|
Log-Analyse und Auswertung: snapdo kann nicht aus systemsteuerung entfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.03.2014, 01:55 | #1 |
| snapdo kann nicht aus systemsteuerung entfernt werden Hallo, ich habe mir snapdo eingefangen, habe es aber, so weit ich weiß, mit verschiedenen Programmen ( malwarebyte, adwcleaner) von firefox entfernen können. Wenn ich es aus der Systemsteuerung deinstallieren möchte, kommt immer der Hinweis, dass die Informationsquelle nicht zur Verfügung steht. da weiß ich leider nicht, wie ich weiterkommen soll.schonmal vielen dank |
30.03.2014, 03:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | snapdo kann nicht aus systemsteuerung entfernt werden Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
30.03.2014, 08:10 | #3 |
| snapdo kann nicht aus systemsteuerung entfernt werden den Scan mit Farbar's Recovery Scan Tool habe ich schon gemacht, aber vergessen zu posten.das war aber leider bisher auch nicht erfolgreich
__________________ |
30.03.2014, 08:15 | #4 |
| snapdo kann nicht aus systemsteuerung entfernt werden FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Neuha_000 (administrator) on NEVADA on 30-03-2014 01:25:11 Running from C:\Users\Neuha_000\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Dropbox, Inc.) C:\Users\Neuha_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\InDesign.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Farbar) C:\Users\Neuha_000\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-10-01] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3701953606-3288909924-4052013988-1002\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3701953606-3288909924-4052013988-1002\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-3701953606-3288909924-4052013988-1002\...\MountPoints2: {72820eaf-273f-11e3-be6c-806e6f6e6963} - "D:\Autorun.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-20] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-20] (NVIDIA Corporation) Startup: C:\Users\Neuha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Neuha_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Neuha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk ShortcutTarget: Product Registration.lnk -> C:\Users\Neuha_000\AppData\Local\Temp\is-L145B.tmp\ATR1.exe (Leader Technologies/Atari) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {1412151E-204D-4296-B39D-B7F1150C0300} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: The weDownload Manager - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Neuha_000\AppData\Roaming\Mozilla\Firefox\Profiles\25ap5sq8.default-1396097256838 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Neuha_000\AppData\Roaming\Mozilla\Firefox\Profiles\25ap5sq8.default-1396097256838\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-29] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-01-29] FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-01-29] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-23] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-29] (IObit) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-30 01:23 - 2014-03-30 01:25 - 00017757 _____ () C:\Users\Neuha_000\Downloads\FRST.txt 2014-03-30 01:23 - 2014-03-30 01:25 - 00000000 ____D () C:\FRST 2014-03-30 01:23 - 2014-03-30 01:24 - 00038515 _____ () C:\Users\Neuha_000\Downloads\Addition.txt 2014-03-30 01:23 - 2014-03-30 01:23 - 02157056 _____ (Farbar) C:\Users\Neuha_000\Downloads\FRST64(1).exe 2014-03-30 01:21 - 2014-03-30 01:21 - 00000252 _____ () C:\Users\Neuha_000\Downloads\defogger_enable.log 2014-03-30 01:19 - 2014-03-30 01:19 - 00000480 _____ () C:\Users\Neuha_000\Downloads\defogger_disable.log 2014-03-30 01:18 - 2014-03-30 01:18 - 00050477 _____ () C:\Users\Neuha_000\Downloads\Defogger(1).exe 2014-03-30 01:16 - 2014-03-30 01:16 - 00050477 _____ () C:\Users\Neuha_000\Downloads\Defogger.exe 2014-03-30 01:04 - 2014-03-30 01:14 - 00018691 _____ () C:\Windows\WindowsUpdate.log 2014-03-30 00:56 - 2014-03-30 00:56 - 00347816 _____ (Microsoft Corporation) C:\Users\Neuha_000\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34319566669141803.6.1.Run.exe 2014-03-30 00:26 - 2014-03-30 00:26 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-30 00:26 - 2014-03-30 00:26 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-03-30 00:26 - 2014-03-30 00:26 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-30 00:24 - 2014-03-30 00:25 - 03710504 _____ (Piriform Ltd) C:\Users\Neuha_000\Downloads\ccsetup412_slim.exe 2014-03-29 23:43 - 2014-03-29 23:43 - 00987442 _____ () C:\Users\Neuha_000\Downloads\SecurityCheck.exe 2014-03-29 17:36 - 2014-03-29 17:36 - 02347384 _____ (ESET) C:\Users\Neuha_000\Downloads\esetsmartinstaller_enu.exe 2014-03-29 17:36 - 2014-03-29 17:36 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-29 17:35 - 2014-03-29 17:35 - 00015822 _____ () C:\Users\Neuha_000\Downloads\SystemLook.txt 2014-03-29 17:34 - 2014-03-29 17:34 - 00165376 _____ () C:\Users\Neuha_000\Downloads\SystemLook_x64.exe 