| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2014, 11:11
| #1 |
 |  Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Hallo, ich habe das altbekannte Problem mit Download Protect. Es laesst sich nicht dauerhaft entfernen und loescht mir meine Firefox Addons wie ABE, NoScript, etc. Loeschen der entsprechenden .xpi- Datei und des zugehoerigen registry- Eintrages bringt nur was bis zum naechsten Systemstart. Dann wird DP anscheinend wieder nachgeladen. hier die Logfiles defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:17 on 22/05/2014 (f)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter ****************** Sophos Anti-Virus Protokoll - 22.05.2014 09:56:09 **************
...
20140508 090954 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140508 090959 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468455 Objekte erkennen.
20140508 090959 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140508 132412 Der Scan von 'Boot Record, Laufwerk G:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20140508 132412 Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20140508 140407 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140508 140411 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468463 Objekte erkennen.
20140508 140411 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140509 113042 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140509 113058 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468506 Objekte erkennen.
20140509 113059 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140509 120845 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140509 120849 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468514 Objekte erkennen.
20140509 120849 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140511 141449 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140511 141454 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468556 Objekte erkennen.
20140511 141454 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140511 195244 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140511 195248 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468561 Objekte erkennen.
20140511 195248 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140511 200744 Datei "C:\Users\f\AppData\Local\Temp\0YTuQyEk.exe.part" gehört zu Adware/PUA 'Install Core' (Typ Andere).
20140511 200800 Datei "C:\Users\f\AppData\Local\Temp\0YTuQyEk.exe.part" gehört zu Adware/PUA 'Install Core' (Typ Andere).
20140511 200800 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Temp\0YTuQyEk.exe.part" für folgenden Benutzer verweigert: f-PC\f
20140511 201139 Datei "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140511 201140 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140511 201140 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" für folgenden Benutzer verweigert: f-PC\f
20140511 201231 Datei "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140511 201231 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" für folgenden Benutzer verweigert: f-PC\f
20140511 201647 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140511 201647 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" für folgenden Benutzer verweigert: f-PC\f
20140511 201816 Datei "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140511 201816 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" für folgenden Benutzer verweigert: f-PC\f
20140511 204217 Web-Anfrage an "www.computercare.ca/forum/showthread.php" für Benutzer f-PC\f gesperrt. 'Mal/Iframe-W' wurde auf dieser Website gefunden, Verweiskennung 25455191.
20140511 204228 Web-Anfrage an "computercare.ca" für Benutzer f-PC\f gesperrt. 'Mal/Iframe-W' wurde auf dieser Website gefunden, Verweiskennung 25455191.
20140511 212413 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67OFDRP8\sam__2268_il387643[1].exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140511 212413 Datei "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140511 212430 Datei "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140511 212430 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" für folgenden Benutzer verweigert: f-PC\f
20140511 212930 Datei "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140511 212930 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" für folgenden Benutzer verweigert: f-PC\f
20140511 214453 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140511 214453 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140511 224457 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140511 224457 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140511 225105 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140511 225109 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468565 Objekte erkennen.
20140511 225109 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140511 234459 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140511 234459 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 011500 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 011500 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 031500 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 031500 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 051501 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 051501 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 100530 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140512 100537 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468579 Objekte erkennen.
20140512 100537 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140512 100742 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 100742 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 100844 Konfigurationsdatei 'C:\Users\f\AppData\Local\Sophos\Sophos Anti-Virus\Config\user.xml' konnte nicht aktualisiert werden.
20140512 100844 Die beschädigte Konfigurationsdatei 'C:\Users\f\AppData\Local\Sophos\Sophos Anti-Virus\Config\user.xml' wurde neu erstellt. Alle Änderungen sind verloren gegangen.
20140512 100908 Datei "C:\Users\f\AppData\Local\Temp\0YTuQyEk.exe.part" gehört zu Adware/PUA 'Install Core' (Typ Andere).
20140512 100917 Datei "C:\Users\f\AppData\Local\Temp\0YTuQyEk.exe.part" wurde bereinigt.
20140512 100917 Adware/PUA 'Install Core' wurde entfernt.
20140512 100937 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 100945 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" wurde bereinigt.
20140512 100945 Adware/PUA 'BrowseSmart' wurde entfernt.
20140512 101009 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140512 101024 Datei "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" gehört zu Adware/PUA 'AppRider' (Typ Adware).
20140512 101036 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J15F25P\setup[1].exe" wurde bereinigt.
20140512 101046 Datei "C:\Users\f\AppData\Local\Temp\DLG\exe\market-connect-plushd-fwsw-3.8-default\setup.exe" wurde bereinigt.
20140512 101046 Adware/PUA 'AppRider' wurde entfernt.
20140512 101104 Datei "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140512 101117 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67OFDRP8\sam__2268_il387643[1].exe" gehört zu Adware/PUA 'Amonetize' (Typ Andere).
20140512 101126 Datei "C:\Users\f\AppData\Local\Temp\is-735U6.tmp\sam__2268_il387643.exe" wurde bereinigt.
20140512 101136 Datei "C:\Users\f\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67OFDRP8\sam__2268_il387643[1].exe" wurde bereinigt.
20140512 101136 Adware/PUA 'Amonetize' wurde entfernt.
20140512 124812 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 124812 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 144813 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 144813 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 201922 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140512 201924 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468631 Objekte erkennen.
20140512 201924 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140512 202152 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 202152 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 205819 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140512 205825 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468637 Objekte erkennen.
20140512 205827 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140512 212154 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 212154 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140512 225156 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140512 225156 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140514 064612 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140514 064612 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140514 065000 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140514 065006 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468713 Objekte erkennen.
20140514 065007 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140514 065106 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenbho.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 065106 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Program Files (x86)\raving reyven\ravingreyvenbho.dll" für folgenden Benutzer verweigert: NT-AUTORITÄT\SYSTEM
20140514 072939 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenbho.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 072939 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Program Files (x86)\raving reyven\ravingreyvenbho.dll" für folgenden Benutzer verweigert: f-PC\f
20140514 072939 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 072939 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" für folgenden Benutzer verweigert: f-PC\f
20140514 073038 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 073038 On-Access-Scanner hat den Zugriff auf den Speicherort "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" für folgenden Benutzer verweigert: f-PC\f
20140514 073432 Scan 'Computer scannen' gestartet.
20140514 080716 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 080716 Registrierungsschlüssel "HKCR\Interface\{97E96CD8-BB3E-4BE1-931D-E640A2C423C7}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 080716 Registrierungsschlüssel "HKCR\TypeLib\{235FFD6C-B595-4CE6-82D8-4248C636A9C3}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 080716 Registrierungsschlüssel "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f866026-a8bb-42a7-987f-2f92715a8147}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 080716 Registrierungsschlüssel "HKCR\CLSID\{0f866026-a8bb-42a7-987f-2f92715a8147}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082625 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" gehört zu Adware/PUA 'BrowseSmart' (Typ Adware).
20140514 082634 Datei "C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys.tmp" wurde bereinigt.
20140514 082634 Adware/PUA 'BrowseSmart' wurde entfernt.
20140514 082723 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082723 Registrierungsschlüssel "HKCR\Interface\{97E96CD8-BB3E-4BE1-931D-E640A2C423C7}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082723 Registrierungsschlüssel "HKCR\TypeLib\{235FFD6C-B595-4CE6-82D8-4248C636A9C3}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082723 Registrierungsschlüssel "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f866026-a8bb-42a7-987f-2f92715a8147}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082723 Registrierungsschlüssel "HKCR\CLSID\{0f866026-a8bb-42a7-987f-2f92715a8147}" gehört zu Adware/PUA 'Generic PUA DL' (Typ Andere).
20140514 082735 Registrierungsschlüssel "HKCR\Interface\{97E96CD8-BB3E-4BE1-931D-E640A2C423C7}" wurde bereinigt.
20140514 082735 Registrierungsschlüssel "HKCR\TypeLib\{235FFD6C-B595-4CE6-82D8-4248C636A9C3}" wurde bereinigt.
20140514 082735 Registrierungsschlüssel "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f866026-a8bb-42a7-987f-2f92715a8147}" wurde bereinigt.
