| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 22 Trojaner oder Viren nach Avira-Scan entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2014, 08:51
| #1 |
| |  22 Trojaner oder Viren nach Avira-Scan entdeckt Hallo alle zusammen, ich habe gestern nach drei Monaten mal wieder meinen Avira-Scan durchlaufen lassen. Es wurden 22 Objekte gefunden, wobei es sich bei mehreren um Trojaner handelt. Ich schicke euch mal den Avira Bericht. Mir ist schon länger aufgefallen, dass mein PC langsamer ist, sich die Uhrzeit immer von selbst verstellt und sich einige Internetseiten (z.B. Facebook) nicht mehr öffnen lassen. Außerdem erscheinen immer rechts unten in der Ecke Werbe-Pop-ups, die mir anzeigen, dass mein PC nicht gesichert sei. 21 der 22 gefundenen Objekte habe ich bereits in Quarantäne verschieben können. Ich hoffe, ihr könnt mir helfen :-) Ganz liebe Grüße Melina Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 11. August 2014 15:07
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : IDEA-PC
Versionsinformationen:
BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00
AVSCAN.EXE : 14.0.5.396 1042512 Bytes 03.07.2014 17:05:29
AVSCANRC.DLL : 14.0.5.364 62544 Bytes 03.07.2014 17:05:30
LUKE.DLL : 14.0.5.336 57936 Bytes 03.07.2014 17:05:59
AVSCPLR.DLL : 14.0.5.376 89680 Bytes 03.07.2014 17:05:30
AVREG.DLL : 14.0.5.356 261200 Bytes 03.07.2014 17:05:26
avlode.dll : 14.0.5.396 588368 Bytes 03.07.2014 17:05:25
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 16:38:38
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:57
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:58
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:49:59
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:00
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:01
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:01
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:01
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:01
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:50:01
XBV00063.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00064.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00065.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00066.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00067.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00068.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:08
XBV00069.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:09
XBV00070.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:09
XBV00071.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:09
XBV00072.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:09
XBV00073.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00074.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00075.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00076.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00077.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00078.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:10
XBV00079.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00080.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00081.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00082.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00083.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00084.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:11
XBV00085.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00086.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00087.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00088.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00089.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00090.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:12
XBV00091.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00092.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00093.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00094.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00095.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00096.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00097.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:13
XBV00098.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00099.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00100.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00101.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00102.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00103.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00104.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00105.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00106.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:14
XBV00107.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:15
XBV00108.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:15
XBV00109.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:15
XBV00110.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:15
XBV00111.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:15
XBV00112.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:16
XBV00113.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:16
XBV00114.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:16
XBV00115.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:16
XBV00116.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:16
XBV00117.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:17
XBV00118.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:17
XBV00119.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:17
XBV00120.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:17
XBV00121.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00122.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00123.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00124.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00125.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00126.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:18
XBV00127.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00128.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00129.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00130.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00131.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00132.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:19
XBV00133.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:20
XBV00134.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:20
XBV00135.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:20
XBV00136.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:20
XBV00137.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:20
XBV00138.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:21
XBV00139.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:21
XBV00140.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:21
XBV00141.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:21
XBV00142.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:21
XBV00143.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:22
XBV00144.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:22
XBV00145.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:22
XBV00146.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:22
XBV00147.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:23
XBV00148.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:23
XBV00149.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:23
XBV00150.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:23
XBV00151.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:23
XBV00152.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:24
XBV00153.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:24
XBV00154.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:24
XBV00155.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:24
XBV00156.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:24
