| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene BegriffeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.08.2014, 08:31
| #1 |
 |  Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Hallo zusammen. Ich habe hier letzte Nacht festgestellt, dass ich mit diesem Problem nicht alleine bin und habe diverse Anweisungen (http://www.trojaner-board.de/141363-...linkungen.html) bereits befolgt und durchgeführt ... Malwarebytes Antimalware, AdwCleaner, Junkware Removal Tool, ESET Onlinescanner (hatte 40 Bedrohungen gefunden), Security Check (die txt.Dateien existieren noch) Ich hoffe das war kein Fehler ... hat aber alles bisher nicht zum Erfolg geführt Ich habe eine bezahlte "avast Internet Security" auf dem Rechner und bin völlig ratlos, warum die mir dauernd "ALLES OK" meldet ... Also bitte ich jetzt Euch um Hilfe. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2014 Ran by Martina (administrator) on LENOVO-PC on 02-08-2014 09:11:55 Running from C:\Users\Martina\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\WINDOWS\System32\alg.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (PFU LIMITED) C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe (Microsoft Corporation) C:\WINDOWS\System32\prevhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] () HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [53248 2013-09-26] (PFU LIMITED) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [183808 2014-05-06] (Geek Software GmbH) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) HKLM-x32\...\Run: [RkiwrtkS] => C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe [67464 2012-04-05] (PFU LIMITED) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-06] (Acresso Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-05-02] (NTeWORKS) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2012-07-26] (Microsoft Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\MountPoints2: {b163cac4-55fa-11e3-bebe-f4b7e2f06094} - "F:\LaunchU3.exe" -a AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar64.dll () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar32.dll () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Best YouTube Downloader - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} [2014-07-29] FF Extension: DownloadHelper - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-29] FF Extension: Wired-Marker - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2014-07-31] FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-11] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-09] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.) S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) S4 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [65536 2004-10-18] (OLYMPUS Corporation) [File not signed] S4 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.) S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc) S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.) S4 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-05-26] (IObit) S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] () S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed] R2 Update Service for Best YouTube Downloader; C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe [114688 2014-07-19] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 acedrv05; C:\WINDOWS\system32\drivers\acedrv05.sys [136192 2013-11-03] () [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] () R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 09:11 - 2014-08-02 09:12 - 00000000 ____D () C:\FRST 2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe 2014-08-02 09:11 - 2014-08-02 09:11 - 00025128 _____ () C:\Users\Martina\Downloads\FRST.txt 2014-08-02 09:02 - 2014-08-02 09:05 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem 2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe 2014-08-02 08:35 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-08-02 08:35 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-08-02 08:35 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-08-02 08:34 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-08-02 08:34 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-08-02 08:34 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-08-02 08:34 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe 2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-01 23:16 - 2014-08-02 09:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-01 23:16 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-01 23:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-01 23:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-01 23:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader 2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat 2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-01 20:12 - 2014-08-02 06:54 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe 2014-07-30 23:34 - 2014-07-30 23:35 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe 2014-07-30 12:45 - 2014-07-30 12:54 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm 2014-07-30 09:53 - 2014-07-30 09:54 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm 2014-07-30 01:45 - 2014-07-30 01:51 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm 2014-07-30 01:37 - 2014-07-30 01:42 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part 2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader 2014-07-29 13:05 - 2014-07-29 13:05 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe 2014-07-26 10:57 - 2014-07-26 10:58 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi 2014-07-26 10:44 - 2014-07-26 11:14 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6 2014-07-26 10:36 - 2014-07-26 11:04 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe 2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe 2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe 2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher 2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java 2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip 2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip 2014-07-19 18:50 - 2014-07-19 18:53 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip 2014-07-18 16:38 - 2014-07-19 13:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-07-18 16:38 - 2014-07-19 13:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-07-18 16:38 - 2014-07-19 13:27 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-07-18 16:37 - 2014-07-18 16:38 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 16:34 - 2014-07-18 16:35 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe 2014-07-17 11:12 - 2014-07-17 11:14 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe 2014-07-17 11:11 - 2014-07-17 11:12 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe 2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk 2014-07-13 20:42 - 2014-07-29 12:11 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe 2014-07-13 20:02 - 2014-07-13 20:12 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe 2014-07-13 19:49 - 2014-07-13 19:51 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe 2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-13 15:34 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2014-07-13 15:34 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-12 14:34 - 2014-07-12 14:53 - 00000000 ____D () C:\Users\Martina\MediathekView 2014-07-12 14:18 - 2014-07-12 14:30 - 00000000 ____D () C:\Users\Martina\.mediathek3 2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6 2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip 2014-07-12 13:00 - 2014-07-22 13:01 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software 2014-07-12 12:59 - 2014-07-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-11 12:32 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-11 12:32 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-11 12:32 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-07-11 12:32 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-11 12:32 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-11 12:32 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-07-11 12:32 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-07-11 12:32 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-11 12:32 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-11 12:32 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-07-11 12:32 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-07-11 12:32 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-07-11 12:32 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-07-10 08:42 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2014-07-10 08:42 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2014-07-10 08:42 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-10 08:42 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2014-07-10 08:41 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2014-07-10 08:32 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-10 08:32 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-10 08:32 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-10 08:16 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-10 08:16 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-10 08:16 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten 