| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lollipop Network S.L deinstalierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2014, 05:36
| #1 |
| |  Lollipop Network S.L deinstalieren Hallo Ich weiß nicht wo ich mir das runter gezogen habe. Im Internet habe ich nachgeschaut was es ist weil ich es nicht deinstallieren kann . wenn ich in die Systemsteuerung gehe und das anklicke und auf deinstallieren gehe passiert nix. Würde das gern so schnell wie möglich von meinem Notebook mit (win7) runter haben wollen. Laut Datum hab ich das wohl seid dem 21.02.2014 drauf. Grad die Erreignisse von Antivir gecheckt .. das Lollipop taucht da nicht auf aber dafür 2 weitere Trojaner  Lieben Dank schon mal im voraus für eure Hilfe.  |
|
27.04.2014, 05:49
| #2 |
| /// the machine /// TB-Ausbilder    |  Lollipop Network S.L deinstalieren hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.04.2014, 05:55
| #3 |
| | Lollipop Network S.L deinstalieren FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03
Ran by Mandy (administrator) on MANDY-PC on 27-04-2014 06:52:03
Running from C:\Users\Mandy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\003\xmkysecqun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Mandy\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
(Windows Net) C:\Users\Mandy\AppData\Roaming\Windows Net Data\net.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10821224 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-03-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [Google Update] => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-18] (Google Inc.)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Mandy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [lollipop_02241913] => lollipop_02241913
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [GoogleChromeAutoLaunch_176E77370D9312FCC40536E743CEB860] => C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {4c7b7547-9ac8-11e2-b545-a98b68f07187} - F:\Startme.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {772f2acc-12bb-11e2-8564-002682e4d21c} - F:\Startme.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {dd5093ae-0504-11e3-a5d4-810244db8389} - G:\autorun.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {f1880d4c-b85d-11e1-82ff-002682e4d21c} - F:\Startme.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mandy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_02241913.lnk
ShortcutTarget: lollipop_02241913.lnk -> C:\Users\Mandy\AppData\Local\Lollipop\lollipop_02241913.exe (No File)
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Mandy\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x14407D54DC3CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games
URLSearchHook: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
URLSearchHook: HKCU - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT2736476&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT2736476&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
SearchScopes: HKCU - {2624DF88-5E94-47C7-A590-A86912C54855} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AA1CE8C9-541D-4651-B46C-834CC57D8D92}&mid=98141d795cf547d0829bd16fc4003bef-818686da698e899c8909c8c1f70e3954f6c9b5ab&lang=de&ds=AVG&pr=pr&d=2013-01-30 16:14:42&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEPwdBankBHO Class - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {45177936-603b-4261-8d42-df6f7091d5d0} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mandy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mandy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-06]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-03-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-12]
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=55&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=55&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=58&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Mandy\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Extension: (Google Drive) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-13]
CHR Extension: (YouTube) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-13]
CHR Extension: (Google-Suche) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-13]
CHR Extension: (weDownload Manager Pro) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-04-07]
CHR Extension: (Skype Click to Call) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Mandy\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dcpfhaghaadpjpgocojgnlhjcieeooel] - C:\Program Files (x86)\Re-markit\150.crx [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Mandy\AppData\Local\Torch\Plugins\TorchPlugin.crx [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Mandy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-01-18]
CHR StartMenuInternet: Google Chrome - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-11-21] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-11-21] (DealPly Technologies Ltd)
