242 _____ () C:\Windows\system32\perfc007.dat
2014-10-17 20:40 - 2009-07-14 02:13 - 01618440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 20:39 - 2014-07-17 17:41 - 00000498 ____H () C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2014-10-17 20:36 - 2014-06-10 14:46 - 02039422 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 20:36 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 20:20 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 20:20 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 19:49 - 2014-06-16 14:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-10-17 19:29 - 2014-08-03 17:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ViberPC
2014-10-17 19:29 - 2014-08-03 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Local\Viber
2014-10-17 12:42 - 2014-09-13 23:17 - 00000000 ____D () C:\Users\Chris\Documents\MATLAB
2014-10-14 22:10 - 2014-08-04 17:33 - 00000000 ___RD () C:\Users\Chris\Dropbox
2014-10-14 22:09 - 2014-08-04 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2014-10-14 16:39 - 2014-08-31 07:55 - 00000000 ____D () C:\Users\Chris\Desktop\Fotos_temp
2014-10-14 16:30 - 2014-06-10 15:43 - 00000000 ____D () C:\Software
2014-10-14 14:06 - 2014-06-23 14:37 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe
2014-10-14 12:56 - 2014-06-10 14:46 - 00000000 ____D () C:\Users\Chris
2014-10-14 12:50 - 2014-06-10 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 12:09 - 2009-07-14 00:20 - 00000000 __RHD () C:\Users\Default
2014-10-14 12:04 - 2009-07-13 23:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-09 11:02 - 2014-08-25 10:40 - 00000000 ____D () C:\Users\Chris\Desktop\Raspberry Pi
2014-10-09 02:25 - 2014-09-16 22:47 - 00000324 _____ () C:\Users\Chris\Desktop\todo.txt
2014-10-08 12:03 - 2014-07-19 16:42 - 00000464 _____ () C:\Users\Chris\Desktop\bbb.txt
2014-10-06 22:59 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 12:53 - 2014-08-26 23:06 - 00000000 ____D () C:\Users\Chris\Documents\Uni BsAs
2014-10-01 11:54 - 2014-06-10 15:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-01 11:44 - 2014-06-16 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:15 - 2014-08-31 19:20 - 00000000 ____D () C:\Users\Chris\Documents\Calibre-Bibliothek
2014-10-01 10:39 - 2014-09-09 18:24 - 00000207 _____ () C:\Users\Chris\Desktop\goodtoknow.txt
2014-10-01 10:19 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-30 23:17 - 2014-06-10 15:51 - 00000075 _____ () C:\Users\Chris\Desktop\Programme.txt
2014-09-28 12:29 - 2014-07-17 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-20 01:11 - 2014-08-04 17:33 - 00001017 _____ () C:\Users\Chris\Desktop\Dropbox.lnk
2014-09-20 01:11 - 2014-08-04 17:31 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8nmmdh.dll
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 22:52

==================== End Of Log ============================
--- --- ---

schrauber 18.10.2014 15:54

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Chris792 19.10.2014 22:14
Hier sind nun die restlichen drei Logs.

Das Internet geht wieder flüssig. Nur manchmal ist es äußerst langsam, was aber auch gut am Provider hier in Buenos Aires liegen kann....