2014-03-29 16:12 - 2014-03-29 16:12 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\NVIDIA Corporation 2014-03-29 16:11 - 2014-03-29 16:13 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\NVIDIA 2014-03-29 16:10 - 2014-03-29 16:10 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-03-29 16:09 - 2014-03-29 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-03-29 16:05 - 2013-02-20 21:25 - 01110024 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-03-29 16:05 - 2013-02-20 21:25 - 00245872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-29 15:35 - 2014-03-29 17:00 - 00000000 ____D () C:\rei 2014-03-29 15:35 - 2014-03-29 15:35 - 00000000 ____D () C:\Program Files\Reimage 2014-03-29 15:11 - 2014-03-29 17:00 - 00000000 ____D () C:\Users\Neuha_000\Downloads\backups 2014-03-29 15:07 - 2014-03-29 15:07 - 00012617 _____ () C:\Users\Neuha_000\Downloads\hijackthis.log 2014-03-29 14:46 - 2014-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator 2014-03-29 13:58 - 2014-03-29 13:58 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-29 13:58 - 2014-03-29 13:58 - 00000000 _____ () C:\autoexec.bat 2014-03-29 13:57 - 2014-03-29 17:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-29 13:56 - 2014-03-29 13:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Neuha_000\Downloads\SpyHunter-Installer.exe 2014-03-29 13:43 - 2014-03-29 17:02 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\ProductData 2014-03-29 13:43 - 2014-03-29 17:02 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-29 13:43 - 2014-03-29 17:02 - 00000000 ____D () C:\ProgramData\IObit 2014-03-29 13:43 - 2014-03-29 13:43 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\IObit 2014-03-29 13:43 - 2014-03-29 13:43 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-03-29 13:42 - 2014-03-29 13:42 - 12569408 _____ (IObit) C:\Users\Neuha_000\Downloads\iobituninstaller_3.2.0.128.exe 2014-03-29 13:12 - 2014-03-29 13:12 - 01950720 _____ () C:\Users\Neuha_000\Downloads\adwcleaner_3.022.exe 2014-03-29 13:10 - 2014-03-29 23:55 - 00000401 _____ () C:\Users\Neuha_000\Desktop\regfix.reg 2014-03-29 00:37 - 2014-03-29 00:37 - 00000093 ____H () C:\Users\Neuha_000\Desktop\.~lock.ccc.docx# 2014-03-29 00:34 - 2014-03-29 00:34 - 55633177 _____ (7-PDF, Germany ) C:\Users\Neuha_000\Downloads\7p141.exe 2014-03-29 00:32 - 2014-03-29 00:32 - 00000000 ____D () C:\Program Files (x86)\gs 2014-03-29 00:30 - 2014-03-29 00:31 - 00000000 ____D () C:\Users\gs9.14 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\zlib 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\trio 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\libpng 2014-03-29 00:29 - 2014-03-29 00:29 - 13044626 _____ () C:\Users\Neuha_000\Downloads\gs914w32.exe 2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\WordToPDF 2014-03-29 00:27 - 2014-03-29 00:27 - 01594813 _____ (Mario Noack ) C:\Users\Neuha_000\Downloads\SetupWordToPDF_237_v2.9.exe 2014-03-29 00:21 - 2014-03-29 00:22 - 05048488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-29 00:16 - 2014-03-29 00:23 - 04205376 _____ (Softland ) C:\Users\Neuha_000\Downloads\dopdf-7.exe 2014-03-29 00:16 - 2014-03-29 00:16 - 00709352 _____ ( ) C:\Users\Neuha_000\Downloads\COMPUTER_BILD-Download-Manager_fuer_dopdf-7.exe 2014-03-29 00:16 - 2014-03-29 00:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Softland 2014-03-29 00:16 - 2014-03-29 00:16 - 00000000 ____D () C:\Program Files\Softland 2014-03-29 00:16 - 2014-01-10 15:43 - 00007549 _____ () C:\Windows\system32\dopdf7.ctm 2014-03-28 23:48 - 2014-03-28 23:48 - 16204160 _____ (Geek Software GmbH ) C:\Users\Neuha_000\Downloads\pdf24-creator-6.3.2(1).exe 2014-03-28 17:19 - 2014-03-28 17:19 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\PDF24 2014-03-28 17:18 - 2014-03-28 17:18 - 16204160 _____ (Geek Software GmbH ) C:\Users\Neuha_000\Downloads\pdf24-creator-6.3.2.exe 2014-03-28 17:16 - 2014-03-29 01:00 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Opera Software 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\Opera Software 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Program Files (x86)\Acro Software 2014-03-28 17:16 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll 2014-03-28 17:15 - 2014-03-28 17:15 - 02003352 _____ (Acro Software Inc. ) C:\Users\Neuha_000\Downloads\CuteWriter.exe 2014-03-28 15:35 - 2014-03-29 00:04 - 00001456 _____ () C:\Users\Neuha_000\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 2014-03-23 20:21 - 2014-03-23 20:21 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\com.adobe.dmp.contentviewer 2014-03-23 18:39 - 2014-03-23 18:39 - 00114448 _____ () C:\Users\Neuha_000\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-23 18:39 - 2014-03-23 18:39 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\PDF Architect 2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\Neuha_000\Documents\PDF Architect Files 2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-23 18:36 - 