XBV00157.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:25
XBV00158.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:25
XBV00159.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:25
XBV00160.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:25
XBV00161.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:25
XBV00162.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00163.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00164.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00165.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00166.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00167.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00168.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00169.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:26
XBV00170.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:27
XBV00171.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:27
XBV00172.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:27
XBV00173.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00174.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00175.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00176.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00177.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00178.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:28
XBV00179.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:29
XBV00180.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:29
XBV00181.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:29
XBV00182.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:29
XBV00183.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:29
XBV00184.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:30
XBV00185.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:30
XBV00186.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:30
XBV00187.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:30
XBV00188.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00189.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00190.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00191.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00192.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00193.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00194.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:31
XBV00195.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:32
XBV00196.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:32
XBV00197.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:32
XBV00198.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:32
XBV00199.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:32
XBV00200.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:33
XBV00201.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:33
XBV00202.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:33
XBV00203.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:33
XBV00204.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:33
XBV00205.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:34
XBV00206.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:34
XBV00207.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:34
XBV00208.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:34
XBV00209.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:35
XBV00210.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:35
XBV00211.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:35
XBV00212.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:35
XBV00213.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00214.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00215.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00216.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00217.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00218.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:36
XBV00219.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:37
XBV00220.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:37
XBV00221.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:37
XBV00222.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:37
XBV00223.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:37
XBV00224.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00225.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00226.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00227.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00228.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00229.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:38
XBV00230.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00231.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00232.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00233.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00234.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00235.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00236.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00237.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:39
XBV00238.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00239.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00240.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00241.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00242.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00243.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00244.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:40
XBV00245.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:41
XBV00246.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:41
XBV00247.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:41
XBV00248.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:42
XBV00249.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:42
XBV00250.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:42
XBV00251.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:42
XBV00252.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:42
XBV00253.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:43
XBV00254.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:43
XBV00255.VDF : 8.11.165.192 2048 Bytes 07.08.2014 09:50:43
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:41:06
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:41:06
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:41:06
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:41:06
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:41:06
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:41:06
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:23:57
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:05:13
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 09:49:56
XBV00042.VDF : 8.11.165.218 217600 Bytes 07.08.2014 09:50:02
XBV00043.VDF : 8.11.165.246 262656 Bytes 07.08.2014 09:50:03
XBV00044.VDF : 8.11.165.250 20480 Bytes 07.08.2014 09:50:03
XBV00045.VDF : 8.11.165.252 2048 Bytes 07.08.2014 09:50:04
XBV00046.VDF : 8.11.165.254 7168 Bytes 07.08.2014 09:50:04
XBV00047.VDF : 8.11.166.4 5120 Bytes 08.08.2014 09:50:04
XBV00048.VDF : 8.11.166.16 6144 Bytes 08.08.2014 09:50:04
XBV00049.VDF : 8.11.166.20 28160 Bytes 08.08.2014 09:50:04
XBV00050.VDF : 8.11.166.22 2048 Bytes 08.08.2014 09:50:04
XBV00051.VDF : 8.11.166.24 20480 Bytes 08.08.2014 09:50:05
XBV00052.VDF : 8.11.166.28 33280 Bytes 08.08.2014 09:50:05
XBV00053.VDF : 8.11.166.32 214016 Bytes 08.08.2014 09:50:06
XBV00054.VDF : 8.11.166.34 5120 Bytes 08.08.2014 09:50:06
XBV00055.VDF : 8.11.166.58 216576 Bytes 09.08.2014 17:14:13
XBV00056.VDF : 8.11.166.78 15872 Bytes 09.08.2014 17:14:14
XBV00057.VDF : 8.11.166.98 37888 Bytes 10.08.2014 12:09:43
XBV00058.VDF : 8.11.166.100 2048 Bytes 10.08.2014 12:09:43
XBV00059.VDF : 8.11.166.102 45568 Bytes 10.08.2014 12:41:36