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e50f8822a1ad7b4fb06f9459c39cf9f5
# engine=20667
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-19 08:48:00
# local_time=2014-10-19 05:48:00 (-0300, Argentinien Normalzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 654837 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165295130 0 0
# scanned=512363
# found=4
# cleaned=0
# scan_time=66355
sh=25B0D10131D7E6CE06C35FC17D35FBC0155E3B92 ft=1 fh=be8ecd58c861b44a vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YTAHelper\YTAHelper.dll.vir"
sh=581325C2EBB33D0C8BAE0DE33BC52CEA6590066B ft=1 fh=7d04ca83fddadfa4 vn="Variante von Win32/Toolbar.CrossRider.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\iWebar\db9904f0-4a97-42cc-bbd9-9111b16967f8.dll.vir"
sh=E00237337A15D4BCC7EE57BD412365081BA2D364 ft=1 fh=79d9b9fc94e97fbd vn="Variante von Win32/Toolbar.CrossRider.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Senses\9b6b6e4f-c233-41cb-b9a6-5390dc73c9fd.dll.vir"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="E:\Software\Treiber Lenovo\Lenovo_Treiber_Update_06-2014.exe"
Security-Check:
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Java 8 Update 20 
 Adobe Flash Player 15.0.0.152 
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent```````` 
 avast AvastSvc.exe 
 avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
neuester FRST-Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Chris (administrator) on CHRIS-PC on 19-10-2014 18:02:55
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Software\avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Software\Teamviewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(AVAST Software) C:\Software\avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Software\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Software\avast\AvastUI.exe [4085896 2014-10-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Software\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A7228DDD84CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {11111111-1111-1111-1111-110611191115} ->  No File
BHO: No Name -> {11111111-1111-1111-1111-110611511123} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Software\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.20.0.10 200.69.24.10

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oib0uo3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Software\avast\WebRep\FF
FF Extension: avast! Online Security - C:\Software\avast\WebRep\FF [2014-10-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Software\Firefox\firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Software\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Software\avast\AvastSvc.exe [50344 2014-10-01] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 TeamViewer9; C:\Software\Teamviewer\TeamViewer_Service.exe [5052224 2014-08-06] (TeamViewer GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-01] ()
S1 funfrm; C:\Windows\SysWow64\Drivers\funfrm.sys [53136 2014-08-02] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 18:02 - 2014-10-19 18:02 - 00000718 _____ () C:\Users\Chris\Desktop\checkup_securityCheck.txt
2014-10-18 23:19 - 2014-10-18 23:19 - 00854417 _____ () C:\Users\Chris\Desktop\SecurityCheck.exe
2014-10-18 23:15 - 2014-10-18 23:15 - 02347384 _____ (ESET) C:\Users\Chris\Desktop\esetsmartinstaller_deu.exe
2014-10-17 20:42 - 2014-10-17 20:42 - 00028060 _____ () C:\Users\Chris\Desktop\FRST_fresh.txt
2014-10-17 20:39 - 2014-10-17 20:39 - 02112000 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-10-17 20:25 - 2014-10-17 20:26 - 00000625 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-10-17 20:16 - 2014-10-17 20:16 - 00000000 ____D () C:\Windows\ERUNT
2014-10-17 20:14 - 2014-10-17 20:14 - 00006977 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-10-17 20:04 - 2014-10-17 20:12 - 00000000 ____D () C:\AdwCleaner
2014-10-17 19:58 - 2014-10-17 19:58 - 00046952 _____ () C:\Users\Chris\Desktop\mbam.txt
2014-10-17 19:26 - 2014-10-17 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 19:26 - 2014-10-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 19:25 - 2014-10-17 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:25 - 2014-10-17 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 13:09 - 2014-10-06 23:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 13:09 - 2014-10-06 23:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 13:09 - 2014-09-25 19:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 13:09 - 2014-09-25 19:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 13:09 - 2014-09-25 19:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 13:09 - 2014-09-25 19:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 13:09 - 2014-09-25 19:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 13:09 - 2014-09-25 19:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 13:09 - 2014-09-25 19:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 13:09 - 2014-09-18 23:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 