| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP Crossrider von Malwarebytes entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.07.2014, 21:06
| #1 |
 |  PUP Crossrider von Malwarebytes entdeckt Hallo, ich habe mir bereits einmal von euch helfen lassen. Vielen Dank nochmal dafür. Eben hat mein Malwarebytes einen PUP gefunden. Mit Malwarebytes kriege ich den nicht komplett weg. Ich würde mich sehr über Hilfestellungen freuen! Hier die log-file: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.07.2014 Suchlauf-Zeit: 20:57:19 Logdatei: pup.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.07.08 Rootkit Datenbank: v2014.07.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Christian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 302779 Verstrichene Zeit: 28 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "146f7c28c047f9732b121e817c27515e")  , Ersetzt,[793b5745ed8e3cfaa6b518ad25df51af]Physische Sektoren: 0 (No malicious items detected) (end) |
|
08.07.2014, 05:56
| #2 |
| /// the machine /// TB-Ausbilder    | PUP Crossrider von Malwarebytes entdeckt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.07.2014, 07:38
| #3 |
| | PUP Crossrider von Malwarebytes entdeckt Danke, hier die Log-files:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by Christian (administrator) on CHRISTIAN-PC on 08-07-2014 08:31:46 Running from C:\Users\Christian\Downloads Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation) HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe Lsa: [Notification Packages] scecli ACGina ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: www.google.de FF SearchEngineOrder.1: www.google.de FF SearchEngineOrder.2: www.google.de FF SelectedSearchEngine: www.google.de FF Homepage: hxxp://www.tagesschau.de/ FF Keyword.URL: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28] Chrome: ======= CHR HomePage: hxxp://www.tagesschau.de/ CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14] CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14] CHR Extension: (New Tab) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn [2013-03-04] CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06] CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-28] ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG) S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG) S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed] S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed] R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed] R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed] S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed] S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed] S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed] R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed] S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed] S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed] S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed] R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.) S2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed] S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed] S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed] S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed] R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed] R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed] R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed] R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed] R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed] S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed] S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed] R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed] R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed] R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed] S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed] R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed] R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed] R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed] R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed] S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed] S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed] S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed] S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed] R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed] S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed] R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed] S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed] S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed] S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH) R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.) S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-08 08:31 - 2014-07-08 08:33 - 00025135 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-08 08:31 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:08 - 2014-07-08 08:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ____D () C:\Program Files\003 2014-07-02 17:46 - 2014-07-06 23:51 - 00000000 ____D () C:\Program Files\globalUpdate 2014-07-02 17:46 - 2014-07-02 17:46 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-11 10:57 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 10:57 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 10:57 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 10:57 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 10:57 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 10:57 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 10:57 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 10:57 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 10:57 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 10:57 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 10:57 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 10:57 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 10:57 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 10:57 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 10:57 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 10:57 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 10:57 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 10:57 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 10:57 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 10:57 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 10:57 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 10:57 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 10:57 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 10:57 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 10:57 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 10:57 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 10:57 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 10:57 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 10:57 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 10:57 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-08 08:33 - 2014-07-08 08:31 - 00025135 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-08 08:31 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST 2014-07-08 08:27 - 2010-03-20 14:26 - 01394379 _____ () C:\Windows\WindowsUpdate.log 2014-07-08 08:26 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-08 08:24 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian 2014-07-08 08:21 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-08 08:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-08 08:21 - 2009-07-14 06:39 - 14624261 _____ () C:\Windows\setupact.log 2014-07-08 00:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-08 00:03 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-07 23:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job 2014-07-07 22:45 - 2009-08-04 20:03 - 02018752 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-07 20:47 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 20:47 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-06 23:51 - 2014-07-02 17:46 - 00000000 ____D () C:\Program Files\globalUpdate 2014-07-06 14:53 - 2010-03-20 14:11 - 00396938 _____ () C:\Windows\PFRO.log 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat 2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira 2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-07-02 17:48 - 2014-05-14 15:49 - 00002339 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-02 17:48 - 2010-03-20 14:38 - 00001684 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ____D () C:\Program Files\003 2014-07-02 17:46 - 2014-07-02 17:46 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate 2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox 2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox 2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster 2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II 2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II 2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html 2014-06-15 23:00 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-15 23:00 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-12 18:21 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 23:46 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-11 23:43 - 2010-09-25 15:36 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB 2014-06-08 10:48 - 2014-06-11 10:57 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-11 10:57 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe C:\Users\Christian\AppData\Local\Temp\avgnt.exe C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe C:\Users\Christian\AppData\Local\Temp\Cleanup.dll C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Christian\AppData\Local\Temp\msvcm80.dll C:\Users\Christian\AppData\Local\Temp\msvcp80.dll C:\Users\Christian\AppData\Local\Temp\msvcr80.dll C:\Users\Christian\AppData\Local\Temp\Quarantine.exe C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Christian\AppData\Local\Temp\SHSetup.exe C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 22:12 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Christian at 2014-07-08 08:33:36
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{EAB74CB6-760C-2136-FC77-9549721FB84A}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70704.0230 - Advanced Micro Devices, Inc.) Hidden
Asheron's Call 2 (HKLM\...\{EDBFD0BC-3717-4E63-84F0-B7D35AA2C2ED}) (Version: 1.0.0 - Turbine, Inc.)