20140514 082736 Registrierungsschlüssel "HKCR\CLSID\{0f866026-a8bb-42a7-987f-2f92715a8147}" wurde bereinigt.
20140514 082737 Datei "C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll" wurde bereinigt.
20140514 082737 Adware/PUA 'Generic PUA DL' wurde entfernt.
20140514 090826 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140514 090832 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468718 Objekte erkennen.
20140514 090832 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140514 203159 Adware/PUA 'Generic PUA DL' wurde erkannt.
20140514 203159 Scan 'Computer scannen' abgeschlossen.
20140514 203159 Ergebniszusammenfassung für Scan 'Computer scannen':
Gescannte Objekte: 450554
Fehler: 0
Objekte in Quarantäne: 1
Behandelte Objekte: 0
20140515 014034 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468718 Objekte erkennen.
20140515 014035 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20140515 081854 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140515 081903 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468789 Objekte erkennen.
20140515 081903 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140515 093629 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140515 093634 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468798 Objekte erkennen.
20140515 093635 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140515 125426 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140515 125430 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468806 Objekte erkennen.
20140515 125431 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140516 072228 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140516 072232 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468840 Objekte erkennen.
20140516 072233 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140516 092145 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140516 092147 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468847 Objekte erkennen.
20140516 092147 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140516 121515 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140516 121519 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468858 Objekte erkennen.
20140516 121520 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140519 094937 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140519 094950 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468920 Objekte erkennen.
20140519 094950 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140519 110043 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468920 Objekte erkennen.
20140519 110044 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20140519 130313 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140519 130320 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468933 Objekte erkennen.
20140519 130321 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140520 075431 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140520 075439 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468983 Objekte erkennen.
20140520 075440 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140520 090124 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140520 090130 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468988 Objekte erkennen.
20140520 090130 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140520 093649
Kommunikationsfehler zwischen On-Access-Treiber und Dienst für übergeordneten Prozess services.exe führte zur Erstellung des Zielprozesses svchost.exe.
20140520 093649
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\DRIVERS\monitor.sys] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740df70a45e9]).
20140520 093649
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\DRIVERS\monitor.sys] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess WmiPrvSE.exe, (Überprüfung des Zeitstempels [ 1cf740df70a45e9]).
20140520 093650
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess winlogon.exe, (Überprüfung des Zeitstempels [ 1cf740df7ae84dc]).
20140520 093650
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\diagperf.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740df6c2dca1]).
20140520 093650
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\System32\wlanhlp.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740f071026d9]).
20140520 093651
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\actxprxy.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740df7c6529e]).
20140520 093651
Der Scan von Datei [...\Device\HarddiskVolume2\windows\system32\wersvc.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740f0771bf44]).
20140520 093651
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\services.exe] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740e10fb8525]).
20140520 093651
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\pots.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740f076115a2]).
20140520 093651
Der Scan von Datei [...\Device\HarddiskVolume2\Windows\system32\adtschema.dll] wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cf740f079573e8]).
20140520 113052 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140520 113057 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6468995 Objekte erkennen.
20140520 113057 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140521 074944 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140521 074948 Die Erkennungsdatenversion 4.98G (Detection Engine 3.50.1) wird verwendet. Diese Version kann 6469026 Objekte erkennen.
20140521 074948 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140522 061845 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140522 062141 Die Erkennungsdatenversion 5.01 (Detection Engine 3.51.1) wird verwendet. Diese Version kann 6957315 Objekte erkennen.
20140522 062142 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20140522 062150 Die Erkennungsdatenversion 5.01 (Detection Engine 3.51.1) wird verwendet. Diese Version kann 6957315 Objekte erkennen.
20140522 085035 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20140522 085037 Die Erkennungsdatenversion 5.01 (Detection Engine 3.51.1) wird verwendet. Diese Version kann 6957316 Objekte erkennen.
20140522 085038 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20140522 092002 Die Erkennungsdatenversion 5.01 (Detection Engine 3.51.1) wird verwendet. Diese Version kann 6957316 Objekte erkennen.
20140522 092003 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
(208 Objekte)
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by f (administrator) on F-PC on 22-05-2014 12:04:46
Running from C:\Users\f\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() C:\Windows\System32\siwebsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Dropbox, Inc.) C:\Users\f\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [3091256 2011-12-26] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [222720 2012-06-21] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-22] (Sophos Limited)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-22] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-22] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\f\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DCF9300AA12CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 130.83.22.60 130.83.22.63 130.83.56.60
FireFox:
========
FF ProfilePath: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default
FF user.js: detected! => C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\user.js
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SearchEngineOrder.1: Startpage
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\Extensions\foxyproxy@eric.h.jung [2014-05-19]
FF Extension: DownloadHelper - C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}] - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi [2014-05-19]
FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2012-03-28]
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-22] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-22] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-22] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-22] (Sophos Limited)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-22] (Sophos Limited)
R2 TSThemed; C:\Windows\system32\siwebsvc.exe [120832 2014-05-11] ()
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)
S2 XMail; C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [397824 2013-11-21] ()
S2 metasploitPostgreSQL; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" [X]
S2 metasploitPostgreSQL-1; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/METASP~1/POSTGR~1/data" [X]
S2 metasploitPostgreSQL-2; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-2" -D "C:/METASP~1/POSTGR~1/data" [X]
S3 postgresql-x64-9.1; C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w [X]
==================== Drivers (Whitelisted) ====================
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-22] (Sophos Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-22] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-25] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-10-04] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-10-04] (Xilinx, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-22 11:52 - 2014-05-22 11:52 - 00380416 _____ () C:\Users\f\Desktop\Gmer-19357.exe
2014-05-22 11:17 - 2014-05-22 11:17 - 00000574 _____ () C:\Users\f\Desktop\defogger_disable.log
2014-05-22 11:17 - 2014-05-22 11:17 - 00000020 _____ () C:\Users\f\defogger_reenable
2014-05-22 11:16 - 2014-05-22 11:16 - 00050477 _____ () C:\Users\f\Desktop\Defogger.exe
2014-05-22 11:04 - 2014-05-22 12:04 - 00019399 _____ () C:\Users\f\Desktop\FRST.txt
2014-05-22 11:03 - 2014-05-22 12:04 - 00000000 ____D () C:\FRST
2014-05-22 10:45 - 2014-05-22 10:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\f\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 10:43 - 2014-05-22 10:43 - 02067456 _____ (Farbar) C:\Users\f\Desktop\FRST64.exe
2014-05-22 08:23 - 2014-05-22 08:23 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-05-22 08:20 - 2014-05-22 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-22 08:20 - 2014-05-22 08:16 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2014-05-22 08:17 - 2014-05-22 08:17 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2014-05-22 08:16 - 2014-05-22 08:16 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2014-05-22 08:16 - 2014-05-22 08:16 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2014-05-22 08:16 - 2014-05-22 08:16 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\Users\f\Downloads\Resident Evil Extinction[2007]DvDrip[Eng]-FXG
2014-05-20 11:16 - 2014-05-20 14:13 - 735498240 _____ () C:\Users\f\Downloads\Resident Evil (Wolf003227).avi