13:09 - 2014-09-18 22:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 13:09 - 2014-09-18 22:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 13:09 - 2014-09-18 22:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 13:09 - 2014-09-18 22:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 13:09 - 2014-09-18 22:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 13:09 - 2014-09-18 22:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 13:09 - 2014-09-18 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 13:09 - 2014-09-18 22:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 13:09 - 2014-09-18 22:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 13:09 - 2014-09-18 22:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 13:09 - 2014-09-18 22:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 13:09 - 2014-09-18 22:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 13:09 - 2014-09-18 22:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 13:09 - 2014-09-18 22:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 13:09 - 2014-09-18 22:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 13:09 - 2014-09-18 22:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 13:09 - 2014-09-18 22:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 13:09 - 2014-09-18 22:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 13:09 - 2014-09-18 22:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 13:09 - 2014-09-18 22:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 13:09 - 2014-09-18 22:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 13:09 - 2014-09-18 22:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 13:09 - 2014-09-18 22:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 13:09 - 2014-09-18 22:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 13:09 - 2014-09-18 22:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 13:09 - 2014-09-18 21:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 13:09 - 2014-09-18 21:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 13:09 - 2014-09-18 21:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 13:09 - 2014-09-18 21:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 13:09 - 2014-09-18 21:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 13:09 - 2014-09-18 21:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 13:09 - 2014-09-18 21:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 13:09 - 2014-09-18 21:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 13:09 - 2014-09-18 21:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 13:09 - 2014-09-18 21:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 13:09 - 2014-09-18 21:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 13:09 - 2014-09-18 21:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 13:09 - 2014-09-18 21:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 13:09 - 2014-09-18 21:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 13:09 - 2014-09-18 21:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 13:09 - 2014-09-18 21:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 13:09 - 2014-09-18 21:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 13:09 - 2014-09-18 20:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 13:09 - 2014-09-18 20:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 13:09 - 2014-09-18 20:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 13:09 - 2014-09-18 20:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 13:05 - 2014-09-28 21:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 13:05 - 2014-06-18 19:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 13:05 - 2014-06-18 19:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 13:05 - 2014-06-18 19:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 13:05 - 2014-06-18 19:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 13:05 - 2014-06-18 19:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 13:05 - 2014-06-18 19:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 13:04 - 2014-10-09 23:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 13:04 - 2014-10-09 23:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 13:04 - 2014-10-09 23:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 12:59 - 2014-09-17 23:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 12:59 - 2014-09-17 22:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 12:59 - 2014-08-28 23:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 12:56 - 2014-09-04 02:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 12:56 - 2014-09-04 02:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 12:56 - 2014-07-16 23:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 12:56 - 2014-07-16 23:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 12:56 - 2014-07-16 23:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 12:56 - 2014-07-16 23:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 12:56 - 2014-07-16 23:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 