2014-07-05 14:51 - 2014-07-05 14:51 - 00001071 _____ () C:\Users\Martina\Desktop\ScanSnap iX500 - Verknüpfung.lnk 2014-07-05 10:31 - 2014-07-05 10:31 - 00000000 ____D () C:\Users\Martina\AppData\Local\PFU_LIMITED 2014-07-05 10:26 - 2014-07-05 10:26 - 00001062 _____ () C:\Users\Public\Desktop\Rack2-Filer Smart.lnk 2014-07-05 10:26 - 2014-07-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rack2-Filer Smart 2014-07-04 16:50 - 2014-07-04 16:50 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2014-07-04 16:50 - 2014-07-04 16:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 09:12 - 2014-08-02 09:11 - 00000000 ____D () C:\FRST 2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe 2014-08-02 09:11 - 2014-08-02 09:11 - 00025128 _____ () C:\Users\Martina\Downloads\FRST.txt 2014-08-02 09:07 - 2013-08-02 08:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1652106630-3679740725-1600711223-1002 2014-08-02 09:05 - 2014-08-02 09:02 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem 2014-08-02 09:04 - 2014-06-01 12:05 - 01480886 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-02 09:04 - 2013-04-07 22:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2014-08-02 09:02 - 2014-08-01 23:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-02 09:02 - 2014-06-01 07:56 - 00000420 _____ () C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job 2014-08-02 09:01 - 2014-06-11 18:31 - 00030852 _____ () C:\WINDOWS\PFRO.log 2014-08-02 09:01 - 2013-08-05 09:21 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl 2014-08-02 09:01 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-02 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\tracing 2014-08-02 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-02 09:00 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-02 08:57 - 2013-08-06 17:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe 2014-08-02 08:46 - 2013-08-02 12:28 - 02739712 ___SH () C:\Users\Martina\Desktop\Thumbs.db 2014-08-02 08:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe 2014-08-02 06:55 - 2014-05-29 21:16 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-08-02 06:54 - 2014-08-01 20:12 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-01 23:44 - 2014-01-15 00:41 - 00000000 ____D () C:\Users\Martina\Desktop\Desktop Zwischenablage 2014-08-01 23:41 - 2014-05-13 13:51 - 00000000 ____D () C:\AdwCleaner 2014-08-01 23:16 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader 2014-08-01 20:17 - 2013-08-02 12:59 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-01 20:16 - 2013-08-02 12:59 - 00000000 ____D () C:\Users\Martina\AppData\Local\Google 2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat 2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe 2014-08-01 16:17 - 2012-07-26 07:26 - 00000269 _____ () C:\WINDOWS\win.ini 2014-07-31 20:21 - 2013-04-08 07:35 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-31 20:21 - 2013-04-08 07:35 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-31 20:21 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-31 11:05 - 2014-03-18 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-30 23:35 - 2014-07-30 23:34 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe 2014-07-30 23:35 - 2013-08-06 09:07 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-30 23:35 - 2013-08-06 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-30 23:35 - 2013-08-06 09:07 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-30 12:54 - 2014-07-30 12:45 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm 2014-07-30 09:54 - 2014-07-30 09:53 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm 2014-07-30 09:54 - 2013-08-04 13:31 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\vlc 2014-07-30 01:51 - 2014-07-30 01:45 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm 2014-07-30 01:42 - 2014-07-30 01:37 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part 2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader 2014-07-29 13:05 - 2014-07-29 13:05 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe 2014-07-29 12:11 - 2014-07-13 20:42 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe 2014-07-29 11:19 - 2013-08-04 00:04 - 00000000 ____D () C:\Users\Martina\dwhelper 2014-07-28 09:52 - 2013-08-24 13:18 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Skype 2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-26 11:14 - 2014-07-26 10:44 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6 2014-07-26 11:04 - 2014-07-26 10:36 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe 2014-07-26 10:59 - 2013-08-06 12:19 - 00000000 ____D () C:\Program Files (x86)\HP 2014-07-26 10:58 - 2014-07-26 10:57 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi 2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe 2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe 2014-07-26 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-07-25 18:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-07-25 07:24 - 2013-08-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher 2014-07-22 13:01 - 2014-07-12 13:00 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791 2014-07-22 13:01 - 2014-07-12 12:59 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-07-21 07:25 - 2013-08-02 21:49 - 00000000 ____D () C:\Users\Martina\Documents\02 My Privacy 2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java 2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip 2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip 2014-07-19 18:53 - 2014-07-19 18:50 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip 2014-07-19 13:27 - 2014-07-18 16:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-07-19 13:27 - 2014-07-18 16:38 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-07-19 13:27 - 2014-07-18 16:38 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-07-19 13:27 - 2014-06-17 20:34 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-07-19 13:27 - 2014-06-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 17:18 - 2014-06-01 12:15 - 01433027 _____ () C:\WINDOWS\setupact.log 2014-07-18 17:17 - 2014-06-05 11:06 - 00001984 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-07-18 16:54 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-18 16:38 - 2014-07-18 16:37 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 16:35 - 2014-07-18 16:34 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe 2014-07-17 11:14 - 2014-07-17 11:12 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe 2014-07-17 11:12 - 2014-07-17 11:11 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe 2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk 2014-07-16 09:31 - 2013-08-02 07:58 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Adobe 2014-07-13 20:12 - 2014-07-13 20:02 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe 2014-07-13 20:12 - 2013-08-02 22:46 - 00000000 ___RD () C:\Users\Martina\Dropbox 2014-07-13 19:51 - 2014-07-13 19:49 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe 2014-07-13 16:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-13 15:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\DropboxMaster 2014-07-13 15:41 - 2013-08-02 22:44 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Dropbox 2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-13 14:28 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-13 13:47 - 2013-08-05 10:05 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-13 13:44 - 2013-08-02 14:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-13 13:44 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-13 13:42 - 2013-08-02 09:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-12 14:53 - 2014-07-12 14:34 - 00000000 ____D () C:\Users\Martina\MediathekView 2014-07-12 14:34 - 2013-08-02 07:56 - 00000000 ____D () C:\Users\Martina 2014-07-12 14:30 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\.mediathek3 2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6 2014-07-12 14:16 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip 2014-07-12 13:33 - 2013-08-06 17:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-07 23:38 - 2014-05-02 09:47 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\dvdcss 2014-07-07 13:13 - 2014-04-07 11:33 - 00000000 ____D () C:\Users\Martina\Documents\ScanSnap 2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten 2014-07-06 11:11 - 2013-08-02 12:59 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-07-05 14:51 - 2014-07-05 14:51 - 00001071 _____ () C:\Users\Martina\Desktop\ScanSnap iX500 - Verknüpfung.lnk 2014-07-05 10:31 - 2014-07-05 10:31 - 00000000 ____D () C:\Users\Martina\AppData\Local\PFU_LIMITED 2014-07-05 10:31 - 2014-04-07 11:22 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\PFU 2014-07-05 10:26 - 2014-07-05 10:26 - 00001062 _____ () C:\Users\Public\Desktop\Rack2-Filer Smart.lnk 2014-07-05 10:26 - 2014-07-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rack2-Filer Smart 2014-07-05 10:26 - 2014-04-07 12:40 - 00000000 ____D () C:\ProgramData\PFU 2014-07-05 10:24 - 2014-04-07 11:10 - 00000000 ____D () C:\Program Files (x86)\PFU 2014-07-04 16:50 - 2014-07-04 16:50 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2014-07-04 16:50 - 2014-07-04 16:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-07-04 16:50 - 2014-04-25 09:15 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-07-04 16:50 - 2014-04-09 09:58 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-07-04 16:50 - 2014-04-09 09:58 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys Files to move or delete: ==================== C:\ProgramData\Lenovo-8204.vbs Some content of TEMP: ==================== C:\Users\Martina\AppData\Local\Temp\APNSetup.exe C:\Users\Martina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkbmxe.dll C:\Users\Martina\AppData\Local\Temp\Execute2App.exe C:\Users\Martina\AppData\Local\Temp\jre-8u11-windows-au.exe C:\Users\Martina\AppData\Local\Temp\msvcp90.dll C:\Users\Martina\AppData\Local\Temp\msvcr90.dll C:\Users\Martina\AppData\Local\Temp\Quarantine.exe C:\Users\Martina\AppData\Local\Temp\SHSetup.exe C:\Users\Martina\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-31 08:25 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2014