2014-05-20 10:59 - 2014-05-20 11:20 - 1360944758 _____ () C:\Users\f\Downloads\(1963) KING KONG VS GODZILLA.avi
2014-05-20 10:56 - 2014-05-20 11:26 - 1267258658 _____ () C:\Users\f\Downloads\(1974) GODZILLA VS MECHAGODZILLA.avi
2014-05-20 10:56 - 2014-05-20 11:16 - 00000000 ____D () C:\Users\f\Downloads\King Kong vs Godzilla (1962)
2014-05-19 13:09 - 2014-05-19 13:09 - 00000000 ____D () C:\Users\f\AppData\Roaming\DropboxMaster
2014-05-15 10:16 - 2014-05-19 13:03 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-15 03:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 09:29 - 2014-05-14 09:30 - 00000088 _____ () C:\Windows\wininit.ini
2014-05-14 09:00 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:00 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 08:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-12 22:38 - 2014-05-12 23:08 - 2467281235 ____R () C:\Users\f\Desktop\12.Monkeys.1080p.x264..mp4
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieUserList
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieSiteList
2014-05-11 23:56 - 2014-05-12 01:42 - 00000000 ____D () C:\Users\f\Downloads\Twelve Monkeys 1080p HDRip [ x264 - dts - mkv ] (oan)
2014-05-11 23:34 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2014-05-11 23:34 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-05-11 23:34 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-05-11 23:29 - 2014-05-11 23:29 - 00000000 ____D () C:\Users\f\Documents\eRightSoft
2014-05-11 23:26 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-05-11 23:24 - 2014-05-16 09:05 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-11 22:40 - 2014-05-11 22:41 - 00000000 ____D () C:\Users\f\Documents\Aimersoft DRM Media Converter
2014-05-11 22:40 - 2014-05-11 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:39 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(5).sys
2014-05-11 22:39 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(4).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2014-05-11 22:38 - 2010-12-24 15:27 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2014-05-11 22:38 - 2010-12-24 15:27 - 00496640 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(3).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(2).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(1).sys
2014-05-11 22:37 - 2014-05-12 02:30 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\Users\f\AppData\Roaming\Engelmann Media
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\f\AppData\Roaming\dlg
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2014-05-11 22:13 - 2014-05-14 10:27 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-04-30 09:35 - 2014-05-02 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-28 17:18 - 2014-05-22 11:18 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-22 16:22 - 2014-04-22 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 16:22 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-22 16:22 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-22 16:22 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-22 16:22 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-22 16:21 - 2014-04-22 16:22 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
==================== One Month Modified Files and Folders =======
2014-05-22 12:04 - 2014-05-22 11:04 - 00019399 _____ () C:\Users\f\Desktop\FRST.txt
2014-05-22 12:04 - 2014-05-22 11:03 - 00000000 ____D () C:\FRST
2014-05-22 11:52 - 2014-05-22 11:52 - 00380416 _____ () C:\Users\f\Desktop\Gmer-19357.exe
2014-05-22 11:28 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 11:28 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 11:25 - 2012-03-25 19:29 - 01471698 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 11:23 - 2012-05-03 14:19 - 00000000 ___RD () C:\Users\f\Dropbox
2014-05-22 11:23 - 2012-05-03 14:13 - 00000000 ____D () C:\Users\f\AppData\Roaming\Dropbox
2014-05-22 11:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 11:19 - 2014-04-20 09:35 - 00001859 _____ () C:\Windows\setupact.log
2014-05-22 11:18 - 2014-04-28 17:18 - 00001700 _____ () C:\Windows\PFRO.log
2014-05-22 11:17 - 2014-05-22 11:17 - 00000574 _____ () C:\Users\f\Desktop\defogger_disable.log
2014-05-22 11:17 - 2014-05-22 11:17 - 00000020 _____ () C:\Users\f\defogger_reenable
2014-05-22 11:17 - 2012-05-21 14:56 - 00000000 ____D () C:\Users\f\AppData\Roaming\uTorrent
2014-05-22 11:17 - 2012-03-25 19:36 - 00000000 ____D () C:\Users\f
2014-05-22 11:16 - 2014-05-22 11:16 - 00050477 _____ () C:\Users\f\Desktop\Defogger.exe
2014-05-22 11:14 - 2013-05-22 11:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 10:45 - 2014-05-22 10:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\f\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 10:43 - 2014-05-22 10:43 - 02067456 _____ (Farbar) C:\Users\f\Desktop\FRST64.exe
2014-05-22 08:23 - 2014-05-22 08:23 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-05-22 08:23 - 2014-01-30 12:28 - 00001972 _____ () C:\Users\f\Desktop\Drakensang Online.lnk
2014-05-22 08:23 - 2013-12-04 12:13 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2014-05-22 08:22 - 2012-03-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-22 08:21 - 2012-03-27 20:33 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-22 08:20 - 2014-05-22 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-22 08:17 - 2014-05-22 08:17 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2014-05-22 08:16 - 2014-05-22 08:20 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2014-05-22 08:16 - 2014-05-22 08:16 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2014-05-22 08:16 - 2014-05-22 08:16 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2014-05-22 08:16 - 2014-05-22 08:16 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2014-05-21 12:52 - 2012-03-25 21:37 - 00000000 ____D () C:\Users\f\AppData\Roaming\vlc
2014-05-20 19:06 - 2011-04-12 09:43 - 00765838 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 19:06 - 2011-04-12 09:43 - 00175036 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 19:06 - 2009-07-14 07:13 - 01807338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 14:13 - 2014-05-20 11:16 - 735498240 _____ () C:\Users\f\Downloads\Resident Evil (Wolf003227).avi
2014-05-20 11:26 - 2014-05-20 10:56 - 1267258658 _____ () C:\Users\f\Downloads\(1974) GODZILLA VS MECHAGODZILLA.avi
2014-05-20 11:20 - 2014-05-20 10:59 - 1360944758 _____ () C:\Users\f\Downloads\(1963) KING KONG VS GODZILLA.avi
2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\Users\f\Downloads\Resident Evil Extinction[2007]DvDrip[Eng]-FXG
2014-05-20 11:16 - 2014-05-20 10:56 - 00000000 ____D () C:\Users\f\Downloads\King Kong vs Godzilla (1962)
2014-05-19 15:02 - 2012-05-27 17:52 - 00007613 _____ () C:\Users\f\AppData\Local\Resmon.ResmonCfg
2014-05-19 13:09 - 2014-05-19 13:09 - 00000000 ____D () C:\Users\f\AppData\Roaming\DropboxMaster
2014-05-19 13:09 - 2012-03-25 19:36 - 00000000 ___RD () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 13:08 - 2012-05-03 14:13 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-19 13:03 - 2014-05-15 10:16 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-19 11:42 - 2012-04-17 19:45 - 00000000 ____D () C:\Users\f\Desktop\bilder
2014-05-17 21:30 - 2012-03-29 22:32 - 00000000 ____D () C:\Users\f\AppData\Roaming\dvdcss
2014-05-16 09:05 - 2014-05-11 23:24 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-15 14:53 - 2012-04-04 23:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 10:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-15 06:50 - 2012-03-25 19:36 - 00000000 ___RD () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 04:25 - 2014-02-18 15:06 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:38 - 2012-06-06 09:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 03:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 03:08 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-04-01 09:34 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:27 - 2014-05-11 22:13 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-05-14 09:30 - 2014-05-14 09:29 - 00000088 _____ () C:\Windows\wininit.ini
2014-05-14 08:48 - 2013-05-22 11:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:48 - 2012-04-12 21:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:48 - 2012-03-27 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 22:18 - 2013-10-14 18:17 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-05-12 23:08 - 2014-05-12 22:38 - 2467281235 ____R () C:\Users\f\Desktop\12.Monkeys.1080p.x264..mp4
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieUserList
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieSiteList
2014-05-12 02:30 - 2014-05-11 22:37 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-05-12 01:42 - 2014-05-11 23:56 - 00000000 ____D () C:\Users\f\Downloads\Twelve Monkeys 1080p HDRip [ x264 - dts - mkv ] (oan)
2014-05-11 23:29 - 2014-05-11 23:29 - 00000000 ____D () C:\Users\f\Documents\eRightSoft
2014-05-11 22:41 - 2014-05-11 22:40 - 00000000 ____D () C:\Users\f\Documents\Aimersoft DRM Media Converter
2014-05-11 22:41 - 2014-05-11 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\Users\f\AppData\Roaming\Engelmann Media
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\f\AppData\Roaming\dlg
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2014-05-06 14:06 - 2012-04-12 22:02 - 00000000 ____D () C:\ProgramData\Soulseek
2014-05-06 08:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 03:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 11:58 - 2014-04-30 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-25 12:53 - 2012-04-12 22:07 - 00000000 ____D () C:\Users\f\Downloads\slsk
2014-04-22 23:03 - 2012-03-25 21:23 - 00000000 ____D () C:\Users\f\AppData\Roaming\Winamp
2014-04-22 16:25 - 2013-09-16 22:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-22 16:22 - 2014-04-22 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 16:22 - 2014-04-22 16:21 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 16:22 - 2013-11-18 12:12 - 00000000 ____D () C:\Program Files (x86)\Java
Files to move or delete:
====================
C:\Users\f\GCMDLN.DLL
Some content of TEMP:
====================
C:\Users\f\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz1sbnt.dll
C:\Users\f\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-20 01:30
==================== End Of Log ============================
farbar Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by f at 2014-05-22 12:06:08
Running from C:\Users\f\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acquia Dev Desktop (HKLM-x32\...\Acquia Dev Desktop 7.24.26) (Version: 7.24.26 - Acquia, Inc.)
ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.2692474 - Audible, Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.189 - Digilent, Inc.)
DirectX for Managed Code Update (October 2004) (x32 Version: 9.02.3900 - Microsoft) Hidden
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Edna Bricht Aus 6.3 (HKLM-x32\...\{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1) (Version: - )
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Everest Dictionary (HKLM-x32\...\{D7252334-1115-4A4B-B9CE-6FE52AD18F75}) (Version: 2.11.0000 - Daniel Vladutu)
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.7.4 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2529927) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2529927) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2548139) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2548139) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2549864) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2549864) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2635973) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2736182) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2736182) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2890573) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2890573) (Version: 1 - Microsoft Corporation)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
KVIrc (HKLM-x32\...\KVIrc) (Version: - Szymon Stefanek and The KVIrc Development Team)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{7801C501-F2B8-41FF-9792-D48C809A9CFB}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{8583E7E3-2237-4981-B957-E28E5E9AB678}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Premium - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Premium - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Premium - DEU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PostgreSQL 9.1 (HKLM\...\PostgreSQL 9.1) (Version: 9.1 - PostgreSQL Global Development Group)
Racket v5.3.6 (x86_64) (HKLM-x32\...\Racket-x86_64-5.3.6) (Version: 5.3.6 - PLT Design Inc.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Secure Download Manager (HKLM-x32\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Visual Studio 2010 Premium - DEU (KB2645410) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2645410) (Version: 1 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{C2938C94-239C-4156-B245-C5406A4F3E93}) (Version: 5.9.5.7038 - Authentec Inc.)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Wichtiges Update für Microsoft Visual Studio 2010 Premium - DEU (KB2938807) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2938807) (Version: 1 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.623 - Christoph Grether)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xilinx ISE Design Suite 13.3 (C:\Xilinx\13.3\ISE_DS) (HKLM\...\Xilinx ISE Design Suite 13.3) (Version: - )
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-04 21:29 - 00000898 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 theatermacher.localhost
127.0.0.1 exemplast.localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0E00AA13-05EE-488C-8CD3-079ED1A05CF3} - System32\Tasks\{B4C90F56-CA25-427A-91EB-86536E37A9EF} => C:\Users\f\Desktop\7tr203ww.exe
Task: {10547018-E1EB-4E0D-A691-AB493890EB8B} - System32\Tasks\{8DEAA5BE-7807-43D8-8968-E692DEF71901} => D:\Install\setup.exe
Task: {2D5F2C2D-5BE8-48DF-9092-CF14BBBB4038} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {3B37461C-B5F7-4240-A35C-FE75FB7E5990} - System32\Tasks\{9B951D1F-2266-4153-8D0B-E8A272DF5635} => D:\Install\setup.exe
Task: {5E02EADB-3162-4387-B9CD-CDE8578EEF63} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {90E428B3-F783-48B4-B6CA-6295359BBE69} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A117CD1A-2048-49DD-8EBD-3358EB70A8CA} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {B4867BE9-8E2A-47F4-BFC8-2A803C999BA4} - System32\Tasks\{07F8CB3D-12B9-4EA5-832E-E9A97133EEC2} => C:\Users\f\Desktop\7tr203ww.exe
Task: {B5002930-DE09-4DDA-BAE1-4D46B07A00AE} - System32\Tasks\{C7BCAF6E-3A13-47E8-8022-970710DCF566} => D:\Install\setup.exe
Task: {B5161431-DC48-47C4-A607-32442A76ED94} - System32\Tasks\{E9432740-DEAE-4C90-8C43-D0A482F9567D} => D:\Install\setup.exe
Task: {C8739AE3-06EB-4D17-A7C0-45527F4B6382} - System32\Tasks\{99AB781B-8D84-49D0-9081-FC92AC3C469F} => D:\Install\setup.exe
Task: {D3DADFDB-37D4-42BC-BD48-18CCC58A77E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-12-16 15:38 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-19 13:39 - 2010-10-19 13:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2012-06-05 10:23 - 2012-05-16 06:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-16 15:39 - 2013-09-05 03:37 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2012-03-25 21:20 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-24 22:04 - 2013-02-24 22:04 - 00704008 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-05-22 11:23 - 2014-05-22 11:23 - 00041984 _____ () c:\users\f\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz1sbnt.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\f\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-11 22:40 - 2014-05-11 22:41 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^f^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/22/2014 11:20:46 AM) (Source: XMail) (EventID: 0) (User: )
Description: XMail error: 0{Mail root path not found}: Der Vorgang wurde erfolgreich beendet. (0x0)
Error: (05/22/2014 11:20:46 AM) (Source: XMail) (EventID: 0) (User: )
Description: Mail root path not found
Error: (05/22/2014 11:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/22/2014 08:22:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Produkt: Sophos AutoUpdate -- Fehler 25010. Beim Starten der spezifischen Aktion 'UpdateSubscriptionInfo' ist ein Fehler aufgetreten. Grund: Unable to read SetupConfig.dat or Migration.dat Bitte wenden Sie sich an Ihren Support.
Error: (05/21/2014 09:14:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/20/2014 04:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: siwebsvc.exe, Version: 0.0.0.0, Zeitstempel: 0x53586b3f
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000d89e
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xsiwebsvc.exe0
Pfad der fehlerhaften Anwendung: siwebsvc.exe1
Pfad des fehlerhaften Moduls: siwebsvc.exe2
Berichtskennung: siwebsvc.exe3
Error: (05/20/2014 01:35:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/19/2014 01:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001fd4d
ID des fehlerhaften Prozesses: 0x490
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (05/19/2014 01:02:22 PM) (Source: XMail) (EventID: 0) (User: )
Description: XMail error: 0{Mail root path not found}: Der Vorgang wurde erfolgreich beendet. (0x0)
Error: (05/19/2014 01:02:22 PM) (Source: XMail) (EventID: 0) (User: )
Description: Mail root path not found
System errors:
=============
Error: (05/22/2014 11:20:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "metasploitPostgreSQL-2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/22/2014 11:20:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "metasploitPostgreSQL-1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/22/2014 11:20:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "metasploitPostgreSQL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/22/2014 09:49:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (05/22/2014 08:14:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (05/20/2014 04:03:53 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der
Netzwerkhardwareadresse 20-37-06-4D-94-01 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (05/20/2014 04:03:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.
Error: (05/20/2014 04:02:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SEMC elxstor Bluetooth-Audiogerät" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/20/2014 04:02:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.
Error: (05/20/2014 04:02:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Microsoft Office Sessions:
=========================
Error: (05/22/2014 11:20:46 AM) (Source: XMail) (EventID: 0) (User: )
Description: XMail error: 0{Mail root path not found}: Der Vorgang wurde erfolgreich beendet. (0x0)
Error: (05/22/2014 11:20:46 AM) (Source: XMail) (EventID: 0) (User: )
Description: Mail root path not found
Error: (05/22/2014 11:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/22/2014 08:22:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Produkt: Sophos AutoUpdate -- Fehler 25010. Beim Starten der spezifischen Aktion 'UpdateSubscriptionInfo' ist ein Fehler aufgetreten. Grund: Unable to read SetupConfig.dat or Migration.dat Bitte wenden Sie sich an Ihren Support.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (05/21/2014 09:14:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (05/20/2014 04:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: siwebsvc.exe0.0.0.053586b3fole32.dll6.1.7601.175144ce7c92cc0000005000000000000d89ef2801cf7351cb4c9fa2C:\Windows\system32\siwebsvc.exeC:\Windows\system32\ole32.dll5b2878ef-e027-11e3-81a8-001e37d2c207
Error: (05/20/2014 01:35:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (05/19/2014 01:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c0000005000000000001fd4d49001cf7351d8916b49C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1b566840-df45-11e3-81a8-001e37d2c207
Error: (05/19/2014 01:02:22 PM) (Source: XMail) (EventID: 0) (User: )
Description: XMail error: 0{Mail root path not found}: Der Vorgang wurde erfolgreich beendet. (0x0)
Error: (05/19/2014 01:02:22 PM) (Source: XMail) (EventID: 0) (User: )
Description: Mail root path not found
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3054.3 MB
Available physical RAM: 1539.07 MB
Total Pagefile: 3252.48 MB
Available Pagefile: 1532.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:1.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 78A49376)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
22.05.2014, 11:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Hi und
__________________ ist das ein gewerblich genutztes System? Ich seh da sehr viel Software, die kein normaler Heimuser benötigt.
