| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2013, 10:30
| #1 |
 |  Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Hallo zusammen! Problem siehe oben. Habe die Dateien mit Malwarebytes gefunden und entfernt. Muss ich weitere Massnahmen ergreifen? LG Tina |
|
06.08.2013, 11:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Hallo,
__________________Zitat:
Zudem möchte ich gern ein FRST-Log sehen. Poste bitte alle Logs in CODE-Tags Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.08.2013, 12:09
| #3 |
| | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.06.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 WHOKNOWS :: WHOKNOWS [Administrator] 06.08.2013 11:18:52 mbam-log-2013-08-06 (11-18-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248753 Laufzeit: 3 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\Readme.txt (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\Tsu.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{5676F50B-9B69-415A-ACB5-E591BF48D282}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by WHOKNOWS (administrator) on 06-08-2013 13:10:49
Running from C:\Users\WHOKNOWS\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Akamai Technologies, Inc.) C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe
() C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Dropbox, Inc.) C:\Users\WHOKNOWS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-30] (Lenovo)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-15] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll,C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [245872 2013-02-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [201576 2013-02-28] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windchill ProductPoint Client Manager.lnk
ShortcutTarget: Windchill ProductPoint Client Manager.lnk -> C:\Windows\Installer\{371E8B48-2AF1-491B-8F35-BD60D18CB927}\PPS.ico ()
Startup: C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\WHOKNOWS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\..\Interfaces\{22F80522-BA4A-4A76-869F-6C4C7FBD1557}: [NameServer]129.132.98.12,129.132.250.2
Tcpip\..\Interfaces\{BCE44BCB-CAE9-4C34-8B3D-53F93E6FB74D}: [NameServer]195.230.105.134 195.230.105.135
FireFox:
========
FF ProfilePath: C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\searchplugins\wikipediade---wikipedia-die-freie-enzyklopdie.xml
FF Extension: Deutsches Wörterbuch (Schweiz) - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\de-CH@dictionaries.addons.mozilla.org
FF Extension: Deutsches Wörterbuch - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: British English Dictionary (Updated) - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\en-gb@flyingtophat.co.uk
FF Extension: United States English Spellchecker - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\ich@maltegoetz.de
FF Extension: ChatZilla - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: WOT - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: add-to-searchbox - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: kitsuneymg - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\kitsuneymg@gmail.com.xpi
FF Extension: langpack-de - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: langpack-en-GB - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi
FF Extension: refgrabit - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\refgrabit@refworks.plugin.xpi
FF Extension: twitter - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\twitter@disconnect.me.xpi
FF Extension: unplug - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\unplug@compunach.xpi
FF Extension: uriloader - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\uriloader@pdf.js.xpi
FF Extension: youtubeunblocker - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{A5475360-A7EA-437b-9A79-29208F476940}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-11-12] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 13:10 - 2013-08-06 13:10 - 01788685 _____ (Farbar) C:\Users\WHOKNOWS\Desktop\FRST64.exe
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\FRST
2013-08-06 09:42 - 2013-08-06 09:42 - 00002475 _____ C:\Users\WHOKNOWS\Desktop\8 Kilo pures Fett in 2 Wochen verlieren.eml
2013-08-06 08:54 - 2013-08-06 08:54 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 08:21 - 2013-08-06 08:21 - 00003989 _____ C:\Users\WHOKNOWS\Desktop\Schlagen Sie das System! Es ist tatsächlich möglich. Ich habe es getan..eml
2013-08-05 13:14 - 2013-08-05 13:14 - 00187184 _____ C:\Users\WHOKNOWS\comcat5.dll
2013-08-05 11:26 - 2013-08-05 11:26 - 02994116 _____ C:\Users\WHOKNOWS\Downloads\OnLineRecovery.zip
2013-08-05 11:26 - 2013-08-05 11:26 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\OnLineRecovery
2013-08-05 11:26 - 2013-05-15 10:34 - 00020872 _____ (SMI) C:\Windows\system32\Drivers\smidriver.sys
2013-08-05 11:19 - 2013-08-05 11:53 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\SicherungTranscend32GB
2013-07-17 10:06 - 2013-07-17 10:06 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00289768 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00189416 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00188904 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00108008 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\Program Files\Java
2013-07-17 08:16 - 2013-08-05 13:12 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-10 18:05 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 18:05 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 18:05 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 18:05 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 18:05 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 18:05 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 18:05 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 18:05 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 18:05 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 18:05 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 18:05 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 18:05 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 18:05 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 18:05 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 18:05 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 18:05 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 18:05 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 18:05 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 18:05 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 18:05 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 18:05 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 18:05 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 18:05 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 18:05 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 18:05 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 18:05 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:05 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 18:05 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 18:05 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:06 - 2013-07-10 17:06 - 00141696 _____ C:\Users\WHOKNOWS\Documents\Sylt.igs