R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [314736 2010-05-28] (Egis Technology Inc. )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-27] ()
==================== Drivers (Whitelisted) ====================
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)
R1 {2b4fc5ce-fd26-493c-97d3-e808aab73013}w64; C:\Windows\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys [61120 2014-04-24] (StdLib)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-27 06:52 - 2014-04-27 06:52 - 00026776 _____ () C:\Users\Mandy\Downloads\FRST.txt
2014-04-27 06:51 - 2014-04-27 06:52 - 00000000 ____D () C:\FRST
2014-04-27 06:50 - 2014-04-27 06:50 - 02061824 _____ (Farbar) C:\Users\Mandy\Downloads\FRST64.exe
2014-04-27 06:16 - 2014-04-27 06:16 - 00079440 _____ () C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-27 05:47 - 2014-04-27 05:47 - 00000000 ____D () C:\ProgramData\AVG Nation toolbar
2014-04-27 04:17 - 2014-04-27 04:17 - 00000000 ____D () C:\Users\Mandy\Desktop\Programm verknüpfungen
2014-04-27 04:05 - 2014-04-27 04:05 - 00000000 ____D () C:\Users\Mandy\Desktop\Abschied
2014-04-27 03:25 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-04-27 03:25 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-04-27 03:22 - 2014-04-27 03:23 - 00000000 ____D () C:\Program Files\003
2014-04-27 03:21 - 2014-04-27 03:21 - 00513424 _____ (installer) C:\Users\Mandy\Downloads\Anti-Malware.exe
2014-04-27 02:26 - 2014-04-27 04:23 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing
2014-04-27 02:26 - 2014-04-27 04:23 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-27 02:25 - 2014-04-27 02:25 - 00667216 _____ () C:\Users\Mandy\Downloads\wzmpis_9.exe
2014-04-25 08:43 - 2014-04-24 12:18 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys
2014-04-24 12:59 - 2014-04-27 04:15 - 00000000 ____D () C:\Users\Mandy\Desktop\tatto dresden
2014-04-24 11:58 - 2014-04-24 11:59 - 05290664 _____ (Canneverbe Limited ) C:\Users\Mandy\Desktop\nw_22713_cdbxpsetupexe.exe
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nero
2014-04-24 11:26 - 2014-04-27 04:21 - 00000000 ____D () C:\ProgramData\Nero
2014-04-22 11:06 - 2014-04-22 11:06 - 00821760 _____ (Browser Opt-out) C:\Users\Mandy\Downloads\uninstall.exe
2014-04-16 12:50 - 2014-04-16 12:50 - 00000000 ____D () C:\ProgramData\Datamngr
2014-04-11 21:43 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 21:43 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 21:43 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 21:43 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 21:41 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 21:41 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 21:41 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 21:41 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 21:41 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 21:41 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 21:41 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 21:41 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 21:41 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 21:41 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 21:41 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 21:41 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 17:22 - 2014-04-08 17:22 - 00610704 _____ () C:\Users\Mandy\Downloads\Java.exe
2014-04-04 17:38 - 2014-04-27 04:46 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-03-29 10:48 - 2014-03-29 10:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
==================== One Month Modified Files and Folders =======
2014-04-27 06:52 - 2014-04-27 06:52 - 00026776 _____ () C:\Users\Mandy\Downloads\FRST.txt
2014-04-27 06:52 - 2014-04-27 06:51 - 00000000 ____D () C:\FRST
2014-04-27 06:50 - 2014-04-27 06:50 - 02061824 _____ (Farbar) C:\Users\Mandy\Downloads\FRST64.exe
2014-04-27 06:20 - 2012-01-18 22:22 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job
2014-04-27 06:16 - 2014-04-27 06:16 - 00079440 _____ () C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-27 06:14 - 2014-02-18 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 06:04 - 2013-07-04 19:04 - 00000000 ____D () C:\Users\Mandy\Desktop\Sonstiges
2014-04-27 06:02 - 2011-06-12 22:22 - 00000000 ____D () C:\Program Files (x86)\fahrtenbuch.de
2014-04-27 06:01 - 2011-03-19 00:44 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Amazon
2014-04-27 06:01 - 2011-03-19 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 06:01 - 2011-03-19 00:41 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-27 05:50 - 2011-01-28 17:37 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\KeePass
2014-04-27 05:47 - 2014-04-27 05:47 - 00000000 ____D () C:\ProgramData\AVG Nation toolbar