Ran by Martina at 2014-08-02 09:13:30
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader for ScanSnap (TM) 5.0 (HKLM-x32\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
BelegManager (HKLM-x32\...\{FBF4C1A4-C82A-4678-8382-CFDCEE14D515}) (Version: 1.00.0000 - Wolters Kluwer Deutschland GmbH)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Best YouTube Downloader (HKLM-x32\...\Best YouTube Downloader) (Version: 1.5.3 - Neobars)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.0L10 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Delicious (HKCU\...\hxxp://delicious.com) (Version: - )
DirPrintOK (HKLM-x32\...\DirPrintOK) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Evernote v. 4.5.8 (HKLM-x32\...\{DED01768-E634-11E1-AEB0-984BE15F174E}) (Version: 4.5.8.7356 - Evernote Corp.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Klett Lehrersoftware Red Line (LM 4) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 4)) (Version: - )
Klett Lehrersoftware Red Line (LM 5) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 5)) (Version: - )
Klett Lernsoftware Mathematik - Einblicke 9 (HKLM-x32\...\Klett Lernsoftware Mathematik - Einblicke 9_is1) (Version: - )
Klett Lernsoftware Mathematik - Schnittpunkt (4. Lernjahr) 8 BW (HKLM-x32\...\Klett Lernsoftware Mathematik - Schnittpunkt (4.~93F79701_is1) (Version: - )
Klett Mathetrainer 10 (HKLM-x32\...\Klett Mathetrainer 10_is1) (Version: - )
KV-WIN (HKLM-x32\...\{54613ADC-0DDC-4BFE-8D25-281272D58D5D}) (Version: 7.113.6 - MORGEN & MORGEN)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LV-WIN (HKLM-x32\...\{BFC1E04D-AA94-4E5F-A220-89209FF0FA3A}) (Version: 7.113.6 - MORGEN & MORGEN)
Magic Desktop (HKLM-x32\...\{A96758C2-3ED3-4035-BD35-7194ED35AB92}) (Version: 1.00.2250 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neevia PDFcompress v3.5 (HKLM-x32\...\Neevia PDFcompress_is1) (Version: - neeviaPDF.com)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Olympus DSS Player (HKLM-x32\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 23.0.1522.60 (HKLM-x32\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.3 - NTeWORKS)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Rack2-Filer Smart (HKLM-x32\...\{3793727D-CC1F-40CC-BEA6-1E04539714ED}) (Version: 1.00.0012 - PFU LIMITED)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.1L11 - PFU)
ScanSnap Manager (x32 Version: 6.1.11.2.4 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.0L11 - PFU)
ScanSnap Organizer (x32 Version: 5.0.11.1 - PFU LIMITED) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Softwarenetz Fahrtenbuch2 (HKLM-x32\...\Fahrtenbuch2) (Version: - Softwarenetz)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version: - Softwarenetz)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version: - Softwarenetz)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Steuer-Spar-Erklärung Selbstständige 2012 (HKLM-x32\...\{9D1F3849-C808-4D5F-AB86-C8DD27B24439}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung Selbstständige 2013 (HKLM-x32\...\{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Martina\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-07-2014 12:15:29 Installed Java 8 Update 5
18-07-2014 14:37:00 Installed Java 7 Update 65
25-07-2014 05:19:36 Windows Update
26-07-2014 08:58:09 Dot4 wird installiert
01-08-2014 17:39:47 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 17:47:54 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 18:13:02 Installed SpyHunter
02-08-2014 04:52:00 Removed SpyHunter
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {212A5001-F299-4F98-99D6-E234C179E989} - System32\Tasks\Opera scheduled Autoupdate 1405162791 => C:\Program Files (x86)\Opera\launcher.exe [2014-07-18] (Opera Software)
Task: {2190BDB8-D7C5-43B9-AA04-C53ABC6D9184} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {36143B39-7C47-4FE5-A62D-AAA73900E896} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {4337FFEB-74D2-497F-AD9B-3330BA744750} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {554DF1F8-9A06-4334-B47B-77E2F929A8B8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5F66191A-8E53-475B-83A2-BDFD6E583948} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {64004EF0-4EDA-43E2-AF48-7EDFC0A5B1F7} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-05-26] (IObit)
Task: {70E8F7AF-F0B1-4ACB-BC36-E3DAFA303290} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {763DCDBC-39FF-4A75-9DFD-C19406D5BDD6} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-03-14] (Microsoft)
Task: {80EF7B72-DC16-40A1-A554-ECE32978D598} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {A2663767-C3B8-4360-9790-267B1C9D7171} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()
Task: {B6FBDAD0-7DFA-4C65-B5CB-A23D281076DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
Task: {BB24F679-4849-4747-A847-3A2AB26771FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C3983FEE-E76A-4EE6-A45B-6C82B9F6E16B} - System32\Tasks\RegInOut on user logon - Martina => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC0A0224-A31C-47A1-94E6-24803ABCDEB3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {DAE4A480-805B-4479-A779-CFC8FE820136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EA81D209-10E0-4E18-9815-C30890BE2A16} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F083E840-E69B-477D-A3EF-A2B1995D2F42} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {FD368452-5A59-45DD-8D70-B992DFE31867} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2013-12-26 19:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-07 22:17 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-12 13:04 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-10-12 13:04 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-07-19 06:03 - 2014-07-19 06:03 - 00114688 _____ () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
2014-07-04 16:50 - 2014-07-04 16:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 19:39 - 2014-08-01 19:39 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2014-06-02 08:33 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-07 11:15 - 2012-06-25 16:54 - 00599419 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\sqlite3.dll
2014-04-07 11:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2014-04-07 11:10 - 2013-04-24 14:50 - 00421888 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-04-07 11:10 - 2012-09-05 11:25 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-04-07 11:10 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-04-07 11:10 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-04-07 11:10 - 2011-12-06 14:00 - 00897024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-18 23:14 - 2014-07-30 00:18 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DM1Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StartMenuService => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Detector 3.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKCU\...\StartupApproved\Run: => "ISUSPM"
HKCU\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2014 09:00:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/02/2014 09:00:43 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (08/02/2014 08:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/02/2014 08:44:01 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (08/02/2014 07:05:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/02/2014 07:05:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/02/2014 07:05:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/02/2014 06:55:59 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (08/02/2014 06:54:32 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LENOVO-PC)
Description: Die Anwendung oder der Dienst "SpyHunter4 application" konnte nicht heruntergefahren werden.
System errors:
=============
Error: (08/02/2014 09:01:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 09:00:37 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (08/02/2014 08:45:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 06:56:29 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Microsoft Office Sessions:
=========================
Error: (05/17/2014 03:11:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 154173 seconds with 5280 seconds of active time. This session ended with a crash.
Error: (05/13/2014 00:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18897 seconds with 1980 seconds of active time. This session ended with a crash.