12:56 - 2014-07-16 23:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 12:56 - 2014-07-16 22:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 12:56 - 2014-07-16 22:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 12:56 - 2014-07-16 22:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 12:56 - 2014-07-16 22:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 12:56 - 2014-07-16 22:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 12:55 - 2014-09-12 22:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 12:55 - 2014-09-12 22:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 12:55 - 2014-09-04 23:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 12:55 - 2014-09-04 22:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 20:24 - 2014-10-16 20:23 - 01705698 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2014-10-16 20:24 - 2014-10-16 20:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-16 20:24 - 2014-10-16 20:20 - 01976320 _____ () C:\Users\Chris\Downloads\AdwCleaner_4.000.exe
2014-10-14 14:06 - 2014-10-14 14:06 - 00000000 ____D () C:\Users\Chris\Documents\Adobe
2014-10-14 14:04 - 2014-10-14 14:04 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-14 13:38 - 2014-10-14 13:38 - 00002035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-10-14 13:38 - 2014-10-14 13:38 - 00002015 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-10-14 13:38 - 2014-10-14 13:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-14 13:36 - 2014-10-14 13:36 - 00000000 ____D () C:\Program Files\Adobe
2014-10-14 12:56 - 2014-10-14 12:56 - 00000000 ___RD () C:\Users\Chris\Creative Cloud Files
2014-10-14 12:51 - 2014-10-14 13:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 12:50 - 2014-10-14 12:50 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-10-14 12:50 - 2014-10-14 12:50 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-10-14 12:50 - 2014-10-14 12:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-14 12:09 - 2014-10-14 12:09 - 00026656 _____ () C:\Users\Chris\Desktop\ComboFix.txt
2014-10-14 11:49 - 2014-10-14 12:09 - 00000000 ____D () C:\Qoobox
2014-10-14 11:49 - 2014-10-14 12:05 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 11:49 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 11:49 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 11:49 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 11:49 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 21:54 - 2014-10-09 21:55 - 00000000 ____D () C:\.Trash-999
2014-10-09 18:47 - 2014-10-09 18:48 - 00031506 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-10-09 18:45 - 2014-10-19 18:03 - 00000000 ____D () C:\FRST
2014-10-09 18:45 - 2014-10-19 18:02 - 00012908 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-10-08 23:14 - 2014-10-08 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-10-06 20:02 - 2014-10-06 20:07 - 00000576 _____ () C:\Users\Chris\Desktop\MonitorOff.lnk
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Macromedia
2014-10-06 11:38 - 2014-10-06 11:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\Macromedia
2014-10-06 10:37 - 2014-10-06 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 10:37 - 2014-10-06 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-06 10:37 - 2014-10-06 10:37 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 10:36 - 2014-10-17 12:38 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-10-06 10:09 - 2014-10-06 10:09 - 03453440 _____ () C:\Users\Chris\Downloads\Programacion_control_y_ejecucion_del_movimiento_2008.ppt
2014-10-05 10:35 - 2014-10-05 10:35 - 00000083 _____ () C:\Users\Chris\Desktop\Zitatesammlung.txt
2014-10-05 09:25 - 2014-10-19 17:47 - 00003427 _____ () C:\Windows\setupact.log
2014-10-05 09:25 - 2014-10-17 20:13 - 00078472 _____ () C:\Windows\PFRO.log
2014-10-05 09:25 - 2014-10-05 09:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 11:20 - 2014-10-04 11:20 - 00000000 ____D () C:\Windows\pss
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
2014-10-04 11:15 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\Chris\AppData\Local\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-04 11:13 - 2014-10-04 11:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 21:32 - 2014-10-02 21:32 - 00000000 ____D () C:\Users\Chris\Desktop\Asimov_Foundation
2014-10-02 14:09 - 2014-10-02 14:09 - 00007607 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-10-02 08:36 - 2014-10-02 08:36 - 00028250 _____ () C:\Users\Chris\Documents\bookmarks_02.10.14.html
2014-10-01 12:05 - 2014-10-01 12:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-01 11:56 - 2014-10-01 11:56 - 00001678 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-01 11:56 - 2014-10-01 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-01 11:55 - 2014-10-19 17:56 - 00004142 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-01 11:55 - 2014-10-01 11:56 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-01 11:55 - 2014-10-01 11:55 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-01 11:55 - 2014-10-01 11:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-01 11:55 - 2014-10-01 11:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-01 10:50 - 2014-10-01 10:50 - 00001012 _____ () C:\Users\Chris\Desktop\calibre.lnk