2014-03-23 18:36 - 69734576 _____ (pdfforge ) C:\Users\Neuha_000\Downloads\PDFCreator-1_7_2_setup_offline.exe 2014-03-17 17:32 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-17 17:32 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-17 17:32 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-17 17:32 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-17 15:36 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-17 15:36 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-17 15:36 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-03-17 15:36 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-03-17 15:36 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-17 15:36 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-17 15:36 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-17 15:36 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-17 15:36 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-17 15:36 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-17 15:36 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-17 15:36 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-17 15:36 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-17 15:36 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-17 15:36 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-17 15:36 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-03-17 15:36 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-17 15:35 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-17 15:35 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-17 15:35 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-17 15:35 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-06 19:26 - 2014-03-06 19:26 - 26732368 _____ () C:\Users\Neuha_000\Downloads\karneval.zip 2014-03-01 15:05 - 2014-03-01 15:05 - 00000000 ____D () C:\Program Files\McAfee Security Scan ==================== One Month Modified Files and Folders ======= 2014-03-30 01:25 - 2014-03-30 01:23 - 00017757 _____ () C:\Users\Neuha_000\Downloads\FRST.txt 2014-03-30 01:25 - 2014-03-30 01:23 - 00000000 ____D () C:\FRST 2014-03-30 01:25 - 2014-02-16 19:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-30 01:24 - 2014-03-30 01:23 - 00038515 _____ () C:\Users\Neuha_000\Downloads\Addition.txt 2014-03-30 01:23 - 2014-03-30 01:23 - 02157056 _____ (Farbar) C:\Users\Neuha_000\Downloads\FRST64(1).exe 2014-03-30 01:21 - 2014-03-30 01:21 - 00000252 _____ () C:\Users\Neuha_000\Downloads\defogger_enable.log 2014-03-30 01:21 - 2014-01-17 14:58 - 00000000 ____D () C:\Users\Neuha_000 2014-03-30 01:19 - 2014-03-30 01:19 - 00000480 _____ () C:\Users\Neuha_000\Downloads\defogger_disable.log 2014-03-30 01:18 - 2014-03-30 01:18 - 00050477 _____ () C:\Users\Neuha_000\Downloads\Defogger(1).exe 2014-03-30 01:16 - 2014-03-30 01:16 - 00050477 _____ () C:\Users\Neuha_000\Downloads\Defogger.exe 2014-03-30 01:14 - 2014-03-30 01:04 - 00018691 _____ () C:\Windows\WindowsUpdate.log 2014-03-30 01:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2014-03-30 00:56 - 2014-03-30 00:56 - 00347816 _____ (Microsoft Corporation) C:\Users\Neuha_000\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34319566669141803.6.1.Run.exe 2014-03-30 00:26 - 2014-03-30 00:26 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-30 00:26 - 2014-03-30 00:26 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-03-30 00:26 - 2014-03-30 00:26 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-30 00:26 - 2014-01-28 00:28 - 00000000 ____D () C:\Windows\Minidump 2014-03-30 00:26 - 2014-01-17 21:48 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\CrashDumps 2014-03-30 00:26 - 2013-04-18 11:11 - 00000000 ____D () C:\Windows\Panther 2014-03-30 00:25 - 2014-03-30 00:24 - 03710504 _____ (Piriform Ltd) C:\Users\Neuha_000\Downloads\ccsetup412_slim.exe 2014-03-30 00:00 - 2013-09-27 08:56 - 00000000 ____D () C:\ProgramData\install_clap 2014-03-29 23:55 - 2014-03-29 13:10 - 00000401 _____ () C:\Users\Neuha_000\Desktop\regfix.reg 2014-03-29 23:43 - 2014-03-29 23:43 - 00987442 _____ () C:\Users\Neuha_000\Downloads\SecurityCheck.exe 2014-03-29 19:45 - 2014-02-02 20:47 - 00000000 ___RD () C:\Users\Neuha_000\Desktop\Kamera-Uploads from Nico 2014-03-29 17:36 - 2014-03-29 17:36 - 02347384 _____ (ESET) C:\Users\Neuha_000\Downloads\esetsmartinstaller_enu.exe 2014-03-29 17:36 - 2014-03-29 17:36 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-29 17:35 - 2014-03-29 17:35 - 00015822 _____ () C:\Users\Neuha_000\Downloads\SystemLook.txt 2014-03-29 17:34 - 2014-03-29 17:34 - 00165376 _____ () C:\Users\Neuha_000\Downloads\SystemLook_x64.exe 2014-03-29 17:05 - 2014-01-17 15:48 - 00000000 ___RD () C:\Users\Neuha_000\Dropbox 2014-03-29 17:05 - 2014-01-17 15:45 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Dropbox 2014-03-29 17:03 - 2014-03-29 13:57 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-29 17:03 - 2013-09-27 08:39 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-03-29 17:03 