__________________ |
|
22.05.2014, 13:47
| #3 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Nein, nicht gewerblich, ich bin Student (Informatik) und bekomme diverse Software ueber meine Uni.
__________________Du meinst warscheinlich die Visual blabla Programme und Xilinx design suite und meine Sophos - Version. Ob ich die auch brauche ist eine andere Frage, bei den Visual Studio - Geschichten bin ich mittlerweile ziemlich sicher, dass nicht  Also kein Home- User, aber auch nicht gewerblich. Ich kann gerne Screenshots von meinem microsoft dream sparc account mit den entsprechenden Bestellungen schicken. Falls es um andere Software geht, sag mir bitte welche. Ich versuche gerne entsprechende Nachweise (Lizenzen) zu erbringen, falls Zweifel bestehen, dass ich diesen Rechner tatsaechlich nicht gewerblich nutze. |
|
22.05.2014, 13:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2014, 10:37
| #5 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Also hier das log von AdwCleaner: Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 22/05/2014 um 15:29:20
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : f - F-PC
# Gestartet von : C:\Users\f\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\AlawarWrapper
Ordner Gelöscht : C:\Program Files (x86)\raving reyven
Ordner Gelöscht : C:\Program Files (x86)\acquia-drupal
Ordner Gelöscht : C:\Users\f\AppData\Local\Temp\raving reyven
Ordner Gelöscht : C:\Users\Public\Documents\AlawarWrapper
Datei Gelöscht : C:\Users\f\AppData\Roaming\Mozilla\firefox\Profiles\lf159h2s.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\f\AppData\Roaming\Mozilla\firefox\Profiles\lf159h2s.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [845 octets] - [22/05/2014 15:01:09]
AdwCleaner[R1].txt - [845 octets] - [22/05/2014 15:01:36]
AdwCleaner[R2].txt - [2794 octets] - [22/05/2014 15:25:58]
AdwCleaner[S0].txt - [2478 octets] - [22/05/2014 15:29:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2538 octets] ##########
JRT- Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by f on 22.05.2014 at 17:27:12,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\f\AppData\Roaming\mozilla\firefox\profiles\lf159h2s.default\minidumps [35 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2014 at 17:51:03,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by f (administrator) on F-PC on 23-05-2014 11:24:55
Running from C:\Users\f\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
() C:\Windows\System32\siwebsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Dropbox, Inc.) C:\Users\f\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Sophos Limited) C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [3091256 2011-12-26] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [222720 2012-06-21] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-23] (Sophos Limited)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-23] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-23] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\f\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DCF9300AA12CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 130.83.22.60 130.83.22.63 130.83.56.60
FireFox:
========
FF ProfilePath: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default
FF SearchEngineOrder.1: Startpage
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\Extensions\foxyproxy@eric.h.jung [2014-05-19]
FF Extension: DownloadHelper - C:\Users\f\AppData\Roaming\Mozilla\Firefox\Profiles\lf159h2s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}] - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi [2014-05-19]
FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2012-03-28]
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-23] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-23] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-23] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-23] (Sophos Limited)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-23] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-23] (Sophos Limited)
R2 TSThemed; C:\Windows\system32\siwebsvc.exe [120832 2014-05-11] ()
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)
S2 metasploitPostgreSQL; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" [X]
S2 metasploitPostgreSQL-1; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/METASP~1/POSTGR~1/data" [X]
S2 metasploitPostgreSQL-2; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-2" -D "C:/METASP~1/POSTGR~1/data" [X]
S3 postgresql-x64-9.1; C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w [X]
S2 XMail; C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [X]
==================== Drivers (Whitelisted) ====================
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-23] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-23] (Sophos Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-23] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-25] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-10-04] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-10-04] (Xilinx, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-23 11:23 - 2014-05-23 11:25 - 00019012 _____ () C:\Users\f\Desktop\FRST.txt
2014-05-23 10:55 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-23 10:55 - 2014-05-23 10:53 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2014-05-23 10:54 - 2014-05-23 10:54 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2014-05-23 10:54 - 2014-05-23 10:54 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2014-05-23 10:54 - 2014-05-23 10:54 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2014-05-23 10:53 - 2014-05-23 10:53 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2014-05-22 17:51 - 2014-05-22 17:51 - 00000749 _____ () C:\Users\f\Desktop\JRT (2).txt
2014-05-22 16:44 - 2014-05-22 16:44 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 15:38 - 2014-05-22 15:38 - 00002626 _____ () C:\Users\f\Desktop\AdwCleaner[S0].txt
2014-05-22 15:00 - 2014-05-22 15:31 - 00000000 ____D () C:\AdwCleaner
2014-05-22 14:56 - 2014-05-22 14:56 - 01016261 _____ (Thisisu) C:\Users\f\Desktop\JRT.exe
2014-05-22 14:54 - 2014-05-22 14:55 - 01326389 _____ () C:\Users\f\Desktop\adwcleaner_3.210.exe
2014-05-22 14:42 - 2014-05-22 14:42 - 00001447 _____ () C:\Users\f\.recently-used.xbel
2014-05-22 11:52 - 2014-05-22 11:52 - 00380416 _____ () C:\Users\f\Desktop\Gmer-19357.exe
2014-05-22 11:17 - 2014-05-22 11:17 - 00000020 _____ () C:\Users\f\defogger_reenable
2014-05-22 11:16 - 2014-05-22 11:16 - 00050477 _____ () C:\Users\f\Desktop\Defogger.exe
2014-05-22 11:03 - 2014-05-23 11:24 - 00000000 ____D () C:\FRST
2014-05-22 10:45 - 2014-05-22 10:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\f\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 10:43 - 2014-05-22 10:43 - 02067456 _____ (Farbar) C:\Users\f\Desktop\FRST64.exe
2014-05-22 08:23 - 2014-05-22 08:23 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\Users\f\Downloads\Resident Evil Extinction[2007]DvDrip[Eng]-FXG
2014-05-20 11:16 - 2014-05-20 14:13 - 735498240 _____ () C:\Users\f\Downloads\Resident Evil (Wolf003227).avi
2014-05-20 10:59 - 2014-05-20 11:20 - 1360944758 _____ () C:\Users\f\Downloads\(1963) KING KONG VS GODZILLA.avi
2014-05-20 10:56 - 2014-05-20 11:26 - 1267258658 _____ () C:\Users\f\Downloads\(1974) GODZILLA VS MECHAGODZILLA.avi
2014-05-20 10:56 - 2014-05-20 11:16 - 00000000 ____D () C:\Users\f\Downloads\King Kong vs Godzilla (1962)
2014-05-19 13:09 - 2014-05-19 13:09 - 00000000 ____D () C:\Users\f\AppData\Roaming\DropboxMaster
2014-05-15 10:16 - 2014-05-19 13:03 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-15 03:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 09:29 - 2014-05-14 09:30 - 00000088 _____ () C:\Windows\wininit.ini
2014-05-14 09:00 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:00 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 08:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-12 22:38 - 2014-05-12 23:08 - 2467281235 ____R () C:\Users\f\Desktop\12.Monkeys.1080p.x264..mp4
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieUserList
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieSiteList
2014-05-11 23:56 - 2014-05-12 01:42 - 00000000 ____D () C:\Users\f\Downloads\Twelve Monkeys 1080p HDRip [ x264 - dts - mkv ] (oan)
2014-05-11 23:34 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2014-05-11 23:34 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-05-11 23:34 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-05-11 23:29 - 2014-05-11 23:29 - 00000000 ____D () C:\Users\f\Documents\eRightSoft
2014-05-11 23:26 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-05-11 23:24 - 2014-05-16 09:05 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-11 22:40 - 2014-05-11 22:41 - 00000000 ____D () C:\Users\f\Documents\Aimersoft DRM Media Converter
2014-05-11 22:40 - 2014-05-11 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:39 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(5).sys