Avira (HKLM\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BurnAware Free 3.1.1 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.30 - Lenovo)
Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP630 series Benutzerregistrierung (HKLM\...\Canon MP630 series Benutzerregistrierung) (Version: - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0623.2346.40662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.21.0006.00 - Lenovo Group Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version: - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.49003.0 - Sonix)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{09A84D86-C709-4825-9548-ACF4838D478D}) (Version: 12.03.2000 - Intel(R) Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version: - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1294 - InterVideo Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 5 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Lenovo Fingerprint Software (HKLM\...\{3D8994A3-02A8-45B5-B955-53E608BC69ED}) (Version: 3.2.0.275 - AuthenTec, Inc.)
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.14 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 1.0.109.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Matlab OPeNDAP loaddap 3.6.2 (HKLM\...\Matlab OPeNDAP loaddap_is1) (Version: - OPeNDAP)
MATLAB R2008b (HKLM\...\MatlabR2008b) (Version: 7.7 - The MathWorks, Inc.)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{97BBF90F-A852-4AA0-872B-42D13AA22D94}) (Version: 3.4.0061 - Lenovo)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyProxyLogon-ESG (HKCU\...\MyProxyLogon-ESG) (Version: - NCSA (Modified by ANL for ESG))
National Instruments Software (HKLM\...\NI Uninstaller) (Version: - )
NI Assistant Framework (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 61 (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 70 (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 71 (Version: 2.0.03025 - National Instruments) Hidden
NI Calibration Provider for MAX (Version: 1.1.03021 - National Instruments) Hidden
NI Common Digital 1.2.0 (Version: 1.20.49152 - <no manufacturer>) Hidden
NI DAQ Assistant 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI DDSP (Version: 7.0.0 - National Instruments) Hidden
NI Distribution Information - FDS English (Version: 7.1.147 - National Instruments) Hidden
NI DPPH (Version: 7.0.0 - National Instruments) Hidden
NI Example Finder 2.0 (Version: 7.1.148 - National Instruments) Hidden
NI GPIB Provider for MAX (Version: 2.1.1.1 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 7.1 (Version: 1.0.23004 - National Instruments) Hidden
NI Instrument-IO-Assistent (Version: 1.0.23004 - National Instruments) Hidden
NI LabVIEW 7.1 (Version: 7.1.160 - National Instruments) Hidden
NI LabVIEW 7.1 Core Essentials (Version: 7.1.156 - National Instruments) Hidden
NI LabVIEW Advanced Analysis 7.1 (Version: 7.1.156 - National Instruments) Hidden
NI LabVIEW Full 7.1 (Version: 7.1.153 - National Instruments) Hidden
NI LabVIEW Picture Control and CIN Tools 7.1 (Version: 7.1.147 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 7.0 (Version: 7.0.1 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 7.1 (Version: 7.1.157 - National Instruments) Hidden
NI LabVIEW Service Locator 1.0 (Version: 1.0.0 - National Instruments) Hidden
NI LabWindows/CVI 7.0 Code Generator (Version: 7.1.00194 - National Instruments) Hidden
NI LVBroker (Version: 6.1.03001 - National Instruments) Hidden
NI LVBrokerAux1071 (Version: 1.0.115 - National Instruments) Hidden
NI LVBrokerAux70 (Version: 1.0.03014 - National Instruments) Hidden
NI LVBrokerAux71 (Version: 1.0.112 - National Instruments) Hidden
NI Measurement & Automation Explorer 3.1 (Version: 3.1.03021 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (Version: 7.0.10239 - National Instruments) Hidden
NI Measurements eXtensions for PAL 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI MIO Device Drivers 1.2.0 (Version: 1.20.49157 - National Instruments) Hidden
NI PXI Provider 1.3.0f1 for MAX (Version: 1.48.769 - National Instruments) Hidden
NI PXI Resource Manager 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Remote Provider for MAX (Version: 3.1.03021 - National Instruments) Hidden
NI Remote PXI Provider for MAX (Version: 1.1.03021 - National Instruments) Hidden
NI SCXI 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Software Provider for MAX (Version: 3.1.03021 - National Instruments) Hidden
NI Spy 2.1.0f0 (Version: 2.16.768 - National Instruments) Hidden
NI STC 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Timing 1.2.0 (Version: 1.20.49155 - <no manufacturer>) Hidden
NI Uninstaller (Version: 1.20.9 - National Instruments) Hidden
NI-488.2 1.74 (Version: 1.74.0.0 - National Insturments) Hidden
NI-DAQ 7.0 Document Set 1.0.1 (Version: 1.03.49154 - National Instruments) Hidden
NI-DAQ 7.2, Traditional (Version: 7.20.3001 - National Instruments) Hidden
NI-DAQ C API 7.2 (Version: 1.20.49152 - National Instruments) Hidden
NI-DAQ INF Files 7.2.0 (Version: 17.20.3000 - National Instruments) Hidden
NI-DAQ Provider for MAX (Version: 7.20.3001 - National Instruments) Hidden
NI-DAQmx 7.2 (Version: 1.20.49154 - National Instruments) Hidden
NI-DAQmx Documentation 1.1.1 (Version: 1.11.49156 - National Instruments) Hidden
NI-DAQmx DSA Support 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DAQmx Expert Framework 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DAQmx MAX Support 1.2.0 (Version: 1.20.49155 - National Instruments) Hidden
NI-DAQmx support for LabVIEW (Version: 1.20.49154 - National Instruments) Hidden
NI-DAQmx Switch Core 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DIM 1.1.0f0 (Version: 1.10.49152 - National Instruments) Hidden
NI-MDBG 1.1.0f0 (Version: 1.10.49152 - National Instruments) Hidden
NI-MRU 2.2.0f0 (Version: 2.20.49152 - National Instruments) Hidden
NI-MXDF 1.2.0f0 (Version: 1.20.49152 - National Instruments) Hidden
NI-ORB 1.1.0f1 (Version: 1.10.49153 - National Instruments) Hidden
NI-PAL 1.8.0f0 (Version: 9.90.3000 - National Instruments) Hidden
NI-RPC 3.1.1f0 (Version: 3.11.49152 - National Instruments) Hidden
NI-RPC 3.1.1f0 for PharLap (Version: 3.11.49152 - National Instruments) Hidden
NI-VISA 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VISA Provider 3.1 for MAX (Version: 3.16.775 - National Instruments) Hidden