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries 2014-03-29 17:03 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-29 17:02 - 2014-03-29 13:43 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\ProductData 2014-03-29 17:02 - 2014-03-29 13:43 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-29 17:02 - 2014-03-29 13:43 - 00000000 ____D () C:\ProgramData\IObit 2014-03-29 17:02 - 2014-01-17 15:01 - 00000000 ___RD () C:\Users\Neuha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-29 17:02 - 2013-09-27 08:39 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-29 17:02 - 2013-09-27 08:39 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-29 17:02 - 2013-09-27 08:39 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-03-29 17:02 - 2013-09-27 08:39 - 00000000 ____D () C:\Windows\system32\NV 2014-03-29 17:02 - 2013-09-27 08:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-29 17:02 - 2013-09-27 08:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-29 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\Help 2014-03-29 17:01 - 2014-02-16 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 17:01 - 2014-01-29 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 17:01 - 2013-09-27 08:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-29 17:01 - 2013-04-18 11:05 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-03-29 17:00 - 2014-03-29 15:35 - 00000000 ____D () C:\rei 2014-03-29 17:00 - 2014-03-29 15:11 - 00000000 ____D () C:\Users\Neuha_000\Downloads\backups 2014-03-29 17:00 - 2014-02-17 14:12 - 00000000 ____D () C:\Users\Neuha_000\Desktop\BROTHER 2014-03-29 16:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration 2014-03-29 16:57 - 2013-09-27 08:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-29 16:13 - 2014-03-29 16:11 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\NVIDIA 2014-03-29 16:12 - 2014-03-29 16:12 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\NVIDIA Corporation 2014-03-29 16:12 - 2014-03-29 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-03-29 16:10 - 2014-03-29 16:10 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-03-29 15:35 - 2014-03-29 15:35 - 00000000 ____D () C:\Program Files\Reimage 2014-03-29 15:17 - 2014-03-29 14:46 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator 2014-03-29 15:07 - 2014-03-29 15:07 - 00012617 _____ () C:\Users\Neuha_000\Downloads\hijackthis.log 2014-03-29 13:58 - 2014-03-29 13:58 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-29 13:58 - 2014-03-29 13:58 - 00000000 _____ () C:\autoexec.bat 2014-03-29 13:56 - 2014-03-29 13:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Neuha_000\Downloads\SpyHunter-Installer.exe 2014-03-29 13:47 - 2014-02-01 22:28 - 00000000 ____D () C:\Users\Neuha_000\Desktop\Alte Firefox-Daten 2014-03-29 13:43 - 2014-03-29 13:43 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\IObit 2014-03-29 13:43 - 2014-03-29 13:43 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-03-29 13:42 - 2014-03-29 13:42 - 12569408 _____ (IObit) C:\Users\Neuha_000\Downloads\iobituninstaller_3.2.0.128.exe 2014-03-29 13:18 - 2014-02-01 17:16 - 00000000 ____D () C:\AdwCleaner 2014-03-29 13:12 - 2014-03-29 13:12 - 01950720 _____ () C:\Users\Neuha_000\Downloads\adwcleaner_3.022.exe 2014-03-29 13:02 - 2014-01-20 23:06 - 00000000 ____D () C:\Brother 2014-03-29 12:45 - 2014-01-29 15:36 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\Adobe 2014-03-29 03:42 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-03-29 01:00 - 2014-03-28 17:16 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-29 00:37 - 2014-03-29 00:37 - 00000093 ____H () C:\Users\Neuha_000\Desktop\.~lock.ccc.docx# 2014-03-29 00:34 - 2014-03-29 00:34 - 55633177 _____ (7-PDF, Germany ) C:\Users\Neuha_000\Downloads\7p141.exe 2014-03-29 00:32 - 2014-03-29 00:32 - 00000000 ____D () C:\Program Files (x86)\gs 2014-03-29 00:31 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\zlib 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\trio 2014-03-29 00:30 - 2014-03-29 00:30 - 00000000 ____D () C:\Users\gs9.14\libpng 2014-03-29 00:30 - 2014-01-29 15:52 - 00001990 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2014-03-29 00:30 - 2014-01-29 15:40 - 00000000 ____D () C:\ProgramData\Adobe 2014-03-29 00:29 - 2014-03-29 00:29 - 13044626 _____ () C:\Users\Neuha_000\Downloads\gs914w32.exe 2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\WordToPDF 2014-03-29 00:27 - 2014-03-29 00:27 - 01594813 _____ (Mario Noack ) C:\Users\Neuha_000\Downloads\SetupWordToPDF_237_v2.9.exe 2014-03-29 00:23 - 2014-03-29 00:16 - 04205376 _____ (Softland ) C:\Users\Neuha_000\Downloads\dopdf-7.exe 2014-03-29 00:22 - 2014-03-29 00:21 - 05048488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-29 00:16 - 2014-03-29 00:16 - 00709352 _____ ( ) C:\Users\Neuha_000\Downloads\COMPUTER_BILD-Download-Manager_fuer_dopdf-7.exe 2014-03-29 00:16 - 2014-03-29 00:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Softland 2014-03-29 00:16 - 