2014-05-11 22:39 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(4).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2014-05-11 22:38 - 2010-12-24 15:27 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2014-05-11 22:38 - 2010-12-24 15:27 - 00496640 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(3).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(2).sys
2014-05-11 22:38 - 2010-12-24 15:27 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudio_DeviceS(1).sys
2014-05-11 22:37 - 2014-05-12 02:30 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\Users\f\AppData\Roaming\Engelmann Media
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\f\AppData\Roaming\dlg
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2014-04-30 09:35 - 2014-05-02 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-28 17:18 - 2014-05-23 10:46 - 00002558 _____ () C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2014-05-23 11:25 - 2014-05-23 11:23 - 00019012 _____ () C:\Users\f\Desktop\FRST.txt
2014-05-23 11:24 - 2014-05-22 11:03 - 00000000 ____D () C:\FRST
2014-05-23 11:14 - 2013-05-22 11:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 10:57 - 2012-03-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-23 10:56 - 2012-03-27 20:33 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-23 10:55 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-23 10:55 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 10:55 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 10:54 - 2014-05-23 10:54 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2014-05-23 10:54 - 2014-05-23 10:54 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2014-05-23 10:54 - 2014-05-23 10:54 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2014-05-23 10:53 - 2014-05-23 10:55 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2014-05-23 10:53 - 2014-05-23 10:53 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2014-05-23 10:53 - 2012-03-25 19:29 - 01516584 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 10:49 - 2012-05-03 14:19 - 00000000 ___RD () C:\Users\f\Dropbox
2014-05-23 10:49 - 2012-05-03 14:13 - 00000000 ____D () C:\Users\f\AppData\Roaming\Dropbox
2014-05-23 10:47 - 2014-04-20 09:35 - 00002027 _____ () C:\Windows\setupact.log
2014-05-23 10:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 10:46 - 2014-04-28 17:18 - 00002558 _____ () C:\Windows\PFRO.log
2014-05-23 10:38 - 2012-03-25 21:37 - 00000000 ____D () C:\Users\f\AppData\Roaming\vlc
2014-05-22 17:51 - 2014-05-22 17:51 - 00000749 _____ () C:\Users\f\Desktop\JRT (2).txt
2014-05-22 16:44 - 2014-05-22 16:44 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 16:06 - 2012-11-20 20:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-22 15:38 - 2014-05-22 15:38 - 00002626 _____ () C:\Users\f\Desktop\AdwCleaner[S0].txt
2014-05-22 15:31 - 2014-05-22 15:00 - 00000000 ____D () C:\AdwCleaner
2014-05-22 14:56 - 2014-05-22 14:56 - 01016261 _____ (Thisisu) C:\Users\f\Desktop\JRT.exe
2014-05-22 14:55 - 2014-05-22 14:54 - 01326389 _____ () C:\Users\f\Desktop\adwcleaner_3.210.exe
2014-05-22 14:42 - 2014-05-22 14:42 - 00001447 _____ () C:\Users\f\.recently-used.xbel
2014-05-22 14:42 - 2012-05-03 23:04 - 00000000 ____D () C:\Users\f\AppData\Roaming\gtk-2.0
2014-05-22 14:42 - 2012-04-04 23:50 - 00000000 ____D () C:\Users\f\.gimp-2.6
2014-05-22 14:42 - 2012-03-25 19:36 - 00000000 ____D () C:\Users\f
2014-05-22 11:52 - 2014-05-22 11:52 - 00380416 _____ () C:\Users\f\Desktop\Gmer-19357.exe
2014-05-22 11:17 - 2014-05-22 11:17 - 00000020 _____ () C:\Users\f\defogger_reenable
2014-05-22 11:17 - 2012-05-21 14:56 - 00000000 ____D () C:\Users\f\AppData\Roaming\uTorrent
2014-05-22 11:16 - 2014-05-22 11:16 - 00050477 _____ () C:\Users\f\Desktop\Defogger.exe
2014-05-22 10:45 - 2014-05-22 10:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\f\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 10:43 - 2014-05-22 10:43 - 02067456 _____ (Farbar) C:\Users\f\Desktop\FRST64.exe
2014-05-22 08:23 - 2014-05-22 08:23 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-05-22 08:23 - 2014-01-30 12:28 - 00001972 _____ () C:\Users\f\Desktop\Drakensang Online.lnk
2014-05-22 08:23 - 2013-12-04 12:13 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2014-05-20 19:06 - 2011-04-12 09:43 - 00765838 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 19:06 - 2011-04-12 09:43 - 00175036 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 19:06 - 2009-07-14 07:13 - 01807338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 14:13 - 2014-05-20 11:16 - 735498240 _____ () C:\Users\f\Downloads\Resident Evil (Wolf003227).avi
2014-05-20 11:26 - 2014-05-20 10:56 - 1267258658 _____ () C:\Users\f\Downloads\(1974) GODZILLA VS MECHAGODZILLA.avi
2014-05-20 11:20 - 2014-05-20 10:59 - 1360944758 _____ () C:\Users\f\Downloads\(1963) KING KONG VS GODZILLA.avi
2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\Users\f\Downloads\Resident Evil Extinction[2007]DvDrip[Eng]-FXG
2014-05-20 11:16 - 2014-05-20 10:56 - 00000000 ____D () C:\Users\f\Downloads\King Kong vs Godzilla (1962)
2014-05-19 15:02 - 2012-05-27 17:52 - 00007613 _____ () C:\Users\f\AppData\Local\Resmon.ResmonCfg
2014-05-19 13:09 - 2014-05-19 13:09 - 00000000 ____D () C:\Users\f\AppData\Roaming\DropboxMaster
2014-05-19 13:09 - 2012-03-25 19:36 - 00000000 ___RD () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 13:08 - 2012-05-03 14:13 - 00000000 ____D () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-19 13:03 - 2014-05-15 10:16 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-19 11:42 - 2012-04-17 19:45 - 00000000 ____D () C:\Users\f\Desktop\bilder
2014-05-17 21:30 - 2012-03-29 22:32 - 00000000 ____D () C:\Users\f\AppData\Roaming\dvdcss
2014-05-16 09:05 - 2014-05-11 23:24 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-15 14:53 - 2012-04-04 23:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 10:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-15 06:50 - 2012-03-25 19:36 - 00000000 ___RD () C:\Users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 04:25 - 2014-02-18 15:06 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:38 - 2012-06-06 09:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 03:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 03:08 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-04-01 09:34 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 09:30 - 2014-05-14 09:29 - 00000088 _____ () C:\Windows\wininit.ini
2014-05-14 08:48 - 2013-05-22 11:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:48 - 2012-04-12 21:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:48 - 2012-03-27 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 22:18 - 2013-10-14 18:17 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-05-12 23:08 - 2014-05-12 22:38 - 2467281235 ____R () C:\Users\f\Desktop\12.Monkeys.1080p.x264..mp4
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieUserList
2014-05-12 02:31 - 2014-05-12 02:31 - 00000000 __SHD () C:\Users\f\AppData\Local\EmieSiteList
2014-05-12 02:30 - 2014-05-11 22:37 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-05-12 01:42 - 2014-05-11 23:56 - 00000000 ____D () C:\Users\f\Downloads\Twelve Monkeys 1080p HDRip [ x264 - dts - mkv ] (oan)
2014-05-11 23:29 - 2014-05-11 23:29 - 00000000 ____D () C:\Users\f\Documents\eRightSoft
2014-05-11 22:41 - 2014-05-11 22:40 - 00000000 ____D () C:\Users\f\Documents\Aimersoft DRM Media Converter
2014-05-11 22:41 - 2014-05-11 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\Users\f\AppData\Roaming\Engelmann Media
2014-05-11 22:28 - 2014-05-11 22:28 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\f\AppData\Roaming\dlg
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2014-05-06 14:06 - 2012-04-12 22:02 - 00000000 ____D () C:\ProgramData\Soulseek
2014-05-06 08:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 03:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 11:58 - 2014-04-30 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-25 12:53 - 2012-04-12 22:07 - 00000000 ____D () C:\Users\f\Downloads\slsk
Files to move or delete:
====================
C:\Users\f\GCMDLN.DLL
Some content of TEMP:
====================
C:\Users\f\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk0xbj.dll
C:\Users\f\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\f\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-20 01:30
==================== End Of Log ============================
--- --- --- --- --- --- |
|
23.05.2014, 11:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Bitte auch ne neue Addition.txt => Haken setzen bei Addition.txt dann auf Scan klicken 
__________________ --> Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) |
|
23.05.2014, 11:56
| #7 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Sorry, hab ich nur vergessen zu Posten. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by f at 2014-05-23 11:26:00
Running from C:\Users\f\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acquia Dev Desktop (HKLM-x32\...\Acquia Dev Desktop 7.24.26) (Version: 7.24.26 - Acquia, Inc.)
ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.2692474 - Audible, Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.189 - Digilent, Inc.)
DirectX for Managed Code Update (October 2004) (x32 Version: 9.02.3900 - Microsoft) Hidden
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Edna Bricht Aus 6.3 (HKLM-x32\...\{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1) (Version: - )
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Everest Dictionary (HKLM-x32\...\{D7252334-1115-4A4B-B9CE-6FE52AD18F75}) (Version: 2.11.0000 - Daniel Vladutu)
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.7.4 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2529927) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2529927) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2548139) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2548139) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2549864) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2549864) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2635973) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2736182) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2736182) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Premium - DEU (KB2890573) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2890573) (Version: 1 - Microsoft Corporation)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
KVIrc (HKLM-x32\...\KVIrc) (Version: - Szymon Stefanek and The KVIrc Development Team)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{7801C501-F2B8-41FF-9792-D48C809A9CFB}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{8583E7E3-2237-4981-B957-E28E5E9AB678}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Premium - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Premium - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Premium - DEU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PostgreSQL 9.1 (HKLM\...\PostgreSQL 9.1) (Version: 9.1 - PostgreSQL Global Development Group)
Racket v5.3.6 (x86_64) (HKLM-x32\...\Racket-x86_64-5.3.6) (Version: 5.3.6 - PLT Design Inc.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Secure Download Manager (HKLM-x32\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Visual Studio 2010 Premium - DEU (KB2645410) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2645410) (Version: 1 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{C2938C94-239C-4156-B245-C5406A4F3E93}) (Version: 5.9.5.7038 - Authentec Inc.)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0024.00 - Lenovo Group Limited)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Wichtiges Update für Microsoft Visual Studio 2010 Premium - DEU (KB2938807) (HKLM-x32\...\{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}.KB2938807) (Version: 1 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.623 - Christoph Grether)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xilinx ISE Design Suite 13.3 (C:\Xilinx\13.3\ISE_DS) (HKLM\...\Xilinx ISE Design Suite 13.3) (Version: - )
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-04 21:29 - 00000898 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 theatermacher.localhost
127.0.0.1 exemplast.localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0E00AA13-05EE-488C-8CD3-079ED1A05CF3} - System32\Tasks\{B4C90F56-CA25-427A-91EB-86536E37A9EF} => C:\Users\f\Desktop\7tr203ww.exe
Task: {10547018-E1EB-4E0D-A691-AB493890EB8B} - System32\Tasks\{8DEAA5BE-7807-43D8-8968-E692DEF71901} => D:\Install\setup.exe
Task: {2D5F2C2D-5BE8-48DF-9092-CF14BBBB4038} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {3B37461C-B5F7-4240-A35C-FE75FB7E5990} - System32\Tasks\{9B951D1F-2266-4153-8D0B-E8A272DF5635} => D:\Install\setup.exe
Task: {5E02EADB-3162-4387-B9CD-CDE8578EEF63} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {90E428B3-F783-48B4-B6CA-6295359BBE69} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A117CD1A-2048-49DD-8EBD-3358EB70A8CA} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {B4867BE9-8E2A-47F4-BFC8-2A803C999BA4} - System32\Tasks\{07F8CB3D-12B9-4EA5-832E-E9A97133EEC2} => C:\Users\f\Desktop\7tr203ww.exe
Task: {B5002930-DE09-4DDA-BAE1-4D46B07A00AE} - System32\Tasks\{C7BCAF6E-3A13-47E8-8022-970710DCF566} => D:\Install\setup.exe
Task: {B5161431-DC48-47C4-A607-32442A76ED94} - System32\Tasks\{E9432740-DEAE-4C90-8C43-D0A482F9567D} => D:\Install\setup.exe
Task: {C8739AE3-06EB-4D17-A7C0-45527F4B6382} - System32\Tasks\{99AB781B-8D84-49D0-9081-FC92AC3C469F} => D:\Install\setup.exe
Task: {D3DADFDB-37D4-42BC-BD48-18CCC58A77E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-12-16 15:38 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-19 13:39 - 2010-10-19 13:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-11 22:14 - 2014-05-11 22:14 - 00120832 _____ () C:\Windows\system32\siwebsvc.exe
2013-02-24 22:04 - 2013-02-24 22:04 - 00704008 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2012-06-05 10:23 - 2012-05-16 06:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-16 15:39 - 2013-09-05 03:37 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2012-03-25 21:20 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-05-23 10:49 - 2014-05-23 10:49 - 00041984 _____ () c:\users\f\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk0xbj.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\f\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^f^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3054.3 MB
Available physical RAM: 1650.8 MB
Total Pagefile: 3252.48 MB
Available Pagefile: 1743.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:0.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 78A49376)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.05.2014, 13:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [Download Protect] =>
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\dlprotect.exe
C:\Users\f\GCMDLN.DLL
C:\Users\f\Downloads\slsk
C:\Users\f\AppData\Roaming\dlg
C:\Windows\system32\siwebsvc.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2014, 13:52
| #9 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by f at 2014-05-23 14:27:43 Run:1
Running from C:\Users\f\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [Download Protect] =>
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\dlprotect.exe
C:\Users\f\GCMDLN.DLL
C:\Users\f\Downloads\slsk
C:\Users\f\AppData\Roaming\dlg
C:\Windows\system32\siwebsvc.exe
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [Download Protect] => => Value not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"C:\ProgramData\dlprotect.exe" => File/Directory not found.
C:\Users\f\GCMDLN.DLL => Moved successfully.
C:\Users\f\Downloads\slsk => Moved successfully.
C:\Users\f\AppData\Roaming\dlg => Moved successfully.
C:\Windows\system32\siwebsvc.exe => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
btw. Downloadprotect ist immer noch da. |
|
23.05.2014, 13:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) C:\FRST WO genau ist das noch da??!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2014, 14:17
| #11 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) als addon in Firefox. Demnach die zugehoerige {AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi in C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279} (ist gerade das einzige addon, das im Browser installiert ist, alle anderen hab ich entfernt, sofern sie nicht von DL- Protect sowiso schon entfernt worden sind) und in der registry mit entsprechendem key in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\firefox\extensions Da hatte ich, bevor ich mich an euch gewendet hab, das Ganze schon mal entfernt. hat sich dann allerdings nach einem Systemneustart wieder installiert (wenn Internet vorhanden war). Der Name der .xpi und des ordners sind scheinbar zufaellig. |
|
23.05.2014, 14:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: Download Protect - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi [2014-05-19]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2014, 14:26
| #13 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) hier das fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by f at 2014-05-23 15:24:16 Run:2
Running from C:\Users\f\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF Extension: Download Protect - C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi [2014-05-19]
*****************
C:\Windows\Installer\{7D2A3A15-04BB-4987-AA66-240B6E8E0279}\{AD48F002-8C44-4FB5-941D-1D6EB1F3C503}.xpi => Moved successfully.