XBV00060.VDF : 8.11.166.104 2048 Bytes 10.08.2014 12:41:36
XBV00061.VDF : 8.11.166.106 16384 Bytes 11.08.2014 12:41:36
XBV00062.VDF : 8.11.166.108 3072 Bytes 11.08.2014 12:41:36
LOCAL001.VDF : 8.11.166.108 108312064 Bytes 11.08.2014 12:41:57
Engineversion : 8.3.24.6
AEVDF.DLL : 8.3.1.2 133024 Bytes 09.08.2014 09:49:47
AESCRIPT.DLL : 8.2.0.14 428032 Bytes 09.08.2014 09:49:47
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 17:35:07
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 14:56:15
AERDL.DLL : 8.2.0.138 704888 Bytes 25.02.2014 10:41:04
AEPACK.DLL : 8.4.0.50 792488 Bytes 09.08.2014 09:49:47
AEOFFICE.DLL : 8.3.0.16 213192 Bytes 09.08.2014 09:49:46
AEHEUR.DLL : 8.1.4.1210 7380008 Bytes 09.08.2014 09:49:45
AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 13:12:45
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 10:37:39
AEEXP.DLL : 8.4.2.22 244584 Bytes 09.08.2014 09:49:48
AEEMU.DLL : 8.1.3.4 399264 Bytes 09.08.2014 09:49:39
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 17:48:55
AECORE.DLL : 8.3.2.6 243712 Bytes 09.08.2014 09:49:39
AEBB.DLL : 8.1.2.0 60448 Bytes 09.08.2014 09:49:38
AVWINLL.DLL : 14.0.5.320 24144 Bytes 03.07.2014 17:05:16
AVPREF.DLL : 14.0.5.320 50256 Bytes 03.07.2014 17:05:25
AVREP.DLL : 14.0.5.320 219216 Bytes 03.07.2014 17:05:26
AVARKT.DLL : 14.0.5.368 226384 Bytes 03.07.2014 17:05:18
AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 03.07.2014 17:05:22
SQLITE3.DLL : 14.0.5.320 452176 Bytes 03.07.2014 17:06:07
AVSMTP.DLL : 14.0.5.320 76368 Bytes 03.07.2014 17:05:30
NETNT.DLL : 14.0.5.320 13392 Bytes 03.07.2014 17:05:59
RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 03.07.2014 17:05:16
RCTEXT.DLL : 14.0.5.322 73808 Bytes 03.07.2014 17:05:16
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 11. August 2014 15:07
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '201' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupStack.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTDevMgr.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfParticipantProcessorService.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfPolicyConfigTDPService.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'irstrtsv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'McAPExe.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfevtps.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Umbrella268.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'VOsrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ymc.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfefire.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RIconMan.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'McSmtFwk.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'McSvHost.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdvancedSystemProtector.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'RapidStartConfig.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTServer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '192' Modul(e) wurden durchsucht
Durchsuche Prozess 'ClassicStartMenu.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveComm.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip32.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynLenovoGestureMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Lenovo Transition.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'yogaserver.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Management.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'spotify.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcuicnt.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyHelper.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'MotionControl.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'pcee4.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'MyPC Backup.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'YouCamTray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrowserSafeguard.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'wwahost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '24' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1354' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows8_OS>
C:\Users\user\AppData\Local\Temp\ICReinstall_nsi587B.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nsi9F3D.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nsj5B3A.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nsk8325.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
C:\Users\user\AppData\Local\Temp\ICReinstall_nsl618E.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
C:\Users\user\AppData\Local\Temp\ICReinstall_nsn2D46.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nsn4B9A.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.616546.19
C:\Users\user\AppData\Local\Temp\ICReinstall_nspF954.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.590735
C:\Users\user\AppData\Local\Temp\ICReinstall_nss3D81.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nst4178.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.587264
C:\Users\user\AppData\Local\Temp\ICReinstall_nsu7245.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\ICReinstall_nsy335F.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.616546.19
C:\Users\user\AppData\Local\Temp\nsi587B.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nsi9F3D.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nsj5B3A.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nsl3A06.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nsn2D46.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nspF954.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.590735
C:\Users\user\AppData\Local\Temp\nss3D81.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\nsuB3C5.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.69468
C:\Users\user\AppData\Local\Temp\nsy3497.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
C:\Users\user\AppData\Local\Temp\is45637729\1854643_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\1855343_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\1855662_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\1857052_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\1860639_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\76658753_stp\AnyProtectScannerSetup.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\user\AppData\Local\Temp\is45637729\92799715_stp\AnyProtectScannerSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Agent.608361
C:\Users\user\AppData\Local\Temp\n1689\s1689.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Desinfektion:
C:\Users\user\AppData\Local\Temp\is45637729\92799715_stp\AnyProtectScannerSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Agent.608361
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\Users\user\AppData\Local\Temp\nsy3497.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4977779a.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsuB3C5.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.69468
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b142d73.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nss3D81.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7d2562b1.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nspF954.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.590735
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '38a24f8f.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsn2D46.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '47b77dee.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsl3A06.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0b0d51ab.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsj5B3A.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '771311fb.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsi9F3D.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a4a3eb6.qua' verschoben!