Error: (01/18/2014 00:04:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 87142 seconds with 2820 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-02 09:01:21.783
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 08:45:18.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 06:56:42.564
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 23:42:01.892
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 23:32:07.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 20:06:31.346
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-31 11:05:28.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-28 16:12:25.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-26 11:43:15.466
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-23 11:50:10.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8055.77 MB
Available physical RAM: 5393.51 MB
Total Pagefile: 9271.77 MB
Available Pagefile: 6783.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:753.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 914B441A)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
02.08.2014, 09:00
| #2 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene BegriffeCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, Update, 01.08.2014 23:16:28, SYSTEM, LENOVO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1, Update, 01.08.2014 23:16:46, SYSTEM, LENOVO-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.1.5, Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Refresh, Starting, Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopping, Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopped, Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Refresh, Success, Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, Protection, 01.08.2014 23:33:01, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01.08.2014 Scan Time: 23:17:05 Logfile: 140801 MBAM Scanning History Log.txt Administrator: No Version: 2.00.2.1012 Malware Database: v2014.08.01.05 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Martina Scan Type: Threat Scan Result: Completed Objects Scanned: 306005 Time Elapsed: 12 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 7 PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7F2F43AC-A6F0-4685-A6BD-6550C3836F91}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{58BB7423-A9E3-47E0-9742-61E3BC3D5A18}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{58BB7423-A9E3-47E0-9742-61E3BC3D5A18}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7F2F43AC-A6F0-4685-A6BD-6550C3836F91}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SquirrelWeb, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\SquirrelWeb, Quarantined, [125716ab403b3cfacdc6d34c6e9627d9], PUP.Optional.SquirrelWeb.A, HKU\S-1-5-21-1652106630-3679740725-1600711223-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SquirrelWeb, Quarantined, [c3a611b05328e94d563ea679010343bd], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], Files: 5 PUP.Optional.OpenCandy, C:\Users\Martina\Downloads\PhotoScape_V3.6.5.exe, Quarantined, [8bde4978b4c73501fa08994945bfb34d], PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWeb.ico, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWebBHO.dll, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWebUninstall.exe, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\updateSquirrelWeb.exe, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Martina on 01.08.2014 at 23:48:47,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Martina\AppData\Roaming\mozilla\firefox\profiles\6to7x2jt.default-1404712144356\prefs.js
user_pref("extensions.5b3b7c2afb3f46ffb50f1c7c8fe92f36.localStoragecom.ab.advertising.ad.AdvertiseCOM_intext.common_data", "\"eyJpZCI6IjEyIiwibmFtZSI6IkFkdmVydGlzZUNPTV9pbnRle
user_pref("extensions.5b3b7c2afb3f46ffb50f1c7c8fe92f36.localStoragecom.ab.advertising.ad.DealPly.common_data", "\"eyJpZCI6IjIzIiwibmFtZSI6IkRlYWxQbHkiLCJ1cmwiOiJodHRwOi8vZmlsZ
Emptied folder: C:\Users\Martina\AppData\Roaming\mozilla\firefox\profiles\6to7x2jt.default-1404712144356\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at 6:49:59,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe.vir Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\456a7aaa4898da7bbdff88a06fd66a2a\MyPhoneExplorer_1.8.5.exe.vir Win32/DownWare.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\ABC teaching\_pupils\Michelle - Krabat usw\BerlinervonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe Win32/Somoto.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\adobe-flash-player-for-64-bit-windows_setup.exe Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\mahjong.exe Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\PDFCreator-1_7_1_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick26_inst.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst328.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer(1).exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Angry IP Scanner - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Junkware Removal Tool - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\MediathekView - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\MyPhoneExplorer - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Office Vorlagen Top 50 Pack - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\OpenOffice - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\OpenOffice offizielles Vorlagenpaket - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Opera - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Personal Backup - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_333inst.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_inst-3.3.0.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_inst_331.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\reginout_setup.exe Mehrere Bedrohungen Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Martina\Downloads\Revo Uninstaller - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Samsung Kies - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\SpiderOak - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Zattoo - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2725197c882b264e8528f889d7d91d1f
# engine=19464
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-02 06:38:55
# local_time=2014-08-02 08:38:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 96 45158 9931219 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5275862 11352424 0 0
# scanned=249123
# found=40
# cleaned=40
# scan_time=5407
sh=19A9D79A96AA8133AA10546D440F8049FEC45261 ft=1 fh=64f4e669a01b7e7c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=1F574BFEF2A0958496E684ACA4F3F2E1F85DD6CE ft=1 fh=1abf73cff647d1b5 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=D4DC02B4AC9316700F2F5A95BF11A48C1BCB98C9 ft=1 fh=8bab25556a7d729a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E8A32149C1221F5B8694E2999BFF0B9ACFBE1DCC ft=1 fh=79afd1c4006030eb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=ECF7023B3AD76F29BD7EF5DE4926C99826289041 ft=1 fh=151b867e28c46231 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1AABC9516F78675BBA63E865FC14259E2DD6B18C ft=1 fh=27e90cb0da2da6dd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=C7503F846F47819BA49BE6A8EB87E094C012D6AB ft=1 fh=2a7e0f6b6b94c09b vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=AFA7B3C2D0452211D736AF40E5E94CDAACE0BC03 ft=1 fh=54ae330ed9e71419 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\456a7aaa4898da7bbdff88a06fd66a2a\MyPhoneExplorer_1.8.5.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=EE5D21744C192C7FE80EFFCA349F53886D30E7D6 ft=1 fh=fe76caba6c65e116 vn="Win32/Somoto.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\ABC teaching\_pupils\Michelle - Krabat usw\BerlinervonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe"
sh=D791C2B78450956563670BE5BAD0068069A2DB58 ft=1 fh=c71c001137204650 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\adobe-flash-player-for-64-bit-windows_setup.exe"
sh=7AD7D1BCE688BB590A89BBF403DDEFD139F12B30 ft=1 fh=5b10c69677ec3e71 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\mahjong.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\PDFCreator-1_7_1_setup.exe"
sh=5115311E34260AF7A85F1B910BDA7185B3858834 ft=1 fh=f64756f81c0e55b5 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick26_inst.exe"
sh=87D0C5FD58DB8B74BB056F161A891498E56E8DD5 ft=1 fh=63a456f7817a8f4f vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst.exe"
sh=413FA20C5887A35B4DCD9274CC2E143F31B13100 ft=1 fh=65bcca7ded8fcd4c vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst328.exe"
sh=9B07920006AC114DA0CCF68F1C384A1A960ED75E ft=1 fh=337b8dff9700f16d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer(1).exe"
sh=708BC09A2F0F295F5B84868F537F28ED095C2C22 ft=1 fh=262f53d0fba7d672 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer.exe"
sh=51EE7E0F64AED6A0CD27E098F40821CCF9B9E685 ft=1 fh=1cbfff55588eb226 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Angry IP Scanner - CHIP-Installer.exe"
sh=B6811FCE0651FE0AA88A6EE7749885260C16C20D ft=1 fh=c3e1d11626ade648 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=36E2B26B109F3C690053AF0539AD6AED7FE2433E ft=1 fh=f11055d2f219e929 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Junkware Removal Tool - CHIP-Installer.exe"
sh=96CDE6F910CFFE301CC8ABDFAEAF5F9F63197508 ft=1 fh=c4bd8f9d3aa6d1fa vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\MediathekView - CHIP-Installer.exe"
sh=0873115CDC0FB208E477C499CED185ECEF27694D ft=1 fh=50134d8d40f9fad0 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\MyPhoneExplorer - CHIP-Installer.exe"
sh=A2AEB16E1B503FB50591A38C02E49F2F1E7842B7 ft=1 fh=455d0aefbd9a0775 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Office Vorlagen Top 50 Pack - CHIP-Installer.exe"
sh=85F8F2C2014C6849F50A87B1752037F6B6772E35 ft=1 fh=46269d4ee93b53db vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\OpenOffice - CHIP-Installer.exe"
sh=93596A439566663D0410B73B547CC6B7E343A057 ft=1 fh=add184adf083e30a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\OpenOffice offizielles Vorlagenpaket - CHIP-Installer.exe"
sh=1983AA789FA0A7A65E637D2E163B98108638AE90 ft=1 fh=3f23d5fe1169db57 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Opera - CHIP-Installer.exe"
sh=663F12BD27FEB069D3464270E43F8A02089312A3 ft=1 fh=670eb494ede74dee vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\PDFCreator-1_7_3_setup.exe"
sh=A83C0C4A209C6B1302CEF3ECC804260C980CEFD1 ft=1 fh=34131789163bbc22 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Personal Backup - CHIP-Installer.exe"
sh=0ABC8ADF9D9E13D3D9BC26A52E01E51147905548 ft=1 fh=c48ce4d4114f6e4f vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_333inst.exe"
sh=D5C6A637D1BF0D61F60BBF293FFF5133307DB528 ft=1 fh=f46e862e906b9486 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_inst-3.3.0.exe"
sh=F6A2FFF6E12DDA10C85E740D9E9A5F83102F1D51 ft=1 fh=3489e83bfbbdf76a vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_inst_331.exe"
sh=C514A1A086FACED27A0A1F47D1FD1AFDA02E4F13 ft=1 fh=7e9d68697073312d vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\reginout_setup.exe"
sh=F14FF3D5DDE145E45102B6A08FD6312290A9F1BF ft=1 fh=92462fdce21d64c4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Revo Uninstaller - CHIP-Installer.exe"
sh=7048E1195286B6B5ABB620F35F3BC944112D923D ft=1 fh=3a165938ba31ad2c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Samsung Kies - CHIP-Installer.exe"
sh=E013F71B3A3E4E678B5E162630D122F66F59985C ft=1 fh=04e6437f9ca917ac vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\SpiderOak - CHIP-Installer.exe"
sh=CEB6D78A43A3D97778C03A5303253D5B12FA829D ft=1 fh=ebb63204d13aade1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Zattoo - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Java 8 Update 11 Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
05.08.2014, 06:33
| #3 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Was habe ich denn falsch gemacht, dass hier gar niemand reagiert?