2014-03-29 00:16 - 00000000 ____D () C:\Program Files\Softland 2014-03-29 00:04 - 2014-03-28 15:35 - 00001456 _____ () C:\Users\Neuha_000\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2014-03-28 23:48 - 2014-03-28 23:48 - 16204160 _____ (Geek Software GmbH ) C:\Users\Neuha_000\Downloads\pdf24-creator-6.3.2(1).exe 2014-03-28 21:02 - 2014-01-30 15:16 - 00350720 ___SH () C:\Users\Neuha_000\Downloads\Thumbs.db 2014-03-28 17:19 - 2014-03-28 17:19 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\PDF24 2014-03-28 17:18 - 2014-03-28 17:18 - 16204160 _____ (Geek Software GmbH ) C:\Users\Neuha_000\Downloads\pdf24-creator-6.3.2.exe 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Opera Software 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Users\Neuha_000\AppData\Local\Opera Software 2014-03-28 17:16 - 2014-03-28 17:16 - 00000000 ____D () C:\Program Files (x86)\Acro Software 2014-03-28 17:15 - 2014-03-28 17:15 - 02003352 _____ (Acro Software Inc. ) C:\Users\Neuha_000\Downloads\CuteWriter.exe 2014-03-28 17:06 - 2014-01-17 15:48 - 00000000 ___RD () C:\Users\Neuha_000\Desktop\Le Gurp 389 2014-03-28 15:34 - 2014-01-17 15:00 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\Adobe 2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 2014-03-23 20:21 - 2014-03-23 20:21 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\com.adobe.dmp.contentviewer 2014-03-23 18:39 - 2014-03-23 18:39 - 00114448 _____ () C:\Users\Neuha_000\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-23 18:39 - 2014-03-23 18:39 - 00000000 ____D () C:\Users\Neuha_000\AppData\Roaming\PDF Architect 2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\Neuha_000\Documents\PDF Architect Files 2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-23 18:36 - 2014-03-23 18:36 - 69734576 _____ (pdfforge ) C:\Users\Neuha_000\Downloads\PDFCreator-1_7_2_setup_offline.exe 2014-03-21 21:45 - 2014-01-18 03:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-21 21:44 - 2014-01-18 03:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-21 21:43 - 2014-01-31 18:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-20 01:02 - 2013-09-27 17:32 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-03-20 01:02 - 2013-09-27 17:32 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-03-20 01:02 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-20 00:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-19 22:40 - 2014-02-11 21:13 - 00011776 ___SH () C:\Users\Neuha_000\Desktop\Thumbs.db 2014-03-17 20:41 - 2014-01-17 15:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3701953606-3288909924-4052013988-1002 2014-03-17 20:24 - 2014-01-17 15:01 - 00000000 ___RD () C:\Users\Neuha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-17 20:22 - 2014-02-07 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 20:22 - 2014-02-07 14:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-17 20:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData 2014-03-17 20:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-17 20:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-17 20:21 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-17 20:21 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 14:25 - 2014-02-22 18:25 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-12 14:25 - 2014-02-16 19:29 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-06 19:26 - 2014-03-06 19:26 - 26732368 _____ () C:\Users\Neuha_000\Downloads\karneval.zip 2014-03-04 23:52 - 2014-01-20 00:26 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:52 - 2014-01-20 00:26 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 15:05 - 2014-03-01 15:05 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-01 15:05 - 2014-02-16 19:29 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk Files to move or delete: ==================== C:\Windows\SysWOW64\nvinit.dll Some content of TEMP: ==================== C:\Users\Neuha_000\AppData\Local\Temp\1390490966_the_wedownload_manager_1.exe C:\Users\Neuha_000\AppData\Local\Temp\BackupSetup.exe C:\Users\Neuha_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplygnne.dll C:\Users\Neuha_000\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_dopdf-7.exe C:\Users\Neuha_000\AppData\Local\Temp\InstallPlugin.exe C:\Users\Neuha_000\AppData\Local\Temp\octCA4B.tmp.exe C:\Users\Neuha_000\AppData\Local\Temp\promote-upx.exe C:\Users\Neuha_000\AppData\Local\Temp\Quarantine.exe C:\Users\Neuha_000\AppData\Local\Temp\SHSetup.exe C:\Users\Neuha_000\AppData\Local\Temp\SIntf16.dll C:\Users\Neuha_000\AppData\Local\Temp\SIntf32.dll C:\Users\Neuha_000\AppData\Local\Temp\SIntfNT.dll C:\Users\Neuha_000\AppData\Local\Temp\_isA209.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 17:38 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Neuha_000 at 2014-03-30 01:25:24 Running from C:\Users\Neuha_000\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated) Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) FuzeZip (HKCU\...