C:\Users\user\AppData\Local\Temp\nsi587B.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4322052c.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsy335F.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.616546.19
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2f15294c.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsu7245.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5eac10d9.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nst4178.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.587264
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50b6201f.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nss3D81.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '159f595d.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nspF954.tmp
[FUND] Ist das Trojanische Pferd TR/Rogue.590735
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c945df6.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsn4B9A.tmp
[FUND] Ist das Trojanische Pferd TR/Agent.616546.19
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '44d5449f.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsn2D46.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '68213d53.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsl618E.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56df5d8a.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsk8325.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '35d176f9.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsj5B3A.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '131936e4.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsi9F3D.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '218d4d41.qua' verschoben!
C:\Users\user\AppData\Local\Temp\ICReinstall_nsi587B.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2bc8663f.qua' verschoben!
Ende des Suchlaufs: Montag, 11. August 2014 18:05
Benötigte Zeit: 2:55:57 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37440 Verzeichnisse wurden überprüft
403837 Dateien wurden geprüft
22 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
21 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
7 Dateien konnten nicht durchsucht werden
403808 Dateien ohne Befall
3222 Archive wurden durchsucht
7 Warnungen
22 Hinweise
104 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
12.08.2014, 08:55
| #2 |
| /// the machine /// TB-Ausbilder    | 22 Trojaner oder Viren nach Avira-Scan entdeckt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.08.2014, 09:19
| #3 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Das ging ja schnell, danke :-)
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by user (administrator) on IDEA-PC on 12-08-2014 09:05:51
Running from C:\Users\user\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-23] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-06] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-06] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [460288 2014-04-01] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-04] (Google Inc.)
HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355552 2014-04-08] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-04-08] (Conduit)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:51735;https=127.0.0.1:51735
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=hp&fr=linkury-tb&installDate=09/02/2014&type=hp1000
hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {B056DEF7-E1BA-429E-B971-7368C4B8EB4E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {B056DEF7-E1BA-429E-B971-7368C4B8EB4E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: iminent Helper Object -> {112BA211-334C-4A90-90EC-2AD1CDAB287C} -> C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-12-06]
Chrome:
=======
CHR HomePage: hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB
CHR StartupUrls: "hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB"
CHR DefaultSearchKeyword: search.iminent.com
CHR DefaultNewTabURL:
CHR Extension: (New Tab Page) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-02-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04]
CHR Extension: (PriceGong) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2014-04-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04]
CHR Extension: (DVDVideoSoft) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-02-10]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04]
CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-02]
CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" [2013-03-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe [3088192 2014-05-28] (Iminent)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
R2 vosr; C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe [355328 2014-04-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-06] (Lenovo)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-06] (Lenovo)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1574032 2012-09-11] (Realtek Semiconductor Corporation )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [36864 2012-11-06] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-12 09:05 - 2014-08-12 09:07 - 00026580 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-12 09:05 - 2014-08-12 09:06 - 00000000 ____D () C:\FRST
2014-08-12 09:04 - 2014-08-12 09:04 - 02099712 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-08-12 07:35 - 2014-08-12 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-10 13:22 - 2014-08-10 13:22 - 00000865 _____ () C:\Users\user\Downloads\TerminExport_140165179lmv1847.ics
2014-08-07 17:59 - 2014-08-07 17:59 - 00000168 _____ () C:\Users\user\Desktop\Neues Textdokument (11).txt
2014-08-06 08:41 - 2014-08-06 08:41 - 00001053 _____ () C:\Users\user\Desktop\Continue Live Installation.lnk
2014-08-04 10:29 - 2014-05-15 02:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-04 10:29 - 2014-05-14 23:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-04 10:29 - 2014-05-14 23:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-08-04 10:29 - 2014-05-14 23:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-08-04 10:29 - 2014-05-14 23:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-15 14:49 - 2014-07-15 14:49 - 00281248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 14:49 - 2014-07-15 14:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-12 09:07 - 2014-08-12 09:05 - 00026580 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-12 09:07 - 2012-12-06 11:44 - 00000000 ____D () C:\ProgramData\Realtek
2014-08-12 09:06 - 2014-08-12 09:05 - 00000000 ____D () C:\FRST
2014-08-12 09:04 - 2014-08-12 09:04 - 02099712 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-08-12 09:03 - 2013-11-29 13:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\ClassicShell
2014-08-12 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-12 08:49 - 2013-12-06 17:22 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece.job
2014-08-12 08:38 - 2012-12-06 11:39 - 01545265 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-12 08:27 - 2013-10-11 17:38 - 00012014 _____ () C:\Users\user\AppData\Local\BTServer.log
2014-08-12 07:52 - 2013-10-11 17:44 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-218488010-109497726-392906908-1001
2014-08-12 07:35 - 2014-08-12 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-12 07:34 - 2014-04-02 08:41 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2014-08-12 07:33 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-08-11 15:02 - 2014-05-11 16:46 - 00000298 _____ () C:\WINDOWS\Tasks\System Speedup_DEFAULT.job
2014-08-11 15:01 - 2014-05-11 16:46 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-08-11 15:01 - 2014-05-11 16:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\System Speedup