NI-VISA Runtime 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VISA Server 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VXI Support for LabVIEW 1.2.1f0 (Version: 1.33.768 - National Instruments) Hidden
OpenSSH for Windows (remove only) (HKLM\...\OpenSSH) (Version: - Michael Johnson)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.2 - Frank Heindörfer, Philip Chinery)
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.20.0039.00 - Lenovo Group Limited)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
ReaConverter 6.5 Standard (HKLM\...\ReaConverter 6.5 Standard_is1) (Version: - ReaSoft)
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - )
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Creator Business Edition (Version: 10.1.177 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Samsung PC Studio (Version: 3.0.0.60203 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.179 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.8.201405281228 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0009 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{D239B547-8B20-4BDE-888D-C9CCA823FFD8}) (Version: 6.2.0.7900 - Lenovo)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.50 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.53 - )
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.1616.102 - )
ThinkPad-Dienstprogramm 'EasyEject' (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.38 - )
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.32 - Lenovo)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.10 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{D22E6706-136E-4810-AF2E-359AE30A7323}) (Version: 1.1.0029 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.63 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version: - troubadix)
Traditional NI-DAQ Documentation 1.0.3 (Version: 1.03.49154 - National Instruments) Hidden
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC classic (HKLM\...\VLC classic) (Version: 1.14 - vlcplayerdownload.com)
Wallpapers (Version: - ) Hidden
Windows Driver Package - Broadcom (b57nd60x) Net (11/29/2007 10.62.1.2) (HKLM\...\E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E) (Version: 11/29/2007 10.62.1.2 - Broadcom)
Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009) (HKLM\...\EC1E678D1EFB79A1D02C312390944027C715CD5C) (Version: 02/11/2009 8.8.0.1009 - Intel)
Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001) (HKLM\...\0A7603E3091C168CDE422A2B3481A2F7D17D0954) (Version: 02/20/2008 6.9.1.1001 - Intel)
Windows Driver Package - Intel System (01/30/2008 8.6.1.1001) (HKLM\...\5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4) (Version: 01/30/2008 8.6.1.1001 - Intel)
Windows Driver Package - Intel System (02/20/2008 8.6.1.1002) (HKLM\...\432D918ED17EA51B73E8491A0369730C0076A292) (Version: 02/20/2008 8.6.1.1002 - Intel)
Windows Driver Package - Intel System (02/20/2008 8.7.0.1007) (HKLM\...\513C7D1BF4530B30EC84716327E4D7E76810DCC5) (Version: 02/20/2008 8.7.0.1007 - Intel)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) (HKLM\...\E6CEFD9A59425A2A27E92572AB367B28C371D3D8) (Version: 09/15/2006 7.0.0.1011 - Intel)
Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011) (HKLM\...\464CE3922A214073AAEE00DEB23EA5C750AF8CE8) (Version: 02/05/2007 8.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53) (HKLM\...\3EB6CB625B5778835F0A66A7529E69050E0EE033) (Version: 03/19/2009 1.53 - Lenovo)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05) (HKLM\...\1205965EF392C9B0D5A9BDB139035F058E76359E) (Version: 02/15/2008 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11) (HKLM\...\1A96FF9D9E5F19776E6749D8F6557FCC437EB294) (Version: 07/30/2007 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13) (HKLM\...\778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44) (Version: 07/30/2007 6.00.01.13 - Ricoh Company)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37) (HKLM\...\A4680BD43717441189C52EBF2C4FD6B182EE1101) (Version: 10/02/2008 8.1.2.37 - AuthenTec Inc.)
==================== Restore Points =========================
21-06-2014 11:01:15 Geplanter Prüfpunkt
29-06-2014 17:18:47 Sony PC Companion
29-06-2014 17:21:18 Installed Sony Mobile Drivers
29-06-2014 22:11:42 Sony PC Companion
02-07-2014 16:19:31 Installed SpyHunter
02-07-2014 20:36:39 Removed SpyHunter
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {160AFF4C-B23D-4AE5-865A-549060C80638} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-02] (Google Inc.)
Task: {30D861DF-3796-43D6-AB20-CE1F1E577680} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-02] (Google Inc.)
Task: {38C0E233-3F3C-4427-AE59-6EFCAB01511D} - System32\Tasks\{C17911CA-6824-4DBA-B4DE-0AACAD851930} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {3AE80AAA-EC68-4383-AF17-C08D81F5E9CD} - System32\Tasks\{CCF91477-AE37-4BC1-A33C-4D99804C7DFB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {53A65D34-C794-4612-9A42-F8BD346E6CE9} - System32\Tasks\{941B0210-0552-47BF-BCE7-21468EAB1B28} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {54E6B0C6-0946-4299-A0B2-E8306B6FA8D1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {7EDF9242-58DD-48BC-82FB-F319D46DEB07} - System32\Tasks\{45B1EAEF-9D54-4644-BA8C-6BDC214B7084} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {8B4D4358-1BDB-4D8A-96BD-08CBFE915BC5} - System32\Tasks\{64D5CCEE-B290-44B8-BB14-DC5AA48DFC76} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {9B141615-3EFC-4AD3-A994-F774B16FCA89} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-04-15] (Lenovo Group Limited)
Task: {B97458EE-E2B5-4C02-9F8D-0CB57AA8732C} - System32\Tasks\{0DBEF8DD-2B4F-4C49-9611-A302F9639E2C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {BFEFB0E8-8021-422C-81BA-9DAC5D01E978} - System32\Tasks\{C90058F9-4A3E-446E-9C4C-A589EB01788B} => C:\Users\Christian\Saved Games\AOE\EMPIRES2.EXE [2006-10-11] (Microsoft Corporation)