2013-07-10 16:58 - 2013-07-10 16:58 - 00461086 _____ C:\Users\WHOKNOWS\Documents\Simon.igs
2013-07-10 16:44 - 2013-07-10 16:44 - 00360308 _____ C:\Users\WHOKNOWS\Documents\HSG.igs
2013-07-10 16:39 - 2013-07-10 16:39 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\3dmouse
2013-07-10 15:57 - 2013-07-10 15:57 - 00736114 _____ C:\Users\WHOKNOWS\Documents\Wappen.igs
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\NVIDIA
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\McNeel
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\McNeel
2013-07-10 15:53 - 2013-08-05 13:31 - 00000000 ____D C:\ProgramData\McNeel
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_610.set
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\fiusvhm561.dat
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\i_oirotq856.ini
2013-07-10 15:42 - 2013-07-10 15:49 - 237064192 _____ C:\Users\WHOKNOWS\Downloads\rh50Evaluation_x64_de-de_5.4.30524.11065.msi
2013-07-10 15:36 - 2013-07-10 15:36 - 00003144 _____ C:\Windows\System32\Tasks\{DFB28C94-FE82-4F03-A544-BA29CEF2C7DF}
2013-07-10 15:32 - 2013-07-10 15:35 - 00000000 ____D C:\Program Files (x86)\Img2CAD
2013-07-10 15:32 - 2013-07-10 15:32 - 00578093 _____ (Img2CAD, Inc. ) C:\Users\WHOKNOWS\Downloads\img2cad.exe
2013-07-10 13:47 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:47 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:47 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:47 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:47 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:47 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:47 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:38 - 2013-07-10 09:41 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-10 09:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-07-10 09:36 - 2013-07-10 09:36 - 13305384 _____ (Nullsoft, Inc.) C:\Users\WHOKNOWS\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-09 14:20 - 2013-07-09 14:20 - 00482762 _____ C:\Users\WHOKNOWS\Downloads\exchangecalendar-3.1.3.xpi
2013-07-08 15:40 - 2013-07-08 15:40 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Amazon
2013-07-08 15:38 - 2013-07-08 15:38 - 02399472 _____ C:\Users\WHOKNOWS\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Amazon MP3
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-08 09:35 - 2013-07-08 09:39 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\cdex_151
2013-07-08 09:35 - 2013-07-08 09:35 - 01923290 _____ C:\Users\WHOKNOWS\Downloads\cdex_151.zip
==================== One Month Modified Files and Folders =======
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\FRST
2013-08-06 13:10 - 2013-02-18 11:06 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Skype
2013-08-06 12:53 - 2013-04-16 11:13 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 12:48 - 2013-01-15 18:09 - 01463755 _____ C:\Windows\WindowsUpdate.log
2013-08-06 12:31 - 2013-05-22 07:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 11:32 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 11:32 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 11:31 - 2013-01-16 02:49 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-06 11:31 - 2013-01-16 02:49 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-06 11:31 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 11:27 - 2013-02-15 17:19 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Nitro PDF
2013-08-06 11:25 - 2013-04-16 11:13 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 11:25 - 2013-02-18 10:29 - 00000000 ___RD C:\Users\WHOKNOWS\Dropbox
2013-08-06 11:25 - 2013-02-18 10:27 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Dropbox
2013-08-06 11:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 11:24 - 2010-11-21 05:47 - 00102576 _____ C:\Windows\PFRO.log
2013-08-06 11:24 - 2009-07-14 06:51 - 00073677 _____ C:\Windows\setupact.log
2013-08-06 09:42 - 2013-08-06 09:42 - 00002475 _____ C:\Users\WHOKNOWS\Desktop\8 Kilo pures Fett in 2 Wochen verlieren.eml
2013-08-06 09:09 - 2013-02-18 09:20 - 00000227 _____ C:\ProgramData\LastUpdate.xml
2013-08-06 09:09 - 2013-02-18 09:20 - 00000031 _____ C:\Windows\WebUpdateSvc4.INI
2013-08-06 08:54 - 2013-08-06 08:54 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 08:54 - 2013-01-15 18:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 08:21 - 2013-08-06 08:21 - 00003989 _____ C:\Users\WHOKNOWS\Desktop\Schlagen Sie das System! Es ist tatsächlich möglich. Ich habe es getan..eml
2013-08-06 08:19 - 2013-02-20 10:36 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\Akamai
2013-08-05 13:31 - 2013-07-10 15:53 - 00000000 ____D C:\ProgramData\McNeel
2013-08-05 13:15 - 2013-02-15 17:14 - 00000000 ____D C:\Users\WHOKNOWS
2013-08-05 13:14 - 2013-08-05 13:14 - 00187184 _____ C:\Users\WHOKNOWS\comcat5.dll
2013-08-05 13:12 - 2013-07-17 08:16 - 00000000 _____ C:\Windows\system32\vireng.log
2013-08-05 11:53 - 2013-08-05 11:19 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\SicherungTranscend32GB
2013-08-05 11:26 - 2013-08-05 11:26 - 02994116 _____ C:\Users\WHOKNOWS\Downloads\OnLineRecovery.zip
2013-08-05 11:26 - 2013-08-05 11:26 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\OnLineRecovery
2013-08-05 10:04 - 2013-02-18 11:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-05 10:04 - 2013-02-18 11:06 - 00000000 ____D C:\ProgramData\Skype
