Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner


Plagegeister aller Art und deren Bekämpfung: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.08.2014, 12:47   #5
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner


Gleich kommen die ganzen Files, aber vorher schon mal die gute Nachricht, dass jetzt "neuen Tab öffnen" zu einem neutral-leeren Tab führt (und nicht mehr auf die search.fb-Seite).


hier die ADW-Logdatei

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 05/08/2014 um 12:20:20
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : thinkpatty - THINKPATTY-NOTEBOOK
# Gestartet von : C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\simple_new_tab
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\thinkpatty\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\thinkpatty\Documents\Mobogenie
Ordner Gelöscht : C:\Users\thinkpatty\Documents\Updater
Datei Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Uninstall.exe
Datei Gelöscht : C:\Users\thinkpatty\daemonprocess.txt
Datei Gelöscht : C:\Users\thinkpatty\AppData\Local\omesuperv.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OMESupervisor]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_4free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_4free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiograbber_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiograbber_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avidemux_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avidemux_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eax-movie-catalog_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eax-movie-catalog_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_evernote_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_evernote_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_handbrake_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_handbrake_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mozilla-sunbird_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mozilla-sunbird_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mycam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mycam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mymdb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mymdb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nvu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nvu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sony-ericsson-pc-suite_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sony-ericsson-pc-suite_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tv-browser_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tv-browser_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winamp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winamp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vrt7igcb.default\prefs.js ]


[ Datei : C:\Users\zweitie\AppData\Roaming\Mozilla\Firefox\Profiles\8luato4z.default\prefs.js ]


[ Datei : C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\prefs.js ]

Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

*************************

AdwCleaner[R0].txt - [8852 octets] - [05/08/2014 12:17:26]
AdwCleaner[S0].txt - [8191 octets] - [05/08/2014 12:20:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8251 octets] ##########
--- --- ---

[/code]