Task: {C72A6CAE-5B79-4BAC-B4E2-AB1464FB34EB} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {EC6BFF44-ECBB-46E2-80B4-E81ECD4C8FF8} - System32\Tasks\{D3D0735A-FAD5-4519-884E-E3A95DA460FF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {F72CCB83-6785-4681-913D-30A19311C463} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2013-10-10 18:48 - 2013-10-10 18:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-02-11 12:27 - 2009-02-11 12:27 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2010-11-19 17:13 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-09 12:47 - 2011-09-06 23:46 - 00761279 _____ () C:\Program Files\ReaConverter 6.5 Standard\context.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-02 23:07 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Christian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-03 13:08 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-15 23:00 - 2014-06-15 23:00 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: ApRunSvc => 2
MSCONFIG\Services: ATService => 2
MSCONFIG\Services: BcmSqlStartupSvc => 2
MSCONFIG\Services: dtsvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: NILM License manager => 3
MSCONFIG\Services: niSvcLoc => 2
MSCONFIG\Services: OpcEnum => 3
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TVT Backup Protection Service => 2
MSCONFIG\startupreg: ACTray => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
MSCONFIG\startupreg: ACWlIcon => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BLOG => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CreateLMBCShortCut => "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
MSCONFIG\startupreg: CrossRiderPlugin => C:\Program Files\CrossriderWebApps\Crossrider.exe
MSCONFIG\startupreg: EZEJMNAP => C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LPMailChecker => C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
MSCONFIG\startupreg: LPManager => C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TVT Scheduler Proxy => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2014 08:21:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2014 08:38:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2014 10:54:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2014 09:45:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/07/2014 09:45:11 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/07/2014 09:42:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/07/2014 08:48:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/06/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/06/2014 02:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/06/2014 02:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/08/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/08/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/08/2014 08:26:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TVT Scheduler erreicht.
Error: (07/08/2014 08:26:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TVT Backup Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/08/2014 08:26:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TVT Backup Service erreicht.
Error: (07/08/2014 08:26:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ThinkVantage Registry Monitor Service erreicht.
Error: (07/08/2014 08:26:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/08/2014 08:26:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/08/2014 08:24:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OpenSSH Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2014 08:24:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (06/30/2014 03:04:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 690 seconds with 600 seconds of active time. This session ended with a crash.
Error: (05/14/2014 03:49:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6787 seconds with 780 seconds of active time. This session ended with a crash.
Error: (05/04/2014 09:35:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 71%
Total physical RAM: 2026.03 MB
Available physical RAM: 570.98 MB
Total Pagefile: 4052.06 MB
Available Pagefile: 2146.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.02 MB
==================== Drives ================================
Drive c: (SW_Preload) (Fixed) (Total:239.99 GB) (Free:31.44 GB) NTFS
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D0EDC3EB)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=47 GB) - (Type=05)
==================== End Of Log ============================
|
|
08.07.2014, 19:11
| #4 |
| /// the machine /// TB-Ausbilder | PUP Crossrider von Malwarebytes entdeckt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2014, 09:44
| #5 |
| | PUP Crossrider von Malwarebytes entdeckt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 09/07/2014 um 09:51:21
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Christian - CHRISTIAN-PC
# Gestartet von : C:\Users\Christian\Downloads\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : vToolbarUpdater17.0.12
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\Christian\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\CHRIST~1\AppData\Local\Temp\Uniblue
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 14);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1399902663284");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "127028");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdoocybch");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\"www.only-apartments.es\\\",\\\"www.only-apartments.de\\\",\\\"www.only-apar[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "f5e5cb44-2ed3-c958-bd28-d286b44f196b");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "14/05/2014");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1400075463");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1400076011479");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdoocyb");
-\\ Google Chrome v
[ Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : dnpmlnedpdikbgdghljdepnljfpkhccn
Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : jpnbdefcbnoefmmcpelplabbkfmfhlho
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [21750 octets] - [13/10/2013 19:20:16]
AdwCleaner[S0].txt - [21024 octets] - [13/10/2013 19:28:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21085 octets] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Christian on 09.07.2014 at 10:06:14,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Christian\AppData\Roaming\getrighttogo"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\uh5auo9h.default\minidumps [125 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2014 at 10:11:11,52