2014-04-27 05:01 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 05:01 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 04:48 - 2013-12-10 16:12 - 00000000 ____D () C:\Users\Mandy\Desktop\Mäuse
2014-04-27 04:48 - 2013-09-08 21:09 - 00000000 ___RD () C:\Users\Mandy\Dropbox
2014-04-27 04:48 - 2013-09-08 21:06 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Dropbox
2014-04-27 04:46 - 2014-04-04 17:38 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-27 04:46 - 2011-02-10 18:19 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-27 04:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 04:30 - 2013-08-29 16:22 - 00014416 _____ () C:\ProgramData\hpzinstall.log
2014-04-27 04:30 - 2011-01-28 15:19 - 01482468 ____N () C:\Windows\WindowsUpdate.log
2014-04-27 04:25 - 2012-07-03 18:18 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-27 04:23 - 2014-04-27 02:26 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing
2014-04-27 04:23 - 2014-04-27 02:26 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-27 04:21 - 2014-04-24 11:26 - 00000000 ____D () C:\ProgramData\Nero
2014-04-27 04:17 - 2014-04-27 04:17 - 00000000 ____D () C:\Users\Mandy\Desktop\Programm verknüpfungen
2014-04-27 04:16 - 2014-02-17 16:36 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Task Coach
2014-04-27 04:16 - 2013-07-04 18:58 - 00000000 ____D () C:\Users\Mandy\Desktop\Larry
2014-04-27 04:16 - 2012-09-08 09:43 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe
2014-04-27 04:15 - 2014-04-24 12:59 - 00000000 ____D () C:\Users\Mandy\Desktop\tatto dresden
2014-04-27 04:05 - 2014-04-27 04:05 - 00000000 ____D () C:\Users\Mandy\Desktop\Abschied
2014-04-27 04:00 - 2014-02-18 18:58 - 00000000 ____D () C:\Users\Mandy\Desktop\Musik
2014-04-27 03:50 - 2012-07-03 18:25 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-04-27 03:50 - 2011-06-13 17:19 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-04-27 03:49 - 2014-01-17 15:05 - 00000000 ____D () C:\Program Files\Paint.NET
2014-04-27 03:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-27 03:24 - 2014-01-29 17:04 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-04-27 03:23 - 2014-04-27 03:22 - 00000000 ____D () C:\Program Files\003
2014-04-27 03:21 - 2014-04-27 03:21 - 00513424 _____ (installer) C:\Users\Mandy\Downloads\Anti-Malware.exe
2014-04-27 02:25 - 2014-04-27 02:25 - 00667216 _____ () C:\Users\Mandy\Downloads\wzmpis_9.exe
2014-04-27 01:06 - 2012-01-18 22:22 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job
2014-04-25 14:55 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-25 14:55 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-25 14:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 14:52 - 2009-07-14 04:34 - 00000540 _____ () C:\Windows\win.ini
2014-04-24 12:18 - 2014-04-25 08:43 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys
2014-04-24 11:59 - 2014-04-24 11:58 - 05290664 _____ (Canneverbe Limited ) C:\Users\Mandy\Desktop\nw_22713_cdbxpsetupexe.exe
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nero
2014-04-24 11:37 - 2014-01-17 17:51 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\OpenCandy
2014-04-24 11:20 - 2014-01-29 17:04 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001428 _____ () C:\Windows\Tasks\weDownload Manager Pro-updater.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001330 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001230 _____ () C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00002060 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000900 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-04-24 11:20 - 2013-01-31 22:07 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-04-23 09:18 - 2014-01-18 17:37 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Windows Net Data
2014-04-22 11:07 - 2014-03-27 20:06 - 00003114 _____ () C:\Windows\System32\Tasks\{0B346B95-34B3-4A24-84DD-205B67D207CC}
2014-04-22 11:07 - 2014-03-27 19:46 - 00003410 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-04-22 11:07 - 2014-01-29 17:04 - 00003146 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-22 11:07 - 2014-01-18 17:25 - 00003154 _____ () C:\Windows\System32\Tasks\{CE5F1AEA-F795-4BD1-904D-F652FB82B3B5}
2014-04-22 11:07 - 2013-11-21 18:13 - 00004470 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2014-04-22 11:07 - 2013-11-21 18:13 - 00004372 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2014-04-22 11:07 - 2013-11-21 18:13 - 00004272 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2014-04-22 11:07 - 2013-11-21 18:12 - 00003912 _____ () C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2014-04-22 11:07 - 2013-11-21 18:12 - 00003660 _____ () C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2014-04-22 11:07 - 2013-11-21 18:12 - 00003232 _____ () C:\Windows\System32\Tasks\Dealply
2014-04-22 11:07 - 2013-01-31 22:07 - 00002860 _____ () C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv
2014-04-22 11:07 - 2012-12-15 10:57 - 00003124 _____ () C:\Windows\System32\Tasks\{170D0736-078E-491F-9F80-A74C323939CB}
2014-04-22 11:06 - 2014-04-22 11:06 - 00821760 _____ (Browser Opt-out) C:\Users\Mandy\Downloads\uninstall.exe
2014-04-16 17:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 12:50 - 2014-04-16 12:50 - 00000000 ____D () C:\ProgramData\Datamngr
2014-04-14 13:30 - 2011-07-19 18:33 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 13:30 - 2011-07-19 18:33 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 13:25 - 2013-08-14 18:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 13:25 - 2011-01-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 13:21 - 2011-01-28 17:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 17:22 - 2014-04-08 17:22 - 00610704 _____ () C:\Users\Mandy\Downloads\Java.exe
2014-04-05 23:01 - 2011-07-19 18:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 23:01 - 2011-07-19 18:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-04 18:15 - 2012-01-18 22:22 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA
2014-04-04 18:15 - 2012-01-18 22:22 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core
2014-03-31 09:35 - 2011-01-28 16:29 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 07:10 - 2013-12-19 15:18 - 00000106 _____ () C:\Users\Mandy\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 21:43 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 21:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 21:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 21:43 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 10:48 - 2014-03-29 10:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Some content of TEMP:
====================
C:\Users\Mandy\AppData\Local\Temp\avgnt.exe
C:\Users\Mandy\AppData\Local\Temp\nsgB6CE.exe
C:\Users\Mandy\AppData\Local\Temp\SpOrder.dll
C:\Users\Mandy\AppData\Local\Temp\UNINSTALL.EXE
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 00:33
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2014 03
Ran by Mandy at 2014-04-27 06:52:34
Running from C:\Users\Mandy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
4500_G510gm_Help (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{01CC2860-A3CD-4D57-98A5-B202CA6B04ED}) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Angry Birds (HKLM-x32\...\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}) (Version: 1.6.2 - Rovio)
Angry Birds Rio (HKLM-x32\...\{E0B3F290-186B-46C8-BA95-F3D6542C2407}) (Version: 1.4.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
BioExcess (HKLM-x32\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.175 - Egis Technology Inc.)
BioExcess (x32 Version: 6.0.48.175 - Egis Technology Inc.) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dealply (HKCU\...\Dealply) (Version: - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Freeware.de Toolbar (HKLM-x32\...\Freeware.de Toolbar) (Version: 6.8.5.1 - Freeware.de)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Haushaltsbuch 8.9 DEMO (HKLM-x32\...\{41A43D52-79B2-4DCD-8ED5-0E62C2290529}) (Version: 8.9.46 - Reiners-Software)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 28264) (Version: 28264 - Intel)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Kalender-Excel-8.10 (HKLM-x32\...\Kalender-Excel-8.10_is1) (Version: 8.10 - MSDatec)
KeePass Password Safe 2.14 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.01.29.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lollipop (HKCU\...\lollipop_02241913) (Version: - Lollipop Network, S.L.) <==== ATTENTION
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Box Toolbar for Chrome (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarGC) (Version: 1.5.0.0 - APN LLC) <==== ATTENTION
Music Box Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarIE) (Version: 1.5.0.0 - APN LLC) <==== ATTENTION
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nitro Reader 2 (HKLM\...\{E9ABE702-55E6-40E4-B3BD-99D70BB3DF24}) (Version: 2.5.0.45 - Nitro PDF Software)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.7 - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
weDownload Manager Pro (HKLM-x32\...\weDownload Manager Pro) (Version: 1.30.153.1 - weDownload) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )
Windows-Treiberpaket - Intel (NETw5s64) net (01/13/2010 13.1.1.1) (HKLM\...\8C37689CB3B9356BF3244BEC3421F153D01BFDBF) (Version: 01/13/2010 13.1.1.1 - Intel)
Windows-Treiberpaket - Intel (NETw5v64) net (01/13/2010 13.1.1.1) (HKLM\...\B3385C3CDAEAA7DCB6E193F6C0058E2D7BAB12F6) (Version: 01/13/2010 13.1.1.1 - Intel)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
08-04-2014 15:39:36 Windows Update
14-04-2014 11:19:16 Windows Update
14-04-2014 11:40:37 Windows-Sicherung
18-04-2014 22:15:33 Windows Update
19-04-2014 01:00:10 Windows Update
22-04-2014 05:34:17 Windows Update
24-04-2014 09:25:18 Installed Nero Burning ROM 2014.