2014-08-11 14:08 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-08-10 13:22 - 2014-08-10 13:22 - 00000865 _____ () C:\Users\user\Downloads\TerminExport_140165179lmv1847.ics
2014-08-09 10:49 - 2014-04-01 20:32 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e.job
2014-08-07 17:59 - 2014-08-07 17:59 - 00000168 _____ () C:\Users\user\Desktop\Neues Textdokument (11).txt
2014-08-07 08:20 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-06 08:41 - 2014-08-06 08:41 - 00001053 _____ () C:\Users\user\Desktop\Continue Live Installation.lnk
2014-08-05 13:07 - 2014-05-11 16:46 - 00003562 _____ () C:\WINDOWS\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-08-05 12:57 - 2014-05-11 16:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-07-30 11:29 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-07-29 16:11 - 2014-04-02 08:48 - 00001053 _____ () C:\Users\user\Desktop\Continue VuuPC Installation.lnk
2014-07-29 10:47 - 2012-07-26 08:21 - 00037607 _____ () C:\WINDOWS\setupact.log
2014-07-19 18:55 - 2013-11-04 12:13 - 00002320 _____ () C:\Users\user\Desktop\Google Chrome.lnk
2014-07-16 17:03 - 2012-12-06 20:35 - 00758792 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-16 17:03 - 2012-12-06 20:35 - 00158188 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-16 17:03 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-16 16:46 - 2014-05-11 16:46 - 00000306 _____ () C:\WINDOWS\Tasks\System Speedup_UPDATES.job
2014-07-16 08:38 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-16 08:38 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-15 14:55 - 2014-04-03 11:24 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 14:49 - 2014-07-15 14:49 - 00281248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 14:49 - 2014-07-15 14:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-15 14:49 - 2013-10-29 18:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-15 14:49 - 2012-08-01 16:51 - 00025292 _____ () C:\WINDOWS\PFRO.log
2014-07-15 14:49 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-15 14:48 - 2013-10-29 18:41 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\he_wdhdk.dll
C:\Users\user\AppData\Local\Temp\nsbD7C1.exe
C:\Users\user\AppData\Local\Temp\nsj79EE.exe
C:\Users\user\AppData\Local\Temp\nstEB88.exe
C:\Users\user\AppData\Local\Temp\nsx6A3D.exe
C:\Users\user\AppData\Local\Temp\SPSetup.exe
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite10572.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite10614.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11235.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11323.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11427.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11764.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11801.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite11803.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite12523.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite12703.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite12762.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite14127.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite15033.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite15272.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite15342.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite16307.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite17149.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite18077.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite18428.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite18600.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite18762.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite18946.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite19995.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite20292.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite20558.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite20560.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite20936.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite21544.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite21661.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite21855.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite22075.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite22128.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite22271.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite23060.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite24844.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite25151.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite25187.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite25610.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite26762.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite26947.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite27494.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite27804.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite28244.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite29329.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite29607.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite30227.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite30409.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite32101.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite33504.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite33804.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite34775.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite35056.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite35641.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite35910.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite36259.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite36810.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite37177.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite37178.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite37312.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite37471.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite37975.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite38274.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite39401.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite39836.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite41662.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite41697.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite42498.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite42695.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite42810.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite44558.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite45278.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite45514.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite45759.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite45763.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite46154.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite46378.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite46505.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite46637.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite47913.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite48834.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite50074.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite50189.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite50299.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite51042.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite51368.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite52100.