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by Christian (administrator) on CHRISTIAN-PC on 09-07-2014 10:42:22 Running from C:\Users\Christian\Downloads Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation) HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe Lsa: [Notification Packages] scecli ACGina ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: www.google.de FF SearchEngineOrder.1: www.google.de FF SearchEngineOrder.2: www.google.de FF SelectedSearchEngine: www.google.de FF Homepage: hxxp://www.tagesschau.de/ FF Keyword.URL: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28] Chrome: ======= CHR HomePage: hxxp://www.tagesschau.de/ CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14] CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14] CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15] CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06] CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14] ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG) S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG) S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed] S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed] R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed] R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed] S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed] S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed] S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed] R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed] S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed] S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed] S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed] R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed] S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed] S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed] S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed] R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed] R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed] R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed] R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed] R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed] S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed] S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed] R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed] R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed] R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed] S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed] R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed] R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed] R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed] R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed] S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed] S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed] S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed] S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed] R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed] S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed] R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed] S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed] S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed] S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH) R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.) S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-07-09 09:56 - 2014-07-09 09:57 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe 2014-07-09 09:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe 2014-07-08 08:33 - 2014-07-08 08:34 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt 2014-07-08 08:31 - 2014-07-09 10:42 - 00023918 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-08 08:31 - 2014-07-09 10:42 - 00000000 ____D () C:\FRST 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:08 - 2014-07-09 10:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-11 10:57 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 10:57 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 10:57 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 10:57 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 10:57 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 10:57 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 10:57 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 10:57 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 10:57 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 10:57 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 10:57 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 10:57 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 10:57 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 10:57 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 10:57 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 10:57 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 10:57 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 10:57 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 10:57 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 10:57 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 10:57 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 10:57 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 10:57 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 10:57 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 10:57 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 10:57 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 10:57 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 10:57 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 10:57 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 10:57 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-09 10:43 - 2014-07-08 08:31 - 00023918 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-09 10:43 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-09 10:43 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-09 10:42 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST 2014-07-09 10:37 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 10:36 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian 2014-07-09 10:33 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-09 10:33 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-09 10:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-09 10:33 - 2009-07-14 06:39 - 14644613 _____ () C:\Windows\setupact.log 2014-07-09 10:23 - 2010-03-20 14:26 - 01537210 _____ () C:\Windows\WindowsUpdate.log 2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-07-09 10:06 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-09 10:06 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-09 10:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-09 09:57 - 2014-07-09 09:56 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe 2014-07-09 09:53 - 2010-03-20 14:11 - 00397244 _____ () C:\Windows\PFRO.log 2014-07-09 09:51 - 2014-05-14 15:49 - 00001088 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-09 09:51 - 2013-10-13 19:20 - 00000000 ____D () C:\AdwCleaner 2014-07-09 09:51 - 2010-03-20 14:38 - 00001207 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-09 09:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job 2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe 2014-07-08 16:44 - 2009-08-04 20:03 - 02019072 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-07-08 08:34 - 2014-07-08 08:33 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat 2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira 2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox 2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox 2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster 2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II 2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II 2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html 2014-06-12 18:21 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 23:46 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-11 23:43 - 2010-09-25 15:36 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe C:\Users\Christian\AppData\Local\Temp\avgnt.exe C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe C:\Users\Christian\AppData\Local\Temp\Cleanup.dll C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Christian\AppData\Local\Temp\msvcm80.dll C:\Users\Christian\AppData\Local\Temp\msvcp80.dll C:\Users\Christian\AppData\Local\Temp\msvcr80.dll C:\Users\Christian\AppData\Local\Temp\Quarantine.exe C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Christian\AppData\Local\Temp\SHSetup.exe C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 13:48 ==================== End Of Log ============================ --- --- --- --- --- --- |
|
10.07.2014, 11:06
| #6 |
| /// the machine /// TB-Ausbilder | PUP Crossrider von Malwarebytes entdecktESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> PUP Crossrider von Malwarebytes entdeckt |
|
10.07.2014, 15:31
| #7 |
| | PUP Crossrider von Malwarebytes entdecktCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5665a81b6fa205458bdb094e1dc6df09
# engine=19112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-10 02:09:40
# local_time=2014-07-10 04:09:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 10485 24469708 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23156706 156632571 0 0
# scanned=357768
# found=6
# cleaned=0
# scan_time=9954
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=63DFE6FCF5F73432F5E7754AA6B9BE4C8C4BC3FD ft=1 fh=4aff3285818ec058 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=2E1EDC42A2DE4A8D2883BACDF1E537365FF5BD04 ft=1 fh=a75153a2879e5ce2 vn="möglicherweise Variante von Win32/RegistryNuke Anwendung" ac=I fn="C:\Program Files\Advanced Fix 2013\AdvancedFix.exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB33MC26\SpeedUpMyPC-standalone-setup[1].exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Temp\is-3EQFM.tmp\SpeedUpMyPC-standalone-setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` NI Spy 2.1.0f0 TuneUp Utilities 2014 (de-DE) Java 7 Update 55 Java SE Development Kit 7 Update 55 Java SE Development Kit 8 Update 5 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by Christian (administrator) on CHRISTIAN-PC on 10-07-2014 16:27:40 Running from C:\Users\Christian\Downloads Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (National Instruments Corporation) C:\Windows\System32\nipalsm.exe (AMD) C:\Windows\System32\atieclxx.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (troubadix) C:\Program Files\TPFanControl\TPFanControl.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation) HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe Lsa: [Notification Packages] scecli ACGina ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: www.google.de FF SearchEngineOrder.1: www.google.de FF SearchEngineOrder.2: www.google.de FF SelectedSearchEngine: www.google.de FF Homepage: hxxp://www.tagesschau.de/ FF Keyword.URL: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28] Chrome: ======= CHR HomePage: hxxp://www.tagesschau.de/ CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14] CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14] CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15] CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06] CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14] ========================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-10] (Avira Operations GmbH & Co. KG) S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] () S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG) S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed] S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed] R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed] R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed] S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed] S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed] S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed] S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed] R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo) S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed] S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed] S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed] S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed] R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed] S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed] S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed] S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed] R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed] R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed] R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed] R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed] R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed] R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed] S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed] S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed] R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed] R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed] R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed] S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed] S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed] R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed] R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed] R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed] R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed] R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed] R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed] S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed] S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed] S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed] S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed] R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed] S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed] R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed] S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed] S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed] S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH) R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.) S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-10 16:18 - 2014-07-10 16:18 - 00854390 _____ () C:\Users\Christian\Downloads\SecurityCheck.exe 2014-07-10 13:16 - 2014-07-10 13:17 - 02347384 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe 2014-07-09 22:55 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 22:55 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 22:55 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 22:55 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 22:55 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 22:55 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 22:55 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 22:55 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 22:55 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 22:55 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 22:55 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 22:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 22:55 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 22:55 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 22:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 22:55 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 22:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 22:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 22:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 22:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 22:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 22:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 22:54 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 22:54 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 22:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 22:54 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 22:54 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 22:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 22:54 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 22:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 22:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 22:54 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 22:54 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 22:54 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 22:54 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 22:54 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 22:54 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 22:54 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-07-09 09:56 - 2014-07-09 09:57 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe 2014-07-09 09:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe 2014-07-08 08:33 - 2014-07-08 08:34 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt 2014-07-08 08:31 - 2014-07-10 16:27 - 00023972 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-08 08:31 - 2014-07-10 16:27 - 00000000 ____D () C:\FRST 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:08 - 2014-07-10 14:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-10 16:28 - 2014-07-08 08:31 - 00023972 _____ () C:\Users\Christian\Downloads\FRST.txt 2014-07-10 16:27 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST 2014-07-10 16:18 - 2014-07-10 16:18 - 00854390 _____ () C:\Users\Christian\Downloads\SecurityCheck.exe 2014-07-10 16:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-10 16:03 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-10 15:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job 2014-07-10 14:01 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 13:18 - 2010-03-20 14:26 - 01922250 _____ () C:\Windows\WindowsUpdate.log 2014-07-10 13:17 - 2014-07-10 13:16 - 02347384 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe 2014-07-10 13:12 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-10 13:12 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-10 13:11 - 2013-10-15 15:43 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-10 13:09 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian 2014-07-10 13:08 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-10 13:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-10 13:05 - 2009-07-14 06:39 - 14675141 _____ () C:\Windows\setupact.log 2014-07-10 13:05 - 2009-07-14 06:33 - 00459688 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 12:54 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 12:54 - 2009-07-14 10:57 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 12:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-07-10 00:09 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 00:06 - 2010-09-25 15:36 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 