25-04-2014 06:55:15 Windows Update
27-04-2014 01:11:52 Removed Media Go
27-04-2014 01:24:42 Windows Defender Checkpoint
27-04-2014 01:40:07 Removed Media Go Video Playback Engine 2.0.117.09030
27-04-2014 01:41:40 Removed Nero Burning ROM 2014.
27-04-2014 01:45:47 Removed Nero Info.
27-04-2014 01:46:21 Removed Paint.NET v3.5.11
27-04-2014 02:20:16 Removed Nero Burning ROM 2014.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-09-08 11:22 - 00001339 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {07588F50-96A2-470E-9E40-F3F24825F252} - System32\Tasks\{EA4E805C-3B5A-407F-BB99-19D76C34E0E8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {086C3B7E-23D2-4DFE-8E89-779BBA875CC8} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: {30A7AA95-BB34-41FB-9889-CAA23CD85A29} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-11-21] (DealPly Technologies Ltd) <==== ATTENTION
Task: {551118CD-D315-4371-99D6-D777961A1BAA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {5EF8481D-BB28-4AE0-BB33-C0AAF8BB968C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {677356C1-F36D-4B42-B485-78671FA1110C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {67C3041E-1F9E-4BFD-AF8B-7651F929BB2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-24] (Adobe Systems Incorporated)
Task: {6FD08931-3374-4CB1-8C0A-D6D70E61E395} - System32\Tasks\weDownload Manager Pro-updater => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe <==== ATTENTION
Task: {77771C32-C2A1-4CAB-B80C-B20206CEFA05} - System32\Tasks\weDownload Manager Pro-enabler => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {7CB5B4C5-40D9-4B66-9A5E-83B631AB92D8} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {7D670F60-DEB7-4105-BA15-FBE07A7FA959} - System32\Tasks\Dealply => C:\Users\Mandy\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-11-21] () <==== ATTENTION
Task: {82C150D3-049A-4EFE-B292-C033EBA9A2CE} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {957CACE8-CE39-4F0D-A9AB-5AF0A944D023} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Mandy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {973F0E33-D391-4915-9B58-C096ED9B026B} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {A18A9D7B-CDE7-4138-9F7C-5B0F217E5D9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2A956D9-F265-43E8-9430-6A4C68C4249B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29] (Facebook Inc.)
Task: {C9935F27-6928-402D-AE52-2633AE6AE201} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {CAF365B8-9EBB-4580-AFCA-3F419B2D4999} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-11-21] (DealPly Technologies Ltd) <==== ATTENTION
Task: {E3F97FF8-66A5-4C1D-A8E3-4F7BEE48ED23} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29] (Facebook Inc.)