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite52563.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite52700.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite53423.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite53728.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite54020.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite54092.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite55470.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite55483.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite55738.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite55901.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite56003.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite56530.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite57182.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite57587.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite57638.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite57777.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite58147.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite58313.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite59580.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite60312.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite60918.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite61182.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite61532.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite61745.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite62178.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite62370.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite62902.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite63590.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite63805.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite63821.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite63984.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite64054.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite64800.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite65189.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite65212.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite66866.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite66871.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite66901.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite67585.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite68090.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite68182.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite69207.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite69290.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite69597.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite70634.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite70676.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite70767.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite71016.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite71652.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite71876.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite72668.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite73895.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite74960.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite75513.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite76183.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite76391.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite77582.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite77638.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite77945.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite78925.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite79097.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite79755.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite79956.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite81236.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite82996.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite83076.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite83175.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite83405.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite84015.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite84181.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite84255.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite84446.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite84552.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite85895.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite86002.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite86753.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite87433.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite87518.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite87538.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite88774.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite89637.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite90400.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite90593.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite90841.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite91646.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite92253.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite92512.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite92694.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite93177.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite93664.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite94652.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite95044.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite95382.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite95568.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite95813.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite96970.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite97508.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite97968.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite98488.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite98685.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite98844.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite98974.dll
C:\Users\user\AppData\Local\Temp\System.Data.SQLite99750.dll
C:\Users\user\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 11:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by user at 2014-08-12 09:08:40
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Amazon 1Button App (HKLM-x32\...\{4DC2C23D-17DF-4DAC-BA2B-DC1755B2F8E4}) (Version: 1.0.5 - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\BrowserSafeguard) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 7.5.3.1 - Iminent) <==== ATTENTION
Iminent Toolbar on IE and Chrome (HKLM-x32\...\iminent) (Version: 1.8.28.3 - IminentToolbar) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - SunplusIT)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.856 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PriceGong 2.6.11 (HKLM-x32\...\PriceGong) (Version: 2.6.11 - PriceGong) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-218488010-109497726-392906908-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-218488010-109497726-392906908-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-218488010-109497726-392906908-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-218488010-109497726-392906908-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
15-07-2014 05:56:20 Windows Update
22-07-2014 09:42:46 Geplanter Prüfpunkt