__________________ |
|
06.08.2014, 09:59
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Hi, Zitat:
Zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.08.2014, 10:22
| #5 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2014 Ran by Martina (administrator) on LENOVO-PC on 06-08-2014 11:17:48 Running from C:\Users\Martina\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe (Microsoft Corporation) C:\WINDOWS\System32\alg.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (PFU LIMITED) C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe (Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\phase-6\phase-6\jre6\bin\javaw.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\ScanSnapUpdater.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe (Softwarenetz) C:\Softwarenetz\Haushaltsbuch4\hausbuch4.exe (Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] () HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [53248 2013-09-26] (PFU LIMITED) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [183808 2014-05-06] (Geek Software GmbH) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) HKLM-x32\...\Run: [RkiwrtkS] => C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe [67464 2012-04-05] (PFU LIMITED) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-06] (Acresso Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-05-02] (NTeWORKS) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2012-07-26] (Microsoft Corporation) HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\MountPoints2: {b163cac4-55fa-11e3-bebe-f4b7e2f06094} - "F:\LaunchU3.exe" -a AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar64.dll () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar32.dll () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-03] FF Extension: DownloadHelper - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-29] FF Extension: Wired-Marker - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2014-07-31] FF Extension: Hide My Ass Proxy Extension - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\extension@hidemyass.com.xpi [2014-08-03] FF Extension: NoScript - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-02] FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-11] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-09] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.) S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) S4 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [65536 2004-10-18] (OLYMPUS Corporation) [File not signed] S4 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.) S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc) S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.) S4 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-05-26] (IObit) S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] () S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed] R2 Update Service for Best YouTube Downloader; C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe [114688 2014-07-19] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 acedrv05; C:\WINDOWS\system32\drivers\acedrv05.sys [136192 2013-11-03] () [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] () R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-05 07:14 - 2014-08-05 07:14 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64(1).msi 2014-08-05 07:14 - 2014-08-05 07:14 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(2).msi 2014-08-05 07:14 - 2014-08-05 07:14 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6(1).msi 2014-08-05 07:12 - 2014-08-05 07:12 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64.msi 2014-08-05 07:12 - 2014-08-05 07:12 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(1).msi 2014-08-05 07:12 - 2014-08-05 07:12 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6.msi 2014-08-05 06:59 - 2014-08-05 06:59 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64.msi 2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Martina\AppData\Local\Conexant 2014-08-04 16:10 - 2014-08-04 16:10 - 00130803 _____ () C:\Users\Martina\Desktop\Michael_F.html 2014-08-02 21:45 - 2014-08-02 21:45 - 00448512 _____ (OldTimer Tools) C:\Users\Martina\Downloads\TFC.exe 2014-08-02 21:29 - 2014-08-02 21:35 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-02 21:29 - 2014-08-02 21:29 - 00001094 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-02 21:27 - 2014-08-02 21:27 - 04095448 _____ (BrightFort LLC ) C:\Users\Martina\Downloads\spywareblastersetup50.exe 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinPatrol 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-08-02 21:15 - 2014-08-02 21:16 - 01156136 _____ (Ruiware) C:\Users\Martina\Downloads\wpsetup.exe 2014-08-02 21:08 - 2014-08-06 07:08 - 00002262 _____ () C:\WINDOWS\SecuniaPackage.log 2014-08-02 21:01 - 2014-08-02 21:01 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Users\Martina\AppData\Local\Secunia PSI 2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-02 20:37 - 2014-08-02 20:37 - 05329480 _____ (Secunia) C:\Users\Martina\Downloads\PSISetup_3.0.0.9016.exe 2014-08-02 20:28 - 2014-08-02 20:29 - 00538220 _____ () C:\Users\Martina\Downloads\noscript-2.6.8.36.xpi.zip 2014-08-02 13:50 - 2014-08-02 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:20 - 2014-08-06 11:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ClassicShell 2014-08-02 13:20 - 2014-08-02 13:20 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\Program Files\Classic Shell 2014-08-02 13:17 - 2014-08-02 13:17 - 00826192 _____ (Chip Digital GmbH) C:\Users\Martina\Downloads\Classic Shell - CHIP-Installer.exe 2014-08-02 09:13 - 2014-08-02 09:14 - 00047779 _____ () C:\Users\Martina\Downloads\Addition.txt 2014-08-02 09:11 - 2014-08-06 11:18 - 00028312 _____ () C:\Users\Martina\Downloads\FRST.txt 2014-08-02 09:11 - 2014-08-06 11:17 - 00000000 ____D () C:\FRST 2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe 2014-08-02 09:02 - 2014-08-04 07:00 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem 2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe 2014-08-02 08:35 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-08-02 08:35 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-08-02 08:35 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-08-02 08:35 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-08-02 08:34 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-08-02 08:34 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-08-02 08:34 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-08-02 08:34 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe 2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-01 23:16 - 2014-08-06 08:05 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-01 23:16 - 2014-08-02 13:52 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-01 23:16 - 2014-08-02 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-01 23:16 - 2014-08-02 13:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 23:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-01 23:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-01 23:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader 2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat 2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe 2014-07-30 23:34 - 2014-07-30 23:35 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe 2014-07-30 12:45 - 2014-07-30 12:54 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm 2014-07-30 09:53 - 2014-07-30 09:54 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm 2014-07-30 01:45 - 2014-07-30 01:51 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm 2014-07-30 01:37 - 2014-07-30 01:42 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part 2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader 2014-07-29 13:05 - 2014-08-06 07:08 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe 2014-07-26 10:57 - 2014-07-26 10:58 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi 2014-07-26 10:44 - 2014-07-26 11:14 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6 2014-07-26 10:36 - 2014-07-26 11:04 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe 2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe 2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe 2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher 2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java 2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip 2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip 2014-07-19 18:50 - 2014-07-19 18:53 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip 2014-07-18 16:38 - 2014-07-19 13:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-07-18 16:38 - 2014-07-19 13:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-07-18 16:38 - 2014-07-19 13:27 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-07-18 16:37 - 2014-07-18 16:38 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 16:34 - 2014-07-18 16:35 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe 2014-07-17 11:12 - 2014-07-17 11:14 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe 2014-07-17 11:11 - 2014-07-17 11:12 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe 2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk 2014-07-13 20:42 - 2014-07-29 12:11 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe 2014-07-13 20:02 - 2014-07-13 20:12 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe 2014-07-13 19:49 - 2014-07-13 19:51 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe 2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-13 15:34 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2014-07-13 15:34 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-12 14:34 - 2014-07-12 14:53 - 00000000 ____D () C:\Users\Martina\MediathekView 2014-07-12 14:18 - 2014-07-12 14:30 - 00000000 ____D () C:\Users\Martina\.mediathek3 2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6 2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip 2014-07-12 13:00 - 2014-07-22 13:01 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software 2014-07-12 12:59 - 2014-07-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-11 12:32 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-11 12:32 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-11 12:32 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-07-11 12:32 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-07-11 12:32 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-11 12:32 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-11 12:32 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-07-11 12:32 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-07-11 12:32 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-07-11 12:32 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-11 12:32 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-11 12:32 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-11 12:32 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-07-11 12:32 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-07-11 12:32 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-07-11 12:32 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-07-11 12:32 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-07-10 08:42 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2014-07-10 08:42 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2014-07-10 08:42 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-10 08:42 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2014-07-10 08:41 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2014-07-10 08:32 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-10 08:32 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-10 08:32 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-10 08:16 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-10 08:16 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-10 08:16 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 11:18 - 2014-08-02 09:11 - 00028312 _____ () C:\Users\Martina\Downloads\FRST.txt 2014-08-06 11:17 - 2014-08-02 13:20 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ClassicShell 2014-08-06 11:17 - 2014-08-02 09:11 - 00000000 ____D () C:\FRST 2014-08-06 11:09 - 2013-08-24 13:18 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Skype 2014-08-06 11:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-06 10:57 - 2013-08-06 17:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-06 10:44 - 2013-08-02 09:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-06 10:41 - 2012-07-26 07:26 - 00000269 _____ () C:\WINDOWS\win.ini 2014-08-06 08:49 - 2013-08-02 12:28 - 02854400 ___SH () C:\Users\Martina\Desktop\Thumbs.db 2014-08-06 08:05 - 2014-08-01 23:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 07:49 - 2014-06-01 12:05 - 01789684 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-06 07:19 - 2013-08-02 08:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1652106630-3679740725-1600711223-1002 2014-08-06 07:08 - 2014-08-02 21:08 - 00002262 _____ () C:\WINDOWS\SecuniaPackage.log 2014-08-06 07:08 - 2014-07-29 13:05 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-08-06 07:04 - 2013-04-08 07:35 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat 2014-08-06 07:04 - 2013-04-08 07:35 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat 2014-08-06 07:04 - 2013-04-07 22:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2014-08-06 07:04 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-06 07:01 - 2014-06-01 07:56 - 00000420 _____ () C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job 2014-08-06 06:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\tracing 2014-08-05 14:13 - 2014-06-05 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-08-05 14:13 - 2014-06-05 09:19 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Samsung 2014-08-05 14:13 - 2014-06-05 09:06 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-08-05 14:13 - 2013-04-07 22:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-05 07:18 - 2013-08-05 09:21 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl 2014-08-05 07:18 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-05 07:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-05 07:14 - 2014-08-05 07:14 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64(1).msi 2014-08-05 07:14 - 2014-08-05 07:14 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(2).msi 2014-08-05 07:14 - 2014-08-05 07:14 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6(1).msi 2014-08-05 07:12 - 2014-08-05 07:12 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64.msi 2014-08-05 07:12 - 2014-08-05 07:12 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(1).msi 2014-08-05 07:12 - 2014-08-05 07:12 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6.msi 2014-08-05 06:59 - 2014-08-05 06:59 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64.msi 2014-08-04 19:44 - 2013-08-04 13:31 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\vlc 2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Martina\AppData\Local\Conexant 2014-08-04 19:10 - 2013-04-07 22:20 - 00000000 ____D () C:\ProgramData\Conexant 2014-08-04 16:10 - 2014-08-04 16:10 - 00130803 _____ () C:\Users\Martina\Desktop\Michael_F.html 2014-08-04 07:27 - 2014-06-05 09:57 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\MyPhoneExplorer 2014-08-04 07:00 - 2014-08-02 09:02 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem 2014-08-04 07:00 - 2014-01-15 00:41 - 00000000 ____D () C:\Users\Martina\Desktop\Desktop Zwischenablage 2014-08-02 21:58 - 2014-06-11 18:31 - 00031670 _____ () C:\WINDOWS\PFRO.log 2014-08-02 21:49 - 2014-05-29 21:16 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-08-02 21:45 - 2014-08-02 21:45 - 00448512 _____ (OldTimer Tools) C:\Users\Martina\Downloads\TFC.exe 2014-08-02 21:38 - 2013-04-07 22:43 - 00000000 ____D () C:\ProgramData\Temp 2014-08-02 21:35 - 2014-08-02 21:29 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-02 21:29 - 2014-08-02 21:29 - 00001094 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-02 21:27 - 2014-08-02 21:27 - 04095448 _____ (BrightFort LLC ) C:\Users\Martina\Downloads\spywareblastersetup50.exe 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinPatrol 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-08-02 21:16 - 2014-08-02 21:15 - 01156136 _____ (Ruiware) C:\Users\Martina\Downloads\wpsetup.exe 2014-08-02 21:01 - 2014-08-02 21:01 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Users\Martina\AppData\Local\Secunia PSI 2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-02 20:37 - 2014-08-02 20:37 - 05329480 _____ (Secunia) C:\Users\Martina\Downloads\PSISetup_3.0.0.9016.exe 2014-08-02 20:29 - 2014-08-02 20:28 - 00538220 _____ () C:\Users\Martina\Downloads\noscript-2.6.8.36.xpi.zip 2014-08-02 13:52 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-02 13:52 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:52 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:50 - 2014-08-02 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:20 - 2014-08-02 13:20 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\Program Files\Classic Shell 2014-08-02 13:17 - 2014-08-02 13:17 - 00826192 _____ (Chip Digital GmbH) C:\Users\Martina\Downloads\Classic Shell - CHIP-Installer.exe 2014-08-02 10:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-08-02 09:14 - 2014-08-02 09:13 - 00047779 _____ () C:\Users\Martina\Downloads\Addition.txt 2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe 2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe 2014-08-02 08:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe 2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-01 23:41 - 2014-05-13 13:51 - 00000000 ____D () C:\AdwCleaner 2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader 2014-08-01 20:17 - 2013-08-02 12:59 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-01 20:16 - 2013-08-02 12:59 - 00000000 ____D () C:\Users\Martina\AppData\Local\Google 2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat 2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe 2014-07-31 11:05 - 2014-03-18 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-30 23:35 - 2014-07-30 23:34 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe 2014-07-30 12:54 - 2014-07-30 12:45 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm 2014-07-30 09:54 - 2014-07-30 09:53 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm 2014-07-30 01:51 - 2014-07-30 01:45 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm 2014-07-30 01:42 - 2014-07-30 01:37 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part 2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader 2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe 2014-07-29 12:11 - 2014-07-13 20:42 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe 2014-07-29 11:19 - 2013-08-04 00:04 - 00000000 ____D () C:\Users\Martina\dwhelper 2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-26 