Task: {E9FAB387-AF21-41CD-B605-6BDF418788B0} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {EB3731B2-7007-49D9-A246-7CAF3AC6C37D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FCA93422-04A3-4CD0-BBB6-1EC5D276F369} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Mandy\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-enabler.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-updater.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-05-28 04:15 - 2010-05-28 04:15 - 01407344 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2012-12-13 11:22 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spdpsl.dll
2011-01-29 13:11 - 2008-06-04 08:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2006-12-08 14:00 - 2006-12-08 14:00 - 00022016 _____ () C:\Windows\System32\sugi1l6.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-27 03:23 - 2014-04-27 03:23 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2014-02-24 20:07 - 2014-03-01 23:03 - 02552856 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
2011-01-28 17:29 - 2011-01-02 12:16 - 00303104 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-03-27 19:45 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Mandy\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-09 17:15 - 2014-01-09 17:15 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-04-11 21:33 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 21:33 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-11 21:33 - 2014-04-02 03:58 - 13691720 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2014-03-27 19:45 - 2014-02-25 12:41 - 00394808 _____ () C:\program files (x86)\avira\antivir desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Mandy\AppData\Local\nZwo6biR:QdOPKihpVr4jI7XtY9
AlternateDataStreams: C:\Users\Mandy\AppData\Local\Temp:6VV9yyBKCcYMNXtPt1suU
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk => C:\Windows\pss\OpenOffice.org 3.4.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: icq => C:\Users\Mandy\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iMesh => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
MSCONFIG\startupreg: Intel AppUp(SM) center_Nagware => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe"
MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2014 04:25:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_Sony PC Companion, Version: 17.0.0.717, Zeitstempel: 0x4cab8cfa
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000494f3
ID des fehlerhaften Prozesses: 0x236c
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_Sony PC Companion0
Pfad der fehlerhaften Anwendung: setup.exe_Sony PC Companion1
Pfad des fehlerhaften Moduls: setup.exe_Sony PC Companion2
Berichtskennung: setup.exe_Sony PC Companion3
Error: (04/27/2014 04:23:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1f78
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Error: (04/27/2014 04:23:05 AM) (Source: Microsoft-Windows-RestartManager) (User: Mandy-PC)
Description: Die Anwendung oder der Dienst "SecureAssist" konnte nicht neu gestartet werden.
Error: (04/27/2014 04:22:36 AM) (Source: Microsoft-Windows-RestartManager) (User: Mandy-PC)
Description: Die Anwendung oder der Dienst "SecureAssist" konnte nicht heruntergefahren werden.
Error: (04/27/2014 03:45:44 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden einer Windows Installer-Transaktion: . Fehler 5 beim Beenden der Transaktion.
Error: (04/27/2014 02:26:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WinZipMalwareProtector.exe, Version: 2.1.1000.10798, Zeitstempel: 0x5159285c
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xWinZipMalwareProtector.exe0
Pfad der fehlerhaften Anwendung: WinZipMalwareProtector.exe1
Pfad des fehlerhaften Moduls: WinZipMalwareProtector.exe2
Berichtskennung: WinZipMalwareProtector.exe3
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10270341
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10270341
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/25/2014 11:56:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6177
System errors:
=============
Error: (04/27/2014 04:47:49 AM) (Source: DCOM) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (04/27/2014 04:46:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (04/27/2014 04:23:15 AM) (Source: DCOM) (User: )
Description: {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Error: (04/27/2014 03:51:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:51:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:51:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:29:18 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/27/2014 03:24:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:23:57 AM) (Source: Service Control Manager) (User: )
Description: Dienst "vToolbarUpdater17.3.0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/27/2014 03:23:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (01/21/2012 00:12:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3305 seconds with 2220 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 7924.51 MB
Available physical RAM: 4556.04 MB
Total Pagefile: 15847.2 MB
Available Pagefile: 12357.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:76.49 GB) NTFS
Drive d: () (Fixed) (Total:171.71 GB) (Free:171.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
27.04.2014, 18:54
| #4 |
| /// the machine /// TB-Ausbilder | Lollipop Network S.L deinstalieren Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Lollipop Network S.L deinstalieren |
| antivir, datum, deinstaliere, deinstalieren, deinstalliere, deinstallieren, ebook, gecheckt, inter, interne, internet, klicke, lollipop, lollipop network, network, notebook, runter, schnell, systems, systemsteuerung, taucht, troja, trojaner, win, win7 |
Linear-Darstellung