04-08-2014 09:28:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00D9561C-1CE0-423D-9CE8-7668244F533C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {01F42CD3-8390-4F9D-9FEB-F2FE775EDB12} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {03873BD4-599F-49BF-BB67-3C4BAD98D136} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {0A2F43BE-B28A-449A-9523-507CA7AF1975} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\user\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [2014-05-11] (Sien SA)
Task: {0A7A3BB8-F066-46A9-B1D8-FCB96D796CF0} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {148ACC08-943F-4D25-8972-D2A6C0A663C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {960CE762-DA73-42BC-8A07-DAA602A85533} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AEF2E3C0-46C4-4963-A35A-E1997BFA328D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {B0B90FE9-B6B4-474F-85A3-C81AF4CC073A} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {C252E7AA-7B2D-4C36-9F61-B2D36E15A483} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {C2ED28F3-8AE0-4FE0-8F6E-40262222DB71} - System32\Tasks\Google Updater and Installer => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D05FFAA1-F3E2-4810-942E-895752090E9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {D6E9F1E8-CD21-4D92-BB26-0D45479C1A45} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-04-02] () <==== ATTENTION
Task: {D7F7663E-E2D2-4FDF-83A4-7C32DC5E1EA5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-15] (Microsoft Corporation)
Task: {E90867FC-3918-4880-855B-FBCCE55899B5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8A37946-D82B-431A-B47A-D895E8FD08C9} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
==================== Loaded Modules (whitelisted) =============
2014-03-14 15:00 - 2014-03-14 15:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-03-14 15:06 - 2014-03-14 15:06 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2012-12-06 11:43 - 2012-08-31 16:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2012-08-17 07:13 - 2012-07-30 12:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-17 07:13 - 2012-07-30 12:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2013-12-18 10:01 - 2013-12-18 10:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-04-01 10:28 - 2014-04-01 10:28 - 00355328 _____ () C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe
2012-12-06 11:49 - 2012-12-06 11:49 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyLpmDll.dll
2013-10-15 16:03 - 2013-10-15 16:04 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-27 05:29 - 2012-08-23 09:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-06 11:41 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-12-06 11:49 - 2012-12-06 11:49 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2014-02-14 11:12 - 2014-07-10 11:33 - 00601144 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-12-06 11:48 - 2012-12-06 11:48 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2014-03-31 16:02 - 2014-04-01 15:12 - 00460288 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-06 11:40 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-02 08:41 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-04-02 08:41 - 2014-02-28 18:29 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2012-12-06 11:49 - 2012-12-06 11:49 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2012-12-06 11:49 - 2012-12-06 11:49 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2012-12-06 11:49 - 2012-12-06 11:49 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2014-02-14 11:12 - 2014-07-10 11:33 - 36966968 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-10 11:33 - 2014-07-10 11:33 - 00867896 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-02-14 11:12 - 2014-07-10 11:33 - 00886840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-02-14 11:12 - 2014-07-10 11:33 - 00108600 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libegl.dll
2012-12-06 11:48 - 2012-12-06 11:48 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2012-12-06 11:48 - 2012-12-06 11:48 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-07-19 18:54 - 2014-07-15 10:24 - 00718664 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:54 - 2014-07-15 10:24 - 00126280 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:54 - 2014-07-15 10:24 - 08537928 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:54 - 2014-07-15 10:24 - 00353096 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:54 - 2014-07-15 10:24 - 01732936 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKCU\...\StartupApproved\Run: => "Google Update"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1350796
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1350796
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/12/2014 07:33:21 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (08/12/2014 07:33:21 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1266
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1266
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/11/2014 05:12:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 536406
Error: (08/11/2014 05:12:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 536406
System errors:
=============
Error: (08/11/2014 05:34:05 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:38:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:37:49 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:37:38 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:37:07 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:36:29 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:36:14 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:35:58 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:35:49 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (08/11/2014 04:35:37 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Microsoft Office Sessions:
=========================
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1350796
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1350796
Error: (08/12/2014 08:27:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/12/2014 07:33:21 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (08/12/2014 07:33:21 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1266
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1266
Error: (08/11/2014 05:37:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/11/2014 05:12:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 536406
Error: (08/11/2014 05:12:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 536406
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 8071.27 MB
Available physical RAM: 5118.31 MB
Total Pagefile: 9287.27 MB
Available Pagefile: 5730.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:92.91 GB) (Free:50.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:3.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: DB0E47AF)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
12.08.2014, 18:04
| #4 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdeckt Adware & Co. deinstallieren
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.08.2014, 08:56
| #5 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Guten Morgen, ich habe den Revo Uninstaller heruntergeladen, allerdings finde ich in dem Uninstallerfeld leider keine Programme, die unter Additional Scan result of Farbar Recovery Scan Tool aufgeführt sind. Was nun? Liebe Grüße |
|
13.08.2014, 19:39
| #6 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdeckt Du siehst also die Programme mit ATTENTION in der Addition.txt, findest diese aber nicht bei Revo`? Gar keines davon? Dann bitte mal normal mit Windows, Systemsteuerung > Programme und Funktionen, deinstallieren.