17:28 - 2009-08-04 20:03 - 02019200 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-07-09 11:03 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-09 11:03 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-07-09 09:57 - 2014-07-09 09:56 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe 2014-07-09 09:53 - 2010-03-20 14:11 - 00397244 _____ () C:\Windows\PFRO.log 2014-07-09 09:51 - 2014-05-14 15:49 - 00001088 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-09 09:51 - 2013-10-13 19:20 - 00000000 ____D () C:\AdwCleaner 2014-07-09 09:51 - 2010-03-20 14:38 - 00001207 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe 2014-07-08 08:34 - 2014-07-08 08:33 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt 2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe 2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt 2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat 2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat 2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat 2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp 2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira 2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList 2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox 2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox 2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster 2014-06-30 03:40 - 2014-07-09 22:54 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 03:36 - 2014-07-09 22:54 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys 2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile 2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony 2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics 2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-20 21:39 - 2014-07-09 22:55 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt 2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II 2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II 2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT 2014-06-19 02:16 - 2014-07-09 22:54 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 01:56 - 2014-07-09 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 01:56 - 2014-07-09 22:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 01:38 - 2014-07-09 22:54 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 01:37 - 2014-07-09 22:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 01:36 - 2014-07-09 22:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-09 22:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 01:32 - 2014-07-09 22:54 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 01:28 - 2014-07-09 22:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 01:28 - 2014-07-09 22:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 01:25 - 2014-07-09 22:55 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 01:23 - 2014-07-09 22:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 01:23 - 2014-07-09 22:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 01:22 - 2014-07-09 22:54 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 01:16 - 2014-07-09 22:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 01:12 - 2014-07-09 22:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:06 - 2014-07-09 22:55 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-09 22:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 00:59 - 2014-07-09 22:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 22:55 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 00:52 - 2014-07-09 22:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 00:52 - 2014-07-09 22:54 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 00:49 - 2014-07-09 22:55 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 00:46 - 2014-07-09 22:54 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-09 22:55 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 22:55 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:13 - 2014-07-09 22:55 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:09 - 2014-07-09 22:55 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:07 - 2014-07-09 22:55 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-18 03:51 - 2014-07-09 22:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 02:52 - 2014-07-09 22:54 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html 2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe C:\Users\Christian\AppData\Local\Temp\avgnt.exe C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe C:\Users\Christian\AppData\Local\Temp\Cleanup.dll C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Christian\AppData\Local\Temp\msvcm80.dll C:\Users\Christian\AppData\Local\Temp\msvcp80.dll C:\Users\Christian\AppData\Local\Temp\msvcr80.dll C:\Users\Christian\AppData\Local\Temp\Quarantine.exe C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Christian\AppData\Local\Temp\SHSetup.exe C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 13:48 ==================== End Of Log ============================ --- --- --- Der ESET Scan hat ja 6 Dinge gefunden, aber nicht gelöscht, da ich ja den zugehörigen Haken entfernt habe. Sind die infizierten Dateien nun noch drauf? |
|
11.07.2014, 11:03
| #8 |
| /// the machine /// TB-Ausbilder | PUP Crossrider von Malwarebytes entdeckt Java updaten. Advanced Fix 2013 deinstallieren. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\Advanced Fix 2013
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2014, 12:17
| #9 |
| | PUP Crossrider von Malwarebytes entdecktCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Christian at 2014-07-11 13:15:55 Run:1
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\Advanced Fix 2013
*****************
C:\Program Files\Advanced Fix 2013 => Moved successfully.
==== End of Fixlog ====
|
|
12.07.2014, 07:37
| #10 |
| /// the machine /// TB-Ausbilder | PUP Crossrider von Malwarebytes entdeckt Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PUP Crossrider von Malwarebytes entdeckt |
| appdata, datenbank, detected, entdeck, entdeckt, ersetzt, firefox, komplett, log-file, malicious, malwarebytes, mozilla, osx/chatzum.a, pup.optional.crossrider.a, roaming, service, spyhunter, spyhunter entfernen, webseite, webseiten, win32/toolbar.babylon.h, win32/toolbar.conduit, windows, windows 7 |
Linear-Darstellung