\FuzeZip) (Version: 1.0.0.134605 - Koyote-Lab Inc.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3089 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft PowerPoint Packages (HKCU\...\Microsoft PowerPoint Packages) (Version: - ) <==== ATTENTION Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA Grafiktreiber 311.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.30 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 311.30 (Version: 311.30 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer) ownCloud (HKLM-x32\...\ownCloud) (Version: 1.5.0.1913 - ownCloud, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.) RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari) Scansoft PDF Professional (x32 Version: - ) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Snap.Do (HKLM-x32\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) ==================== Restore Points ========================= 17-03-2014 17:15:58 Geplanter Prüfpunkt 21-03-2014 20:41:39 Windows Update 29-03-2014 12:57:45 Installed SpyHunter 29-03-2014 15:54:48 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2012-07-26 06:26 - 2014-01-29 16:19 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0415E83A-C80D-4AA4-A749-95B17DE82C6D} - \The weDownload Manager-enabler No Task File Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {57A0E76A-457B-4DF8-885A-66813E1C5828} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate) Task: {76D74FA8-F72E-4965-8CB5-D45916FCC958} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {850735D2-237F-4D89-AE24-83FAD458205D} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {94F96968-6F3D-4145-89A7-542E7CC3B111} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {A2793DD3-6EE1-49B2-88A1-195C8258862B} - \The weDownload Manager-updater No Task File Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AC2D978C-20E9-4361-AA4E-DE36E084C595} - \The weDownload Manager-codedownloader No Task File Task: {C18A4F0B-0469-454A-B9EE-0C64DA2A4068} - \The weDownload Manager-firefoxinstaller No Task File Task: {C682D4AD-03C6-4D5E-9104-D40D5D654145} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D6C683B4-CA2E-4520-AC57-A765AC31FD85} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {DF9D7853-68AB-4940-AB23-6CFBE088E0E8} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-Neuhausyasmin@aol.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] () Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EC46389F-27ED-4F43-BF8E-110B9C97BFCC} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-01-20 23:06 - 2005-04-22 05:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll 2013-09-27 07:57 - 2013-04-02 05:42 - 00176024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-01-24 23:09 - 2013-01-24 23:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-24 23:05 - 2013-01-24 23:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-01-24 23:12 - 2013-01-24 23:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-03-28 17:16 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-03-29 17:05 - 2014-03-29 17:05 - 00041984 _____ () C:\Users\Neuha_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplygnne.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Neuha_000\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-20 23:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2010-10-25 15:15 - 2010-10-25 15:15 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu 2013-09-27 08:29 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00035328 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\boost_threads.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00066560 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\boost_filesystem.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00649216 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\boost_regex.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00012800 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\boost_system.dll 2011-03-10 23:55 - 2011-03-10 23:55 - 00063328 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\ASLSupport.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00026112 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\tbbmalloc.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00379056 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\Plug-ins\Filters\Sangam Readers\Reader For PageMaker.smrd 2011-03-10 16:40 - 2011-03-10 16:40 - 00122032 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\PMFileReader.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00051376 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\ALDFS32CJK.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00046256 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\ALDVM32CJK.dll 2011-03-10 16:40 - 2011-03-10 16:40 - 00095136 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS5.5\unihan.