hier die JRT-Logfile

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by thinkpatty on 05.08.2014 at 12:34:05,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{061E8BBE-C216-4639-8C6D-EDBFAFDBF762}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{2FC63DE4-8A14-444E-AD51-6E617768AA1E}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{721C2064-981D-441F-AB1E-19519403D592}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{B184AC23-3971-4FCD-B058-12851E65B702}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{EC21CA4C-D5B6-4ED2-8B4D-86F0EA9D6213}



~~~ FireFox

Successfully deleted the following from C:\Users\thinkpatty\AppData\Roaming\mozilla\firefox\profiles\as4scrmj.default-1388827521448\prefs.js

user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Deutsch");
user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Deutsch");
Emptied folder: C:\Users\thinkpatty\AppData\Roaming\mozilla\firefox\profiles\as4scrmj.default-1388827521448\minidumps [52 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.08.2014 at 12:41:26,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und hier die neue FRST-logfile:




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by thinkpatty (administrator) on THINKPATTY-NOTEBOOK on 05-08-2014 13:30:18
Running from C:\Users\thinkpatty\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Gemalto N.V.) C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388160 2012-03-30] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [HotSync] => "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-22] (Gemalto N.V.)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [qupdate] => C:/Program Files (x86)/4Free Video Converter/ [0 ] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\MountPoints2: {ced90391-0400-11e2-813f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Produktregistrierung.lnk
ShortcutTarget: Lenovo Produktregistrierung.lnk -> C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448
FF NewTab: about:blank
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF Homepage: hxxp://camera.mvkofu.com/cgi-bin/livecam.cgi|about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\imdbcom-all.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-en-ssl.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-ssl-de.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\donottrackplus@abine.com [2014-07-12]
FF Extension: Furigana Inserter - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\furiganainserter@zorkzero.net [2014-01-04]
FF Extension: MaskMe - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\idme@abine.com [2014-03-05]
FF Extension: Rikaichan Japanese-German Dictionary File - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\rikaichan-jpde@polarcloud.com [2014-01-04]
FF Extension: Rikaichan - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2014-01-04]
FF Extension: YouTube Video and Audio Downloader - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-01-04]
FF Extension: Print / Print Preview (Update) - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-01-04]
FF Extension: Undo Closed Tabs Button - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2014-01-04]
FF Extension: IMDB  Search - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-01-04]
FF Extension: Adblock Plus - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-09-21]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2011-04-05] (PalmSource, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 12:41 - 2014-08-05 12:41 - 00001707 _____ () C:\Users\thinkpatty\Desktop\JRT.txt
2014-08-05 12:33 - 2014-08-05 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:32 - 2014-08-05 12:32 - 01016261 _____ (Thisisu) C:\Users\thinkpatty\Desktop\JRT.exe
2014-08-05 12:17 - 2014-08-05 12:20 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:17 - 2014-08-05 12:17 - 01361309 _____ () C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
2014-08-05 11:22 - 2014-08-05 11:23 - 00035490 _____ () C:\Users\thinkpatty\Downloads\Addition.txt
2014-08-05 11:21 - 2014-08-05 13:30 - 00023487 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 11:21 - 2014-08-05 13:30 - 00000000 ____D () C:\FRST
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-01 21:40 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 21:40 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 21:40 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 21:40 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 21:40 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 21:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 22:02 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 22:02 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 22:02 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 22:01 - 2014-07-17 22:02 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-08 22:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 22:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:29 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:29 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:29 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:29 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 22:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 22:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 22:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 22:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 22:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:28 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:28 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:28 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:28 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 22:28 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:28 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 22:28 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 22:28 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 22:28 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 22:28 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 22:27 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:27 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 22:27 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 22:48 - 2014-07-13 00:47 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 13:31 - 2014-08-05 11:21 - 00023487 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 13:30 - 2014-08-05 11:21 - 00000000 ____D () C:\FRST
2014-08-05 13:27 - 2012-09-22 03:11 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-08-05 13:27 - 2012-09-22 03:11 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-08-05 13:27 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 12:50 - 2013-03-13 20:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 12:41 - 2014-08-05 12:41 - 00001707 _____ () C:\Users\thinkpatty\Desktop\JRT.txt
2014-08-05 12:33 - 2014-08-05 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:33 - 2013-04-06 22:09 - 00068796 _____ () C:\Windows\setupact.log
2014-08-05 12:32 - 2014-08-05 12:32 - 01016261 _____ (Thisisu) C:\Users\thinkpatty\Desktop\JRT.exe