==== End of Fixlog ====
Edit: der registry Eintrag scheint noch da zu sein. Geändert von knorz (23.05.2014 um 14:33 Uhr) |
|
23.05.2014, 20:55
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2014, 11:17
| #15 |
| | Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) Ok, das mit ESET hat jetzt ein bisschen gedauert. hier die logs: MalwareBytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.05.2014 Suchlauf-Zeit: 23:00:35 Logdatei: malwareLog.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.23.11 Rootkit Datenbank: v2014.05.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: f Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 368099 Verstrichene Zeit: 50 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.RavingReyven.A, HKU\S-1-5-21-1667982190-3177226604-1510361238-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F866026-A8BB-42A7-987F-2F92715A8147}, In Quarantäne, [33a45bf9d1aa76c0b08e2c00d42e728e], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=29c16af5c57748488628b42f9d16f583
# engine=18411
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-26 04:54:54
# local_time=2014-05-26 06:54:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 288115 152753144 0 0
# compatibility_mode=8449 16775165 50 96 27532 288088 59954 0
# scanned=450015
# found=59
# cleaned=0
# scan_time=27441
sh=0D097CE7CBD4B633848DC3C472ECA7141440034C ft=1 fh=fac0d643420d8f2b vn="Variante von Win64/Agent.BL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\siwebsvc.exe.xBAD"
sh=E888FBF081F46FFDFC016A47C45E14A6D605C3E5 ft=1 fh=17483be3f59cf663 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\f\Desktop\tools\handy\Setool2lite\setool2lt.exe"
sh=3CD6CC5F50197D03D7FBDE6C769A90221BCC83E1 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\f\Desktop\tools\handy\w200i\Setool2lite.rar"
sh=FE86F401892CAC0B14E07759E45F3A5251ADFC75 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\bildgross.html"
sh=1F8B60999B5B6BAB689D594684DF1BC6BAFA38D5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\foerdermitglied.html"
sh=06768BEC747FA71C696FF6680E24F2C6E902304E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\impressum.html"
sh=20C3B0F435A80B68B550D304D0E9E523379DF4B6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\index.html"
sh=511EB0B49B78BE64D0875C1A8C1AD7D5B5793688 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\kontakt.html"
sh=8B29FF39E18A26AF519B72037698E70962157FFA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\kooperationspartner.html"
sh=5D8BAA4E57E0A30F75B7F519BB8D3478192E0FD9 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\theaterprojekte.html"
sh=DE23F9F06BF4EB481C22DDC22010D91955768C0B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp-arbeit-news01.html"
sh=0FA8202E36C2E523AE5FAAEFEB5B089CCAE334E0 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp-arbeit-news02.html"
sh=0E030271FB326D9A1F253C727901FF78DBB37D61 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp-dantonstod.html"
sh=3E41D32F67192B6CA7B6ECD773B1F487E23B68E4 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp-kennstdumich.html"
sh=C7ABA52F0409100CF06A64B62041B2323ED869AA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_arbeit.html"
sh=B5535BD9DCA2006E03B23313FFE87D7CD20B93AA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_atriden.html"
sh=04401F59A480D0405F7A664962A901FDFC6940AB ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_dgssdwudf.html"
sh=D5128C8645D120B62C1D4A95C74E973A62B84874 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_hiketiden.html"
sh=AC5AE5A00484F3E1675BF22F855F9C3881A95551 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_iphigenie.html"
sh=C68C42016CBC58DFE2CEDABDD8A6C5E23F5BC4E4 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\tp_sambaolek.html"
sh=EB3FB9D94BCE2E3119C5D0ED82D421EA5934BC7A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\ueberuns.html"
sh=8BBAE416AB0DC4B54D547F197C1E768AE86F250C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_erni_patrick.html"
sh=4B4093E3CD49F548C014738B5186F3BCACFA3230 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_goebel_irmtraut.html"
sh=4E8BCAE202A2604FF4DCC6E235BA5B9D08C36722 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_hartmann_neele.html"
sh=BD717223DF5926B57555F0861B6800DD3039C3A3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_hueffermann_vera.html"
sh=3B3648868D8757955B9F6EC9F18F29721BDEA701 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_koehler_anita.html"
sh=3C2A782D805036554859A35B5030501197273150 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_leithner_ulrike.html"
sh=01877F592340854D95F49A33DB6E00B5CE4542DA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_pickel_inga.html"
sh=9FBC05E334C23081BABC8824BEC1ECAD88BC3D64 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_schuber_kai.html"
sh=391C76B721C1EC7D027F5BD7A4820AD450BD188A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\vita_triebel_susanne.html"
sh=85B082A8D3BFD9A8F9376659EB2D716AE0679E13 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www\atriden\index.html"
sh=FE86F401892CAC0B14E07759E45F3A5251ADFC75 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\bildgross.html"
sh=1F8B60999B5B6BAB689D594684DF1BC6BAFA38D5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\foerdermitglied.html"
sh=06768BEC747FA71C696FF6680E24F2C6E902304E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\impressum.html"
sh=20C3B0F435A80B68B550D304D0E9E523379DF4B6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\index.html"
sh=6445A2FACFB7611D15B2C849F48E0C845889073D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\kontakt.html"
sh=8B29FF39E18A26AF519B72037698E70962157FFA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\kooperationspartner.html"
sh=5D8BAA4E57E0A30F75B7F519BB8D3478192E0FD9 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\theaterprojekte.html"
sh=DE23F9F06BF4EB481C22DDC22010D91955768C0B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp-arbeit-news01.html"
sh=0FA8202E36C2E523AE5FAAEFEB5B089CCAE334E0 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp-arbeit-news02.html"
sh=7AF6AE1300ED9995A899F42BBFCAE6A2C7F7B551 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp-dantonstod.html"
sh=C10DCDFA6B17092A0E7CA8A0DBD559ACE9E7626C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp-kennstdumich.html"
sh=4D0657057FF5F9E102F20D7BB04A465419308E48 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_arbeit.html"
sh=B8C7F0865DA62E03DEB96BAB51AD9486FDB6238D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_atriden.html"
sh=541F0E31A7F77FAAEFA1080EB35678997619B8D6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_dgssdwudf.html"
sh=7BA86C728D2767AE687D0ABF6263BDEDCFBC58FC ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_hiketiden.html"
sh=4CD5FF9D09EB4477DAC0ED8308B51A8E8B0FB261 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_iphigenie.html"
sh=6F9146E71B34790DFF59654DFD3366B1DF1F0038 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\tp_sambaolek.html"
sh=D43098CC656C80FD37C67CBBC963A806F4DB74ED ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\ueberuns.html"
sh=8BBAE416AB0DC4B54D547F197C1E768AE86F250C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_erni_patrick.html"
sh=4B4093E3CD49F548C014738B5186F3BCACFA3230 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_goebel_irmtraut.html"
sh=4E8BCAE202A2604FF4DCC6E235BA5B9D08C36722 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_hartmann_neele.html"
sh=BD717223DF5926B57555F0861B6800DD3039C3A3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_hueffermann_vera.html"
sh=3B3648868D8757955B9F6EC9F18F29721BDEA701 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_koehler_anita.html"
sh=3C2A782D805036554859A35B5030501197273150 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_leithner_ulrike.html"
sh=FF4728DF1D005CB68CF280BC1FA4DF626852F0FA ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_pickel_inga.html"
sh=9FBC05E334C23081BABC8824BEC1ECAD88BC3D64 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_schuber_kai.html"
sh=391C76B721C1EC7D027F5BD7A4820AD450BD188A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\vita_triebel_susanne.html"
sh=85B082A8D3BFD9A8F9376659EB2D716AE0679E13 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\f\Documents\www2\atriden\index.html"
Downloadprotect hat sich bis jetzt nicht wieder neu installiert, der eintrag in der Registry ist allerdings noch da. soll ich den mal loeschen und gucken, was passiert? |
|
| Themen zu Download Protect 2.2.0 in Firefox 29.0.1 laesst sich nict entfernen (win 7 professional sp 1) |
| amonetize, antivirus, association, bildschirm, browser, computer, entfernen, error, feedback, festplatte, firefox, flash player, frage, ftp, helper, internet, mozilla, problem, prozess, pwmtr64v.dll, registry, required, rundll, schutz, security, server, software, starten, system, windows |
Linear-Darstellung