11:14 - 2014-07-26 10:44 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6 2014-07-26 11:04 - 2014-07-26 10:36 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe 2014-07-26 10:59 - 2013-08-06 12:19 - 00000000 ____D () C:\Program Files (x86)\HP 2014-07-26 10:58 - 2014-07-26 10:57 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi 2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe 2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe 2014-07-26 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-07-25 18:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-07-25 07:24 - 2013-08-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher 2014-07-22 13:01 - 2014-07-12 13:00 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791 2014-07-22 13:01 - 2014-07-12 12:59 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-07-21 07:25 - 2013-08-02 21:49 - 00000000 ____D () C:\Users\Martina\Documents\02 My Privacy 2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java 2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip 2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip 2014-07-19 18:53 - 2014-07-19 18:50 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip 2014-07-19 13:27 - 2014-07-18 16:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-07-19 13:27 - 2014-07-18 16:38 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-07-19 13:27 - 2014-07-18 16:38 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-07-19 13:27 - 2014-06-17 20:34 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-07-19 13:27 - 2014-06-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 17:18 - 2014-06-01 12:15 - 01433027 _____ () C:\WINDOWS\setupact.log 2014-07-18 16:54 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-18 16:38 - 2014-07-18 16:37 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 16:35 - 2014-07-18 16:34 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe 2014-07-17 11:14 - 2014-07-17 11:12 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe 2014-07-17 11:12 - 2014-07-17 11:11 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe 2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk 2014-07-16 09:31 - 2013-08-02 07:58 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Adobe 2014-07-13 20:12 - 2014-07-13 20:02 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe 2014-07-13 20:12 - 2013-08-02 22:46 - 00000000 ___RD () C:\Users\Martina\Dropbox 2014-07-13 19:51 - 2014-07-13 19:49 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe 2014-07-13 15:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\DropboxMaster 2014-07-13 15:41 - 2013-08-02 22:44 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Dropbox 2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-13 14:28 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-13 13:47 - 2013-08-05 10:05 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-13 13:44 - 2013-08-02 14:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-13 13:44 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-12 14:53 - 2014-07-12 14:34 - 00000000 ____D () C:\Users\Martina\MediathekView 2014-07-12 14:34 - 2013-08-02 07:56 - 00000000 ____D () C:\Users\Martina 2014-07-12 14:30 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\.mediathek3 2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6 2014-07-12 14:16 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip 2014-07-12 13:33 - 2013-08-06 17:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software 2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-07 23:38 - 2014-05-02 09:47 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\dvdcss 2014-07-07 13:13 - 2014-04-07 11:33 - 00000000 ____D () C:\Users\Martina\Documents\ScanSnap 2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten Files to move or delete: ==================== C:\ProgramData\Lenovo-8204.vbs ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-31 08:25 ==================== End Of Log ============================ --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2014
Ran by Martina at 2014-08-06 11:18:55
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader for ScanSnap (TM) 5.0 (HKLM-x32\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
BelegManager (HKLM-x32\...\{FBF4C1A4-C82A-4678-8382-CFDCEE14D515}) (Version: 1.00.0000 - Wolters Kluwer Deutschland GmbH)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Best YouTube Downloader (HKLM-x32\...\Best YouTube Downloader) (Version: 1.5.3 - Neobars)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.0L10 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Delicious (HKCU\...\hxxp://delicious.com) (Version: - )
DirPrintOK (HKLM-x32\...\DirPrintOK) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Evernote v. 4.5.8 (HKLM-x32\...\{DED01768-E634-11E1-AEB0-984BE15F174E}) (Version: 4.5.8.7356 - Evernote Corp.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Klett Lehrersoftware Red Line (LM 4) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 4)) (Version: - )
Klett Lehrersoftware Red Line (LM 5) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 5)) (Version: - )
Klett Lernsoftware Mathematik - Einblicke 9 (HKLM-x32\...\Klett Lernsoftware Mathematik - Einblicke 9_is1) (Version: - )
Klett Lernsoftware Mathematik - Schnittpunkt (4. Lernjahr) 8 BW (HKLM-x32\...\Klett Lernsoftware Mathematik - Schnittpunkt (4.~93F79701_is1) (Version: - )
Klett Mathetrainer 10 (HKLM-x32\...\Klett Mathetrainer 10_is1) (Version: - )
KV-WIN (HKLM-x32\...\{54613ADC-0DDC-4BFE-8D25-281272D58D5D}) (Version: 7.113.6 - MORGEN & MORGEN)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LV-WIN (HKLM-x32\...\{BFC1E04D-AA94-4E5F-A220-89209FF0FA3A}) (Version: 7.113.6 - MORGEN & MORGEN)
Magic Desktop (HKLM-x32\...\{A96758C2-3ED3-4035-BD35-7194ED35AB92}) (Version: 1.00.2250 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neevia PDFcompress v3.5 (HKLM-x32\...\Neevia PDFcompress_is1) (Version: - neeviaPDF.com)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Olympus DSS Player (HKLM-x32\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 23.0.1522.60 (HKLM-x32\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.3 - NTeWORKS)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Rack2-Filer Smart (HKLM-x32\...\{3793727D-CC1F-40CC-BEA6-1E04539714ED}) (Version: 1.00.0012 - PFU LIMITED)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.1L11 - PFU)
ScanSnap Manager (x32 Version: 6.1.11.2.4 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.0L11 - PFU)
ScanSnap Organizer (x32 Version: 5.0.11.1 - PFU LIMITED) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Softwarenetz Fahrtenbuch2 (HKLM-x32\...\Fahrtenbuch2) (Version: - Softwarenetz)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version: - Softwarenetz)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version: - Softwarenetz)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Steuer-Spar-Erklärung Selbstständige 2012 (HKLM-x32\...\{9D1F3849-C808-4D5F-AB86-C8DD27B24439}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung Selbstständige 2013 (HKLM-x32\...\{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Martina\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-07-2014 14:37:00 Installed Java 7 Update 65
25-07-2014 05:19:36 Windows Update
26-07-2014 08:58:09 Dot4 wird installiert
01-08-2014 17:39:47 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 17:47:54 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 18:13:02 Installed SpyHunter
02-08-2014 04:52:00 Removed SpyHunter
02-08-2014 11:18:51 Installed Classic Shell
05-08-2014 12:12:22 Removed Samsung Kies3
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {212A5001-F299-4F98-99D6-E234C179E989} - System32\Tasks\Opera scheduled Autoupdate 1405162791 => C:\Program Files (x86)\Opera\launcher.exe [2014-07-18] (Opera Software)
Task: {2190BDB8-D7C5-43B9-AA04-C53ABC6D9184} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {36143B39-7C47-4FE5-A62D-AAA73900E896} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {4337FFEB-74D2-497F-AD9B-3330BA744750} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {554DF1F8-9A06-4334-B47B-77E2F929A8B8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5F66191A-8E53-475B-83A2-BDFD6E583948} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {64004EF0-4EDA-43E2-AF48-7EDFC0A5B1F7} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-05-26] (IObit)
Task: {70E8F7AF-F0B1-4ACB-BC36-E3DAFA303290} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {763DCDBC-39FF-4A75-9DFD-C19406D5BDD6} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-03-14] (Microsoft)
Task: {80EF7B72-DC16-40A1-A554-ECE32978D598} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {A2663767-C3B8-4360-9790-267B1C9D7171} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()
Task: {BB24F679-4849-4747-A847-3A2AB26771FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C3983FEE-E76A-4EE6-A45B-6C82B9F6E16B} - System32\Tasks\RegInOut on user logon - Martina => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC0A0224-A31C-47A1-94E6-24803ABCDEB3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CF0C2287-4C79-46E2-9A6D-FAF1CAC5418C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
Task: {EA81D209-10E0-4E18-9815-C30890BE2A16} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F083E840-E69B-477D-A3EF-A2B1995D2F42} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {FD368452-5A59-45DD-8D70-B992DFE31867} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2013-10-12 13:04 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-10-12 13:04 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-07-19 06:03 - 2014-07-19 06:03 - 00114688 _____ () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