2014-10-01 10:38 - 2014-09-24 23:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:38 - 2014-09-24 22:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 01:10 - 2014-10-01 01:10 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-30 23:59 - 2014-09-30 23:59 - 00002984 _____ () C:\Windows\System32\Tasks\{C54A89D8-F4E2-4DEC-87BB-9CF0AD7C93E2}
2014-09-30 22:22 - 2014-09-30 23:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-30 22:21 - 2014-09-30 22:21 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashRpt
2014-09-30 22:21 - 2014-09-30 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-09-30 16:08 - 2014-10-14 16:24 - 00000000 ____D () C:\Users\Chris\Documents\Buchprojekt
2014-09-30 14:24 - 2014-10-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-30 14:15 - 2014-09-30 14:16 - 06004224 _____ () C:\Users\Chris\Downloads\SintNuc1.ppt
2014-09-30 14:15 - 2014-09-30 14:15 - 05917987 _____ () C:\Users\Chris\Downloads\SintNuc1.pptx
2014-09-29 10:32 - 2014-09-29 10:32 - 04305874 _____ () C:\Users\Chris\Downloads\X-Plane10DemoInstallerWindows.zip
2014-09-23 18:05 - 2014-09-09 19:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:05 - 2014-09-09 18:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 17:49 - 2014-07-17 17:41 - 00000498 ____H () C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2014-10-19 17:47 - 2014-06-10 14:46 - 01614025 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 23:18 - 2011-04-12 04:43 - 00699134 _____ () C:\Windows\system32\perfh007.dat
2014-10-18 23:18 - 2011-04-12 04:43 - 00149242 _____ () C:\Windows\system32\perfc007.dat
2014-10-18 23:18 - 2009-07-14 02:13 - 01618440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 18:20 - 2014-09-13 23:17 - 00000000 ____D () C:\Users\Chris\Documents\MATLAB
2014-10-18 10:20 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 10:20 - 2009-07-14 01:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 00:22 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 00:21 - 2009-07-14 01:45 - 00454968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 00:20 - 2014-06-16 15:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 21:03 - 2014-06-23 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 20:58 - 2014-06-23 13:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 19:49 - 2014-06-16 14:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-10-17 19:29 - 2014-08-03 17:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ViberPC
2014-10-17 19:29 - 2014-08-03 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Local\Viber
2014-10-14 22:10 - 2014-08-04 17:33 - 00000000 ___RD () C:\Users\Chris\Dropbox
2014-10-14 22:09 - 2014-08-04 17:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2014-10-14 16:39 - 2014-08-31 07:55 - 00000000 ____D () C:\Users\Chris\Desktop\Fotos_temp
2014-10-14 16:30 - 2014-06-10 15:43 - 00000000 ____D () C:\Software
2014-10-14 14:06 - 2014-06-23 14:37 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe
2014-10-14 12:56 - 2014-06-10 14:46 - 00000000 ____D () C:\Users\Chris
2014-10-14 12:50 - 2014-06-10 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 12:09 - 2009-07-14 00:20 - 00000000 __RHD () C:\Users\Default
2014-10-14 12:04 - 2009-07-13 23:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-09 11:02 - 2014-08-25 10:40 - 00000000 ____D () C:\Users\Chris\Desktop\Raspberry Pi
2014-10-09 02:25 - 2014-09-16 22:47 - 00000324 _____ () C:\Users\Chris\Desktop\todo.txt
2014-10-08 12:03 - 2014-07-19 16:42 - 00000464 _____ () C:\Users\Chris\Desktop\bbb.txt
2014-10-06 22:59 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-10-04 11:19 - 2014-06-10 15:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 12:53 - 2014-08-26 23:06 - 00000000 ____D () C:\Users\Chris\Documents\Uni BsAs
2014-10-01 11:54 - 2014-06-10 15:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-01 11:44 - 2014-06-16 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:15 - 2014-08-31 19:20 - 00000000 ____D () C:\Users\Chris\Documents\Calibre-Bibliothek
2014-10-01 10:39 - 2014-09-09 18:24 - 00000207 _____ () C:\Users\Chris\Desktop\goodtoknow.txt
2014-10-01 10:19 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-30 23:17 - 2014-06-10 15:51 - 00000075 _____ () C:\Users\Chris\Desktop\Programme.txt
2014-09-28 12:29 - 2014-07-17 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-20 01:11 - 2014-08-04 17:33 - 00001017 _____ () C:\Users\Chris\Desktop\Dropbox.lnk
2014-09-20 01:11 - 2014-08-04 17:31 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8nmmdh.dll
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 22:52

==================== End Of Log ============================
--- --- ---

schrauber 20.10.2014 17:52
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131