2013-08-05 09:16 - 2013-01-15 18:14 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2013-08-05 09:15 - 2013-01-15 18:01 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-07-19 13:28 - 2013-04-26 12:15 - 00005146 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WHOKNOWS-THINK-WHOKNOWS WHOKNOWS-THINK
2013-07-19 10:00 - 2013-05-22 07:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 10:00 - 2013-02-18 11:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 10:00 - 2013-02-18 11:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 10:00 - 2013-02-15 17:55 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\Adobe
2013-07-18 16:21 - 2013-03-15 09:07 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Outlook-Dateien
2013-07-18 12:41 - 2009-07-14 07:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 10:06 - 2013-07-17 10:06 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00289768 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00189416 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00188904 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00108008 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\Program Files\Java
2013-07-15 09:24 - 2013-02-15 17:14 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\MobileAccess
2013-07-15 08:48 - 2013-04-16 11:13 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 08:48 - 2013-04-16 11:13 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 08:27 - 2013-02-18 17:12 - 00000000 ____D C:\Users\WHOKNOWS\Arbeit
2013-07-11 07:17 - 2013-02-20 18:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 07:17 - 2013-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 07:17 - 2011-12-08 22:43 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 07:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 07:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 07:17 - 2009-07-14 06:45 - 00616664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 18:11 - 2013-02-21 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:07 - 2013-02-18 17:43 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 18:02 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-10 17:06 - 2013-07-10 17:06 - 00141696 _____ C:\Users\WHOKNOWS\Documents\Sylt.igs
2013-07-10 16:58 - 2013-07-10 16:58 - 00461086 _____ C:\Users\WHOKNOWS\Documents\Simon.igs
2013-07-10 16:44 - 2013-07-10 16:44 - 00360308 _____ C:\Users\WHOKNOWS\Documents\HSG.igs
2013-07-10 16:39 - 2013-07-10 16:39 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\3dmouse
2013-07-10 15:57 - 2013-07-10 15:57 - 00736114 _____ C:\Users\WHOKNOWS\Documents\Wappen.igs
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\NVIDIA
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\McNeel
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\McNeel
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_610.set
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\fiusvhm561.dat
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\i_oirotq856.ini
2013-07-10 15:49 - 2013-07-10 15:42 - 237064192 _____ C:\Users\WHOKNOWS\Downloads\rh50Evaluation_x64_de-de_5.4.30524.11065.msi
2013-07-10 15:36 - 2013-07-10 15:36 - 00003144 _____ C:\Windows\System32\Tasks\{DFB28C94-FE82-4F03-A544-BA29CEF2C7DF}
2013-07-10 15:35 - 2013-07-10 15:32 - 00000000 ____D C:\Program Files (x86)\Img2CAD
2013-07-10 15:32 - 2013-07-10 15:32 - 00578093 _____ (Img2CAD, Inc. ) C:\Users\WHOKNOWS\Downloads\img2cad.exe
2013-07-10 09:41 - 2013-07-10 09:38 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-10 09:36 - 2013-07-10 09:36 - 13305384 _____ (Nullsoft, Inc.) C:\Users\WHOKNOWS\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-09 14:20 - 2013-07-09 14:20 - 00482762 _____ C:\Users\WHOKNOWS\Downloads\exchangecalendar-3.1.3.xpi
2013-07-08 15:40 - 2013-07-08 15:40 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Amazon
2013-07-08 15:38 - 2013-07-08 15:38 - 02399472 _____ C:\Users\WHOKNOWS\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Amazon MP3
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-08 14:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-08 09:39 - 2013-07-08 09:35 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\cdex_151
2013-07-08 09:35 - 2013-07-08 09:35 - 01923290 _____ C:\Users\WHOKNOWS\Downloads\cdex_151.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 12:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013 Ran by WHOKNOWS at 2013-08-06 13:11:07 Running from C:\Users\WHOKNOWS\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Bridge 1.0 (x32 Version: 001.000.001) Adobe Common File Installer (x32 Version: 1.00.001) Adobe Creative Suite 2 (x32) Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Center 1.0 (x32 Version: 1.0.1) Adobe Illustrator CS2 (x32 Version: 12.000.000) Adobe InDesign CS2 (x32 Version: 004.000.000) Adobe Photoshop CS2 (x32 Version: 9.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Stock Photos 1.0 (x32 Version: 1.0.1) Adobe SVG Viewer 3.0 (x32 Version: 3.0) Akamai NetSession Interface (HKCU) Amazon MP3 Downloader 1.0.18 (HKCU Version: 1.0.18) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) Autodesk Design Review 2013 (x32 Version: 13.0.0.82) Autodesk Download Manager (x32 Version: 2.0.2.0) Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (Version: 17.0.13800.0000) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206) Autodesk Inventor Fusion for Inventor 2013 Add-in (Version: 1.0.0.111) Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000) Autodesk Inventor Professional 2013 Deutsch (German) (Version: 17.0.13800.0000) Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000) Autodesk Material Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Sync (Version: 3.5.24.0) Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0) Autodesk Vault Basic 2013 (Client) (x32 Version: 17.0.61.0) Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0) Brother MFL-Pro Suite DCP-7030 (x32 Version: 1.0.1.0) Burn.Now 4.5 (x32 Version: 4.5.0) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Corel Applications (x32) Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0) Corel DVD MovieFactory 7 (x32 Version: 7.0.0) Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0) Corel WinDVD (x32 Version: 10.0.6.392) Create Recovery Media (x32 Version: 1.20.0.00) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Direct DiscRecorder (x32 Version: 