2013-12-26 19:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-07 22:17 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-14 02:54 - 2014-05-14 02:54 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-28 18:21 - 2012-11-01 21:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-04 23:23 - 2014-08-04 23:23 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080401\algo.dll
2014-08-05 11:23 - 2014-08-05 11:23 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080500\algo.dll
2014-06-02 08:33 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-07 11:15 - 2012-06-25 16:54 - 00599419 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\sqlite3.dll
2014-04-07 11:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-07 11:10 - 2013-04-24 14:50 - 00421888 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-04-07 11:10 - 2012-09-05 11:25 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-04-07 11:10 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-04-07 11:10 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-04-07 11:10 - 2011-12-06 14:00 - 00897024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2011-09-20 08:07 - 2011-09-20 08:07 - 00842752 _____ () C:\Program Files (x86)\phase-6\phase-6\xulrunner\js3250.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-08-02 09:41 - 2011-12-07 09:11 - 00472984 _____ () C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader.dll
2013-08-02 09:48 - 2013-08-02 09:48 - 00347544 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\ba498a33\006d395e_afb4cc01\OBAOutlookAddIn.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00292760 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\11c67a38\00a89166_afb4cc01\OBAOutlookAddIn.resources.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00292760 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\914f6c72\004e2f64_afb4cc01\Interop.Outlook.DLL
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-08-02 09:48 - 2013-08-02 09:48 - 00124824 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\fa283728\00c79b60_afb4cc01\PTControls.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00031128 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\93d857ed\009a6a5f_afb4cc01\PTCommons.DLL
2014-03-18 23:14 - 2014-07-30 00:18 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DM1Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StartMenuService => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Detector 3.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKCU\...\StartupApproved\Run: => "ISUSPM"
HKCU\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/06/2014 07:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (08/05/2014 11:31:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (08/04/2014 06:41:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (08/04/2014 04:43:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/04/2014 04:43:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (08/04/2014 10:48:17 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (08/04/2014 10:43:06 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (08/04/2014 08:09:48 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (08/04/2014 00:20:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (08/03/2014 09:58:20 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
System errors:
=============
Error: (08/05/2014 07:18:06 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 09:58:33 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 00:23:27 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 09:01:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 09:00:37 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (08/02/2014 08:45:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/02/2014 06:56:29 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Microsoft Office Sessions:
=========================
Error: (05/17/2014 03:11:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 154173 seconds with 5280 seconds of active time. This session ended with a crash.
Error: (05/13/2014 00:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18897 seconds with 1980 seconds of active time. This session ended with a crash.
Error: (01/18/2014 00:04:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 87142 seconds with 2820 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-05 07:18:19.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 21:58:47.595
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 12:23:42.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 09:01:21.783
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 08:45:18.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-02 06:56:42.564
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 23:42:01.892
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 23:32:07.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 20:06:31.346
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-31 11:05:28.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 8055.77 MB
Available physical RAM: 5002.88 MB
Total Pagefile: 9271.77 MB
Available Pagefile: 5867.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:752.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 914B441A)
Partition: GPT Partition Type.
==================== End Of Log ============================
Hab ich das jetzt richtig gemacht? |
|
06.08.2014, 11:15
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene BegriffeZitat:
Zitat:
Warum fehlen da so viele Updates? Wie sind bei Windows 8.1 und Internet Explorer 11
__________________ --> Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe |
|
06.08.2014, 12:15
| #7 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe So war das nicht gemeint ... ich bin/war ehrlich unsicher, ob das richtig ist. Das Update auf 8.1 habe ich vor 2 Monaten versucht und hatte soviel Probleme, dass ich es aufgegebne habe. Mit dem IE arbeite ich nicht ... ich geh über Mozilla ins Netz ... den (IE) kann ich aber natürlich trotzdem mal updaten ... aber Secunia meldet den nicht als "upzudaten" |
|
06.08.2014, 12:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\Lenovo-8204.vbs
C:\Program Files\Enigma Software Group
C:\ProgramData\InstallMate
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2014, 12:42
| #9 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2014 Ran by Martina at 2014-08-06 13:41:51 Run:1 Running from C:\Users\Martina\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\ProgramData\Lenovo-8204.vbs C:\Program Files\Enigma Software Group C:\ProgramData\InstallMate ***************** esgiguard => Service deleted successfully. C:\ProgramData\Lenovo-8204.vbs => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\ProgramData\InstallMate => Moved successfully. ==== End of Fixlog ==== |
|
06.08.2014, 14:30
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2014, 15:27
| #11 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe HAllo, da ich MBAM bereits installiert hatte, habe ich es geöffnet und während ich überlegte, ob ich Dir einen Ausdruck von der letzten Prüfung heute schicken soll, find hier der Mozilla das Spinnen an ... hat selbsttätig zig Fenster geöffnet und überhaupt kein Stop akzeptiert. Als ich es dann über den Taskmanager irgendwie geschafft habe, dass er innehält kam die Frage: sind sie sicher, dass sie alle 1934 Tabs schließen wollen? ... häääää?  Also Rechner runtergefahren und wieder hoch und dann kam zunächst diese Fehlermeldung - siehe 1. Bilddatei ... Was hat das jetzt zu bedeuten? dann habe ich MBAM gestartet und folgendes erhalten - siehe die beiden anderen Bilder |
|
06.08.2014, 15:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Das kommt weil da ein Geplanter (zeitgesteuerter) Task noch ist, der das gelöschte VBS-Script starten will. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2014, 15:34
| #13 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2014 Ran by Martina at 2014-08-06 16:34:06 Run:2 Running from C:\Users\Martina\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] () ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A}" => Key deleted successfully. C:\Windows\System32\Tasks\Lenovo\Lenovo-8204 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo-8204" => Key deleted successfully. ==== End of Fixlog ==== |
|
06.08.2014, 15:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe So, dann mach jetzt die Kontrollscans bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2014, 15:42
| #15 |
| | Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe Hier das MBAM Protokoll ... Soll ich das mit dem ESET jetzt machen? Wird gemacht ... hatte nicht aktualisiert ... sorry |
|
| Themen zu Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe |
| 4d36e972-e325-11ce-bfc1-08002be10318, ccsetup, conduit.search, conduit.search entfernen, feedback, junkware, officejet, olympus, pup.optional.opencandy, pup.optional.squirrelweb.a, samsung kies, spyhunter, spyhunter entfernen, teredo, warum, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/downloadsponsor.a, win32/downware.l, win32/installcore.by, win32/installmonetizer.an, win32/installmonetizer.aq, win32/somoto.a, win32/toolbar.conduit.s, win64/conduit.searchprotect.a, windowsapps |
Linear-Darstellung