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-01-12 07:08 - 2011-01-12 07:08 - 00060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll 2014-03-29 13:56 - 2014-02-16 20:04 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Bluetooth USB Module Description: Bluetooth USB Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/29/2014 11:39:09 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (03/29/2014 11:27:57 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:27:57.545]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:27:57 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:27:57.544]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:24:43 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:24:43.641]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:24:43 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:24:43.640]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:22:48 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:22:48.047]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:22:48 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:22:48.047]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:16:54 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:16:54.769]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:16:54 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/29 23:16:54.769]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:00:25 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. System errors: ============= Error: (03/29/2014 04:55:19 PM) (Source: DCOM) (User: NEVADA) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/29/2014 03:54:58 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 29.03.2014 um 15:51:12 unerwartet heruntergefahren. Error: (03/29/2014 03:18:06 PM) (Source: NETLOGON) (User: ) Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error: (03/29/2014 03:18:00 PM) (Source: Service Control Manager) (User: ) Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts. Error: (03/29/2014 03:18:00 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird. Error: (03/29/2014 03:13:53 PM) (Source: NETLOGON) (User: ) Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error: (03/29/2014 03:13:46 PM) (Source: Service Control Manager) (User: ) Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts. Error: (03/29/2014 03:13:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird. Error: (03/29/2014 00:54:25 AM) (Source: DCOM) (User: NEVADA) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NevadaNeuha_000S-1-5-21-3701953606-3288909924-4052013988-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/29/2014 00:54:25 AM) (Source: DCOM) (User: NEVADA) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NevadaNeuha_000S-1-5-21-3701953606-3288909924-4052013988-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (03/29/2014 11:39:09 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (03/29/2014 11:27:57 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:27:57.545]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:27:57 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:27:57.544]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:24:43 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:24:43.641]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:24:43 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:24:43.640]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:22:48 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:22:48.047]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:22:48 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:22:48.047]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:16:54 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:16:54.769]: [00004296]: Initialize TwdsMain Class failed! Error: (03/29/2014 11:16:54 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/29 23:16:54.769]: [00004296]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/29/2014 11:00:25 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Neuha_000\Downloads\esetsmartinstaller_deu.exe ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8072.27 MB Available physical RAM: 5362.89 MB Total Pagefile: 9288.27 MB Available Pagefile: 6525.89 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:680.83 GB) (Free:586.89 GB) NTFS Drive d: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 49D4C129) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:07:10, on 29.03.2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16843) Boot mode: Normal Running processes: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Users\Neuha_000\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Users\Neuha_000\Downloads\hijackthis_5833.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O4 - Startup: Dropbox.lnk = Neuha_000\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Product Registration.lnk = Neuha_000\AppData\Local\Temp\is-L145B.tmp\ATR1.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12615 bytes |
30.03.2014, 08:17 | #5 |