1.00.0000) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00) Dolby Home Theater v4 (x32 Version: 7.2.7000.11) dows-Treiberpaket - Intel System (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020) Dropbox (HKCU Version: 2.0.22) DWG TrueView 2013 (Version: 19.0.55.0) Eco Materials Adviser for Autodesk Inventor 2013 (Version: 3.9.12.0) Energie-Manager (x32 Version: 6.32) Evernote v. 4.2.3 (x32 Version: 4.2.3.15) FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2) Gapminder World 0.0.6 (x86 en-US) (x32 Version: 0.0.6) GIMP 2.8.4 (Version: 2.8.4) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) Harzing's Publish or Perish 4.1.2.4907 (Version: 4.1.2.4907) Integrated Camera Driver Installer Package Ver.1.2.1.16 (x32 Version: 1.2.1.16) Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10) Intel PROSet Wireless Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.3.1427) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 9.17.10.2843) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225) Intel(R) WiDi (Version: 3.1.29.0) Intel(R) Wireless Display Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830) Intel® Trusted Connect Service Client (Version: 1.23.605.1) Java 7 Update 25 (x32 Version: 7.0.250) Java 7 Update 6 (64-bit) (Version: 7.0.60) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lenovo Auto Scroll Utility (Version: 1.11) Lenovo Mobile Access (x32 Version: 3.2.30417.1301) Lenovo Mobile Broadband Activation (x32 Version: 4.2.1003.00) Lenovo Patch Utility (x32 Version: 1.3.0.9) Lenovo Patch Utility 64 bit (Version: 1.3.0.9) Lenovo Power Management Driver (Version: 1.67.00.02) Lenovo Registration (x32 Version: 1.0.4) Lenovo SimpleTap (Version: 3.2.0004.00) Lenovo Solution Center (Version: 2.1.003.00) Lenovo System Update (x32 Version: 5.02.0018) Lenovo User Guide (x32 Version: 1.0.0009.00) Lenovo Warranty Information (x32 Version: 1.0.0005.00) Lenovo Welcome (x32 Version: 3.1.0020.00) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mathcad 15 M010 (x32 Version: 15.0.1.0) Mathcad PDSi viewable support (x32 Version: 9.0.0) Mesh Runtime (x32 Version: 15.4.5722.2) Message Center Plus (Version: 3.1.0004.00) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0) Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017) Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017) Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017) Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Mobile Broadband Drivers (x32 Version: 7.1.1.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Nitro Pro 7 (Version: 7.4.1.4) NVIDIA Grafiktreiber 311.00 (Version: 311.00) NVIDIA HD-Audiotreiber 1.3.16.0 (Version: 1.3.16.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA Optimus 1.11.3 (Version: 1.11.3) NVIDIA Systemsteuerung 311.00 (Version: 311.00) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) NX Client Fonts 100dpi (x32) NX Client Fonts 75dpi (x32) NX Client Fonts Misc (x32) NX Client Fonts Others (x32) NX Client for Windows 3.5.0-9 (x32 Version: 3.5.0-9) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017) PDF24 Creator 5.3.0 (x32) PDFCreator (x32 Version: 1.6.2) Phase 5 HTML-Editor (x32 Version: 5.6.2.3) 'PTC Places' Namespace Shell Extension (x32 Version: 1.1.16) QuickTime (x32 Version: 7.74.80.86) R für Windows (x32) RapidBoot Shield (Version: 1.23) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6617) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00) RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01) RStudio (x32 Version: 0.97.318) Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (Version: 17.0.13800.0000) Skype™ 6.6 (x32 Version: 6.6.106) Sophos Anti-Virus (x32 Version: 10.2.8) Sophos AutoUpdate (x32 Version: 2.9.0.344) Statistiklabor 3 (x32) SugarSync Manager (x32 Version: 1.9.61.90905) Suite Specific (x32 Version: 2.0.0) TeamViewer 8 (x32 Version: 8.0.16642) ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2700) ThinkPad UltraNav Driver (Version: 16.2.19.7) ThinkVantage Access Connections (x32 Version: 5.95) ThinkVantage Communications Utility (Version: 3.0.34.0) ThinkVantage Fingerprint Software (Version: 5.9.6.7084) ThinkVantage System für aktiven Festplattenschutz (Version: 1.76) Tinypic 3.18 (x32 Version: Tinypic 3.18) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition VBA (2627.01) (x32 Version: 6.03.00.9402) VIP Access (x32 Version: 2.0.5.13) VLC media player 2.0.5 (Version: 2.0.5) Windchill ProductPoint Client Manager-2.0_2011.01.10.001 (x32 Version: 2.0.2310) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows-Treiberpaket - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0) Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011) Windows-Treiberpaket - Intel USB (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011) Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20) Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (Version: 04/06/2012 16.1.1.0) WinSCP 5.1.4 (x32 Version: 5.1.4) ==================== Restore Points ========================= 10-07-2013 07:38:13 DirectX wurde installiert 10-07-2013 13:53:02 Rhinoceros 5 Testversion (64-bit) installiert 10-07-2013 16:01:32 Windows Update 12-07-2013 14:16:55 Windows Update 15-07-2013 15:35:22 Windows Update 18-07-2013 14:58:36 Windows Update 05-08-2013 10:50:04 Geplanter Prüfpunkt 05-08-2013 11:16:57 Rhinoceros 5 Testversion (64-bit) entfernt 05-08-2013 11:30:38 Rhinoceros 5 Testversion (64-bit) entfernt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-06-24 14:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0C1DBF72-736B-4BC1-B68D-F533A03DF35E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe No File Task: {140936AD-89A3-41D0-9B62-F19521C91988} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-19] (Adobe Systems Incorporated) Task: {1537F3D8-1C20-4CFC-8FC3-80C111F4668B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.) Task: {186582E6-31F5-48BA-8C73-43D45E33B122} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File Task: {2037AA75-C709-4AF1-842F-C195F96BE1DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {364B9BFA-239F-4C06-9DC4-71B735E12468} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {39D79CBD-873D-4F50-BC8F-1D1E7AAB04D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.) Task: {45D5DF3E-7987-4592-8870-4B71C0D112D2} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2012-05-15] (Lenovo Group Limited) Task: {5CFAC82F-D580-4D96-8353-C613370A249C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo) Task: {5E99BD2B-D597-48FA-B515-93BC27E31BC6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {61DC72AA-6A1C-4EA4-A49F-0282CA4A2633} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {681B30B5-34D4-406B-872B-02FC17F320B8} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for WHOKNOWS-THINK.WHOKNOWS => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo) Task: {77E3E540-CDA8-4318-A1A2-9EEE03D6AFD5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {97A3F461-D328-45A4-A5F5-B59ECF6C6AED} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] () Task: {97BBD7AB-26B0-46A3-BC31-ECD69436EAB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {ADA9FA69-BD91-42F9-BEAB-F305BE5F8EB2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {B12A5A0A-60F6-4D0D-B6C9-04760CA29F7E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo) Task: {B6EDB21E-5C8A-4826-BB76-06BB1CF379C1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] () Task: {B949B327-8B20-4A65-9A08-AACFA46E21DA} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {C8D9C70C-3C1D-4166-B6EA-33F420F356EA} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo) Task: {DD5FD3FB-D35B-4924-9DF4-00D95F275317} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WHOKNOWS-THINK-WHOKNOWS WHOKNOWS-THINK => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {DFEED918-4ED0-444C-8032-35954DEB4172} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT) Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 System errors: ============= Error: (08/06/2013 11:24:46 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error: (08/06/2013 08:18:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/06/2013 08:18:11 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Cisco AnyConnect Secure Mobility Agent erreicht. Error: (08/06/2013 08:18:07 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error: (08/05/2013 03:20:02 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows-Biometriedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/05/2013 01:12:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/05/2013 01:12:24 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Cisco AnyConnect Secure Mobility Agent erreicht. Error: (08/05/2013 01:12:19 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error: (08/05/2013 09:05:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/05/2013 09:05:13 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Cisco AnyConnect Secure Mobility Agent erreicht. Microsoft Office Sessions: ========================= Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path43900 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path25900 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path17900 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path23808600 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path21808600 Error: (08/06/2013 00:52:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path18808600 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path43900 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path25900 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path17900 Error: (08/06/2013 00:21:41 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT) Description: Eap method DLL path23808600 CodeIntegrity Errors: =================================== Date: 2013-08-06 11:31:57.076 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-06 08:58:36.146 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-05 13:16:22.584 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-05 13:10:05.965 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\smidriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-05 13:10:05.938 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\smidriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-05 10:04:20.917 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-05 10:03:14.398 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 10:39:14.607 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 10:43:01.920 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-17 08:17:34.473 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 7888.8 MB Available physical RAM: 4856.02 MB Total Pagefile: 15775.78 MB Available Pagefile: 12340.18 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:200.43 GB) (Free:46.81 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:1.33 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 224 GB) (Disk ID: E37527E2) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=8 GB) - (Type=84) ==================== End Of Log ============================ Geändert von Pixeltina (06.08.2013 um 12:15 Uhr) |
|
06.08.2013, 12:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Mehr hat MBAM nicht gefunden, nur dieses Tarma-Gedöns? Wenn ja, hast du nur Werbemüll drauf. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit Farbars Tool bitte: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.08.2013, 13:11
| #5 |
| | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Hallo Cosinus, danke für deine Hilfe. Nein, Mbam hatte nur das Tarma Zeugs gefunden. Ich hatte es dann mal gegoogelt und da klang das alles etwas bedenklicher als nur Werbung. Daher bin ich hier mal vorbei gekommen. Ich mache mal weiter in deinem Plan. :-) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Professional x64
Ran by WHOKNOWS on 06.08.2013 at 14:00:07,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\WHOKNOWS\AppData\Roaming\mozilla\firefox\profiles\n9ndxtad.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 14:04:10,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 06/08/2013 um 14:05:58 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : WHOKNOWS - WHOKNOWS-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\WHOKNOWS\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [734 octets] - [06/08/2013 14:05:58]
########## EOF - C:\AdwCleaner[S1].txt - [793 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by WHOKNOWS (administrator) on 06-08-2013 14:08:57
Running from C:\Users\WHOKNOWS\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Akamai Technologies, Inc.) C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe
() C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\WHOKNOWS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Akamai Technologies, Inc.) C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-30] (Lenovo)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\WHOKNOWS\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-15] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll,C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [245872 2013-02-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [201576 2013-02-28] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windchill ProductPoint Client Manager.lnk
ShortcutTarget: Windchill ProductPoint Client Manager.lnk -> C:\Windows\Installer\{371E8B48-2AF1-491B-8F35-BD60D18CB927}\PPS.ico ()
Startup: C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\WHOKNOWS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 172.16.1.7
Tcpip\..\Interfaces\{22F80522-BA4A-4A76-869F-6C4C7FBD1557}: [NameServer]129.132.98.12,129.132.250.2
Tcpip\..\Interfaces\{BCE44BCB-CAE9-4C34-8B3D-53F93E6FB74D}: [NameServer]195.230.105.134 195.230.105.135
FireFox:
========
FF ProfilePath: C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\WHOKNOWS\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\searchplugins\wikipediade---wikipedia-die-freie-enzyklopdie.xml
FF Extension: Deutsches Wörterbuch (Schweiz) - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\de-CH@dictionaries.addons.mozilla.org
FF Extension: Deutsches Wörterbuch - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: British English Dictionary (Updated) - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\en-gb@flyingtophat.co.uk
FF Extension: United States English Spellchecker - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\ich@maltegoetz.de
FF Extension: ChatZilla - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: WOT - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: add-to-searchbox - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: kitsuneymg - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\kitsuneymg@gmail.com.xpi
FF Extension: langpack-de - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: langpack-en-GB - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi
FF Extension: refgrabit - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\refgrabit@refworks.plugin.xpi
FF Extension: twitter - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\twitter@disconnect.me.xpi
FF Extension: unplug - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\unplug@compunach.xpi
FF Extension: uriloader - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\uriloader@pdf.js.xpi
FF Extension: youtubeunblocker - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{A5475360-A7EA-437b-9A79-29208F476940}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\WHOKNOWS\AppData\Roaming\Mozilla\Firefox\Profiles\n9ndxtad.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-11-12] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 14:05 - 2013-08-06 14:06 - 00000861 _____ C:\AdwCleaner[S1].txt
2013-08-06 14:04 - 2013-08-06 14:04 - 00000760 _____ C:\Users\WHOKNOWS\Desktop\JRT.txt
2013-08-06 13:58 - 2013-08-06 13:58 - 00666633 _____ C:\Users\WHOKNOWS\Desktop\adwcleaner.exe
2013-08-06 13:56 - 2013-08-06 13:56 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\WHOKNOWS\Desktop\JRT.exe
2013-08-06 13:10 - 2013-08-06 13:10 - 01788685 _____ (Farbar) C:\Users\WHOKNOWS\Desktop\FRST64.exe
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\FRST
2013-08-06 09:42 - 2013-08-06 09:42 - 00002475 _____ C:\Users\WHOKNOWS\Desktop\8 Kilo pures Fett in 2 Wochen verlieren.eml
2013-08-06 08:54 - 2013-08-06 08:54 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 08:21 - 2013-08-06 08:21 - 00003989 _____ C:\Users\WHOKNOWS\Desktop\Schlagen Sie das System! Es ist tatsächlich möglich. Ich habe es getan..eml
2013-08-05 13:14 - 2013-08-05 13:14 - 00187184 _____ C:\Users\WHOKNOWS\comcat5.dll
2013-08-05 11:26 - 2013-08-05 11:26 - 02994116 _____ C:\Users\WHOKNOWS\Downloads\OnLineRecovery.zip
2013-08-05 11:26 - 2013-08-05 11:26 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\OnLineRecovery
2013-08-05 11:26 - 2013-05-15 10:34 - 00020872 _____ (SMI) C:\Windows\system32\Drivers\smidriver.sys
2013-08-05 11:19 - 2013-08-05 11:53 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\SicherungTranscend32GB
2013-07-17 10:06 - 2013-07-17 10:06 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00289768 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00189416 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00188904 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00108008 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\Program Files\Java
2013-07-17 08:16 - 2013-08-05 13:12 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-10 18:05 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 18:05 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 18:05 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 18:05 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 18:05 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 18:05 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 18:05 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 18:05 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 18:05 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 18:05 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 18:05 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 18:05 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 18:05 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 18:05 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 18:05 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 18:05 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 18:05 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 18:05 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 18:05 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 18:05 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 18:05 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 18:05 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 18:05 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 18:05 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 18:05 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 18:05 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 18:05 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:05 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 18:05 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 18:05 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:06 - 2013-07-10 17:06 - 00141696 _____ C:\Users\WHOKNOWS\Documents\Sylt.igs
2013-07-10 16:58 - 2013-07-10 16:58 - 00461086 _____ C:\Users\WHOKNOWS\Documents\Simon.igs
2013-07-10 16:44 - 2013-07-10 16:44 - 00360308 _____ C:\Users\WHOKNOWS\Documents\HSG.igs
2013-07-10 16:39 - 2013-07-10 16:39 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\3dmouse
2013-07-10 15:57 - 2013-07-10 15:57 - 00736114 _____ C:\Users\WHOKNOWS\Documents\Wappen.igs
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\NVIDIA
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\McNeel
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\McNeel
2013-07-10 15:53 - 2013-08-05 13:31 - 00000000 ____D C:\ProgramData\McNeel
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_610.set
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\fiusvhm561.dat
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\i_oirotq856.ini
2013-07-10 15:42 - 2013-07-10 15:49 - 237064192 _____ C:\Users\WHOKNOWS\Downloads\rh50Evaluation_x64_de-de_5.4.30524.11065.msi
2013-07-10 15:36 - 2013-07-10 15:36 - 00003144 _____ C:\Windows\System32\Tasks\{DFB28C94-FE82-4F03-A544-BA29CEF2C7DF}
2013-07-10 15:32 - 2013-07-10 15:35 - 00000000 ____D C:\Program Files (x86)\Img2CAD
2013-07-10 15:32 - 2013-07-10 15:32 - 00578093 _____ (Img2CAD, Inc. ) C:\Users\WHOKNOWS\Downloads\img2cad.exe
2013-07-10 13:47 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:47 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:47 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:47 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:47 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:47 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:47 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:38 - 2013-07-10 09:41 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-10 09:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-07-10 09:36 - 2013-07-10 09:36 - 13305384 _____ (Nullsoft, Inc.) C:\Users\WHOKNOWS\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-09 14:20 - 2013-07-09 14:20 - 00482762 _____ C:\Users\WHOKNOWS\Downloads\exchangecalendar-3.1.3.xpi
2013-07-08 15:40 - 2013-07-08 15:40 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Amazon
2013-07-08 15:38 - 2013-07-08 15:38 - 02399472 _____ C:\Users\WHOKNOWS\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Amazon MP3
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-08 09:35 - 2013-07-08 09:39 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\cdex_151
2013-07-08 09:35 - 2013-07-08 09:35 - 01923290 _____ C:\Users\WHOKNOWS\Downloads\cdex_151.zip
==================== One Month Modified Files and Folders =======
2013-08-06 14:07 - 2013-04-16 11:13 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 14:07 - 2013-02-18 10:29 - 00000000 ___RD C:\Users\WHOKNOWS\Dropbox
2013-08-06 14:07 - 2013-02-18 10:27 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Dropbox
2013-08-06 14:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 14:06 - 2013-08-06 14:05 - 00000861 _____ C:\AdwCleaner[S1].txt
2013-08-06 14:06 - 2013-02-18 11:06 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Skype
2013-08-06 14:06 - 2013-01-15 18:09 - 01466075 _____ C:\Windows\WindowsUpdate.log
2013-08-06 14:06 - 2009-07-14 06:51 - 00073733 _____ C:\Windows\setupact.log
2013-08-06 14:04 - 2013-08-06 14:04 - 00000760 _____ C:\Users\WHOKNOWS\Desktop\JRT.txt
2013-08-06 13:58 - 2013-08-06 13:58 - 00666633 _____ C:\Users\WHOKNOWS\Desktop\adwcleaner.exe
2013-08-06 13:56 - 2013-08-06 13:56 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\WHOKNOWS\Desktop\JRT.exe
2013-08-06 13:53 - 2013-04-16 11:13 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 13:31 - 2013-05-22 07:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 13:17 - 2013-02-20 10:36 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\Akamai
2013-08-06 13:10 - 2013-08-06 13:10 - 01788685 _____ (Farbar) C:\Users\WHOKNOWS\Desktop\FRST64.exe
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\FRST
2013-08-06 11:32 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 11:32 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 11:31 - 2013-01-16 02:49 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-06 11:31 - 2013-01-16 02:49 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-06 11:31 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 11:27 - 2013-02-15 17:19 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Nitro PDF
2013-08-06 11:24 - 2010-11-21 05:47 - 00102576 _____ C:\Windows\PFRO.log
2013-08-06 09:42 - 2013-08-06 09:42 - 00002475 _____ C:\Users\WHOKNOWS\Desktop\8 Kilo pures Fett in 2 Wochen verlieren.eml
2013-08-06 09:09 - 2013-02-18 09:20 - 00000227 _____ C:\ProgramData\LastUpdate.xml
2013-08-06 09:09 - 2013-02-18 09:20 - 00000031 _____ C:\Windows\WebUpdateSvc4.INI
2013-08-06 08:54 - 2013-08-06 08:54 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 08:54 - 2013-01-15 18:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 08:21 - 2013-08-06 08:21 - 00003989 _____ C:\Users\WHOKNOWS\Desktop\Schlagen Sie das System! Es ist tatsächlich möglich. Ich habe es getan..eml
2013-08-05 13:31 - 2013-07-10 15:53 - 00000000 ____D C:\ProgramData\McNeel
2013-08-05 13:15 - 2013-02-15 17:14 - 00000000 ____D C:\Users\WHOKNOWS
2013-08-05 13:14 - 2013-08-05 13:14 - 00187184 _____ C:\Users\WHOKNOWS\comcat5.dll
2013-08-05 13:12 - 2013-07-17 08:16 - 00000000 _____ C:\Windows\system32\vireng.log
2013-08-05 11:53 - 2013-08-05 11:19 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\SicherungTranscend32GB
2013-08-05 11:26 - 2013-08-05 11:26 - 02994116 _____ C:\Users\WHOKNOWS\Downloads\OnLineRecovery.zip
2013-08-05 11:26 - 2013-08-05 11:26 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\OnLineRecovery
2013-08-05 10:04 - 2013-02-18 11:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-05 10:04 - 2013-02-18 11:06 - 00000000 ____D C:\ProgramData\Skype