2014-08-05 12:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:25 - 2012-09-21 17:31 - 01609063 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 12:23 - 2013-07-21 22:02 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\FreePDF_XP
2014-08-05 12:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 12:21 - 2013-04-06 22:08 - 00278254 _____ () C:\Windows\PFRO.log
2014-08-05 12:20 - 2014-08-05 12:17 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:20 - 2013-06-26 00:07 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Common
2014-08-05 12:20 - 2012-12-19 21:35 - 00000000 ____D () C:\Users\thinkpatty
2014-08-05 12:17 - 2014-08-05 12:17 - 01361309 _____ () C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
2014-08-05 11:23 - 2014-08-05 11:22 - 00035490 _____ () C:\Users\thinkpatty\Downloads\Addition.txt
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-05 01:12 - 2012-12-23 19:11 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\vlc
2014-08-04 23:46 - 2012-12-24 18:21 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86FF1390-C901-4334-BD04-C824B17AB4C5}
2014-08-03 00:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-31 21:16 - 2013-05-11 07:31 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\TV-Browser
2014-07-31 17:19 - 2013-01-12 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-28 22:33 - 2013-04-01 14:38 - 185753063 _____ () C:\Windows\system32\Drivers\TRACES.TXT
2014-07-27 10:57 - 2012-12-20 03:33 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Skype
2014-07-27 08:44 - 2012-12-28 23:05 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\dvdcss
2014-07-24 20:49 - 2013-05-08 00:03 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:37 - 2013-03-14 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-17 22:01 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 22:02 - 2013-10-25 08:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 22:02 - 2013-06-28 08:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 00:47 - 2014-07-07 22:48 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe
2014-07-13 00:47 - 2014-06-13 20:38 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\LSC
2014-07-11 03:02 - 2014-07-17 22:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 22:02 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 21:51 - 2009-07-14 06:45 - 00289760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 21:50 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 02:52 - 2013-07-17 10:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 02:50 - 2012-12-21 02:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 23:50 - 2013-03-13 20:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:50 - 2012-12-20 01:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:50 - 2012-12-20 01:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\zweitie\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\thinkpatty\AppData\Local\Temp\avgnt.exe
C:\Users\thinkpatty\AppData\Local\Temp\conduitinstaller.exe
C:\Users\thinkpatty\AppData\Local\Temp\jna1392145300159319316.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna473201254396229551.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna4816647515258307023.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\nse4F73.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsfF60E.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj359.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj87F3.exe
C:\Users\thinkpatty\AppData\Local\Temp\nso1456.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstEACF.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstF9F1.exe
C:\Users\thinkpatty\AppData\Local\Temp\nszDD50.exe
C:\Users\thinkpatty\AppData\Local\Temp\Quarantine.exe
C:\Users\thinkpatty\AppData\Local\Temp\SkypeSetup.exe
C:\Users\thinkpatty\AppData\Local\Temp\SPStub.exe
C:\Users\thinkpatty\AppData\Local\Temp\tbHots.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 22:32

==================== End Of Log ============================
--- --- ---

--- --- ---

[/code]


Diesmal wurde keine neue Addition-Datei kreiert, hab ich da was falsch gemacht?


 

Themen zu http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner
pup.optional.conduit, pup.optional.conduit.a, pup.optional.koyote.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.simplenewtab.a, pup.optional.softonic, pup.optional.softonic.a, tr/crypt.xpack.gen3, win32/conduit.searchprotect.a, win32/conduit.searchprotect.j, win32/conduit.searchprotect.n, win32/conduit.searchprotect.q, win32/downloadsponsor.a, win32/downware.l, win32/installmonetizer.aq, win32/installmonetizer.az, win32/toolbar.conduit, win32/toolbar.conduit.ae, win32/toolbar.conduit.m, win32/toolbar.conduit.r, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.searchsuite.p, win32/wajam.f


« paypal-Trojaner (zip email attachment geöffnet und auf die Datei geklickt)? | Pc durchchecken , Unterstützung dringend notwendig »


Ähnliche Themen: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner


  1. http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (9)
  2. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 29.08.2014 (15)
  3. http://search.fbdownloader.com/?channel=de als neue Startseite
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (53)
  4. http://search.fbdownloader.com/?channel=de - Hilfe gesucht
    Log-Analyse und Auswertung - 08.08.2014 (10)
  5. http://search.fbdownloader.com/?channel=de
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (11)
  6. Entfernen von http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  7. http://search.fbdownloader.com/?channel=de_nt entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  8. Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (5)
  9. http://search.fbdownloader.com/?channel=deg -Virus
    Log-Analyse und Auswertung - 04.05.2014 (19)
  10. http://search.fbdownloader.com/?channel=deg_nt
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  11. WIN 7: Trojaner-Link erscheint in jedem Browser: http://search.fbdownloader.com/?channel=de
    Log-Analyse und Auswertung - 24.03.2014 (10)
  12. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 18.03.2014 (18)
  13. http://search.fbdownloader.com/?channel=de - unerwünschte Startseiten
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (22)
  14. http://search.fbdownloader.com/?channel=de Ist es gefährlich und wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (1)
  15. Virus: Browserstartseite: http://search.fbdownloader.com/?channel=sfde203fbdgy21
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (9)
  16. http://wisersearch.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (7)
  17. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner - Gleich kommen die ganzen Files, aber vorher schon mal die gute Nachricht, dass jetzt "neuen Tab öffnen" zu einem neutral-leeren Tab führt (und nicht mehr auf die search.fb-Seite). hier die - http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner...
Archiv
Du betrachtest: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55