| snapdo kann nicht aus systemsteuerung entfernt werden und das ist von malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.01.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Neuha_000 :: NEVADA [Administrator] 01.02.2014 14:38:17 mbam-log-2014-02-01 (14-38-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 518320 Laufzeit: 2 Stunde(n), 16 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 3 C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> 2220 -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> 2332 -> Keine Aktion durchgeführt. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1380 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 1 C:\Users\Neuha_000\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 31 HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{a4f32137-598e-41b6-b601-9965084c8f08} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\Interface\{C64BA349-1F34-4BFC-8D23-A317279D0CB9} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0049074.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0049074.BHO.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0049074.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0049074.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt. HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\weDownload (PUP.Optional.WeDownload.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt. HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110411901174} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440444904474} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550455905574} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Neuha_000\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0Q1O2W1R1D0D1S1J -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 9 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bösartig: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Gut: () -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP249428AC-DE8A-4D5D-8ABA-583AFDF93F82&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.sweet-page.com/?type=sc&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T) Gut: (firefox.exe) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T) Gut: (iexplore.exe) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt. HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1391083583&from=cor&uid=TOSHIBAXMQ01ABD075_83DVT755TXX83DVT755T) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 24 C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\plugins (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 110 C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\RightSurfBHO.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NF1VQ5A\spstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZIJH5VH\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSA04VKN\Setup[1].exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\ICReinstall_microsoft-powerpoint.exe (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\nsd5962.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\nsi73D0.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\nsr574D.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\nst7596.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\fullpackage_temp1391083543\package1.zip (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\fullpackage_temp1391083543\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Local\Temp\nsl2D6E\SpSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\Documents\arschmarsch\Filme\yasminsdudelding\iLividSetup-r542-n-bf.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\Documents\arschmarsch\Filme\yasminsdudelding\sysrc_trial_25044.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\Downloads\microsoft powerpoint 2010 setup.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\Downloads\microsoft-powerpoint.exe (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml (PUP.Optional.SweetPage.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\RightSurf.ico (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\RightSurfUninstall.exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\updateRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll.old.93512796-6e09-406f-a23f-b105f7a459a8 (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\RightSurfBrowserFilter.exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\sqlite3.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.CompatibilityChecker.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.FFUpdate.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.IEUpdate.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Neuha_000\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt. (Ende) |
30.03.2014, 22:45 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | snapdo kann nicht aus systemsteuerung entfernt werdenZitat:
Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Mindestens das Adobe CS5.5/6 scheint bei dir illegal zu sein. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ --> snapdo kann nicht aus systemsteuerung entfernt werden |