2013-08-05 09:16 - 2013-01-15 18:14 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2013-08-05 09:15 - 2013-01-15 18:01 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-07-19 13:28 - 2013-04-26 12:15 - 00005146 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WHOKNOWS-THINK-WHOKNOWS WHOKNOWS-THINK
2013-07-19 10:00 - 2013-05-22 07:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 10:00 - 2013-02-18 11:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 10:00 - 2013-02-18 11:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 10:00 - 2013-02-15 17:55 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\Adobe
2013-07-18 16:21 - 2013-03-15 09:07 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Outlook-Dateien
2013-07-18 12:41 - 2009-07-14 07:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 10:06 - 2013-07-17 10:06 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00289768 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00189416 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00188904 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-17 10:06 - 2013-07-17 10:06 - 00108008 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-17 10:06 - 2013-07-17 10:06 - 00000000 ____D C:\Program Files\Java
2013-07-15 09:24 - 2013-02-15 17:14 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\MobileAccess
2013-07-15 08:48 - 2013-04-16 11:13 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 08:48 - 2013-04-16 11:13 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 08:27 - 2013-02-18 17:12 - 00000000 ____D C:\Users\WHOKNOWS\Arbeit
2013-07-11 07:17 - 2013-02-20 18:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 07:17 - 2013-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 07:17 - 2011-12-08 22:43 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 07:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 07:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 07:17 - 2009-07-14 06:45 - 00616664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 18:11 - 2013-02-21 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:07 - 2013-02-18 17:43 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 18:02 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-10 17:06 - 2013-07-10 17:06 - 00141696 _____ C:\Users\WHOKNOWS\Documents\Sylt.igs
2013-07-10 16:58 - 2013-07-10 16:58 - 00461086 _____ C:\Users\WHOKNOWS\Documents\Simon.igs
2013-07-10 16:44 - 2013-07-10 16:44 - 00360308 _____ C:\Users\WHOKNOWS\Documents\HSG.igs
2013-07-10 16:39 - 2013-07-10 16:39 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\3dmouse
2013-07-10 15:57 - 2013-07-10 15:57 - 00736114 _____ C:\Users\WHOKNOWS\Documents\Wappen.igs
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\NVIDIA
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\McNeel
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Local\McNeel
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_610.set
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\SysWOW64\Drivers\fiusvhm561.dat
2013-07-10 15:53 - 2013-07-10 15:53 - 00000400 _____ C:\Windows\i_oirotq856.ini
2013-07-10 15:49 - 2013-07-10 15:42 - 237064192 _____ C:\Users\WHOKNOWS\Downloads\rh50Evaluation_x64_de-de_5.4.30524.11065.msi
2013-07-10 15:36 - 2013-07-10 15:36 - 00003144 _____ C:\Windows\System32\Tasks\{DFB28C94-FE82-4F03-A544-BA29CEF2C7DF}
2013-07-10 15:35 - 2013-07-10 15:32 - 00000000 ____D C:\Program Files (x86)\Img2CAD
2013-07-10 15:32 - 2013-07-10 15:32 - 00578093 _____ (Img2CAD, Inc. ) C:\Users\WHOKNOWS\Downloads\img2cad.exe
2013-07-10 09:41 - 2013-07-10 09:38 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-10 09:36 - 2013-07-10 09:36 - 13305384 _____ (Nullsoft, Inc.) C:\Users\WHOKNOWS\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-09 14:20 - 2013-07-09 14:20 - 00482762 _____ C:\Users\WHOKNOWS\Downloads\exchangecalendar-3.1.3.xpi
2013-07-08 15:40 - 2013-07-08 15:40 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Amazon
2013-07-08 15:38 - 2013-07-08 15:38 - 02399472 _____ C:\Users\WHOKNOWS\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\Documents\Amazon MP3
2013-07-08 15:38 - 2013-07-08 15:38 - 00000000 ____D C:\Users\WHOKNOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-08 14:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-08 09:39 - 2013-07-08 09:35 - 00000000 ____D C:\Users\WHOKNOWS\Downloads\cdex_151
2013-07-08 09:35 - 2013-07-08 09:35 - 01923290 _____ C:\Users\WHOKNOWS\Downloads\cdex_151.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 12:11
==================== End Of Log ============================
--- --- --- --- --- --- Hier die Scans!  Eine Addition.txt gab es irgendwie diesmal nicht... |
|
06.08.2013, 13:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? |
|
07.08.2013, 12:21
| #7 |
| | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.06.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 WHOKNOWS :: WHOKNOWS-THINK [Administrator] 06.08.2013 14:38:21 mbam-log-2013-08-06 (14-38-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248711 Laufzeit: 3 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c012468e00b1354682943c9b34d052af
# engine=14671
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-06 01:26:29
# local_time=2013-08-06 03:26:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2275758 127425439 0 0
# compatibility_mode=8450 16777213 85 98 6954 61555153 0 0
# scanned=335134
# found=0
# cleaned=0
# scan_time=2467
Können wir dann Rechner noch aufräumen? :-D Geändert von Pixeltina (06.08.2013 um 14:28 Uhr) |
|
07.08.2013, 14:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2013, 14:58
| #9 |
| | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Nein, sieht wieder alles gut aus. Was mir noch Sorgen macht, ist, dass ich von Google immer mal diese Meldung mit dem ungewöhnlichen Traffic bekomme und den Captcha eingeben muss. Nun bin ich hier oft im Uni-Netz und die IPs sind nicht absolut statisch. Meinst du, ich habe da was drauf oder ist es eine Falschmeldung? |
|
07.08.2013, 15:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2013, 15:36
| #11 | |
| | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?Zitat:
Räumen wir jetzt noch die Software wieder vom Rechner runter? |
|
07.08.2013, 15:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen? |
| dateien, entfern, gefunde, hallo zusammen, malwarebytes, pup.optional., pup.optional.tarma.a, unternehmen, zusammen |
Linear-Darstellung