__________________ --> 22 Trojaner oder Viren nach Avira-Scan entdeckt |
|
18.08.2014, 15:02
| #7 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Hallo schrauber, ich habe eben alle Programme mit dem Zusatz Attention deinstalliert. Danach habe ich den Computern neu gestartet,damit die Deinstallation von allen Programmen vollständig abgeschlossen ist. Leider lässt sich jetzt mit meinem Laptop keine Verbindung zum WLAN herstellen. Es wird angezeigt, dass keine Netzwerke vorhanden sind, was eigentlich nicht sein kan.. HILFE :'-( Liebe grüße Melina |
|
19.08.2014, 10:53
| #8 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdeckt Frisches FRST log bitte. Zur Not per Stick auf nen adnern Rechner bringen und dann posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 11:16
| #9 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Hi, seit heute Morgen geht die wlan-Verbindung wieder. Hatte zuerst Probleme mit dem Proxyserver, konnte das aber selber beheben. Jetzt habe ich das Programm ComboFix durchlaufen lassen. Nach einem Neustart hat sich ein Fenster geöffnet, in dem System speedup 80 Feher gemeldet hat. Ehrlich gesagt, weiss ich nicht, was System speedup ist. Vielleicht ein Kaufprogramm? Ich habe das Fenster zunächst geschlossen. Hier jetzt also das Ergebnis von Combofix: Brauchst du jetzt trotzdem noch ein frisches FRST log ? Dankeschön  Melina Code:
ATTFilter ComboFix 14-08-19.01 - user 19.08.2014 9:46.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8071.6306 [GMT 1:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PriceGong
c:\program files (x86)\PriceGong\2.6.11\PriceGong.crx
c:\program files (x86)\PriceGong\2.6.11\PriceGongIE.dll
c:\program files (x86)\PriceGong\uninst.exe
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.jpg
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\user\AppData\Local\nsa2AE3.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-19 bis 2014-08-19 ))))))))))))))))))))))))))))))
.
.
2014-08-19 09:01 . 2014-08-19 09:02 -------- d-----w- c:\users\user\AppData\Local\temp
2014-08-19 09:01 . 2014-08-19 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-14 09:34 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-14 09:31 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 09:31 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 07:38 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 07:38 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-14 07:38 . 2014-07-24 12:09 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-08-14 07:36 . 2014-07-24 12:09 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-08-14 07:29 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-14 07:29 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-13 07:43 . 2014-08-13 07:43 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-12 08:05 . 2014-08-13 07:49 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-02 00:15 . 2014-01-01 15:35 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15 . 2014-01-01 15:35 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-15 13:55 . 2014-04-03 10:24 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-15 13:48 . 2013-10-29 17:41 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-03 17:05 . 2014-04-03 09:27 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:42 . 2014-07-10 07:23 394240 ----a-w- c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-07-10 07:23 702464 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 22:42 . 2014-07-10 07:23 87552 ----a-w- c:\windows\system32\aepic.dll
2014-06-28 03:35 . 2014-07-10 07:23 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-06-17 23:27 . 2014-07-09 18:35 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 18:35 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-09 18:30 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 18:30 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-03 08:57 . 2014-04-03 09:27 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-06-02 22:33 . 2014-07-09 18:31 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 18:34 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 18:34 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 18:34 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 18:34 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 18:31 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-30 20:27 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47 627712 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\user\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]
"Spotify Web Helper"="c:\users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-25 508656]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-14 751184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Motion Control.lnk - c:\program files (x86)\Lenovo\MotionControl\MotionControl.exe [2012-12-6 172624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 DptfPolicyLpmService;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\Umbrella268.exe;c:\program files (x86)\Common Files\Umbrella\Umbrella268.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ymc;ymc;c:\programdata\YogaSmartSwicth\Server\x64\ymc.exe;c:\programdata\YogaSmartSwicth\Server\x64\ymc.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 leymc;leymc Service;c:\windows\system32\DRIVERS\leymc.sys;c:\windows\SYSNATIVE\DRIVERS\leymc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 SensorsAlsDriver;UMDF-Reflektordienst für SensorsAlsDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SensorsHIDClassDriver;UMDF-Reflektordienst für SensorsHIDClassDriver;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
S3 SensorsServiceDriver;UMDF-Reflektordienst für SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04 11:12]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04 11:12]
.
2014-08-18 c:\windows\Tasks\System Speedup_DEFAULT.job
- c:\program files (x86)\System Speedup\SystemSpeedup.exe [2014-05-11 16:53]
.
2014-07-16 c:\windows\Tasks\System Speedup_UPDATES.job
- c:\program files (x86)\System Speedup\SystemSpeedup.exe [2014-05-11 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-30 20:27 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47 774144 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-24 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-24 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-24 441152]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2012-08-29 449024]
"Lenovo Transition"="c:\program files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe" [2012-12-06 209488]
"yogaserver"="c:\programdata\YogaSmartSwicth\yogaserver.exe" [2012-12-06 208464]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-12-06 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-12-06 191544]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:58541;https=127.0.0.1:58541
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000
IE: Bild an Bluetooth-Gerät senden - c:\program files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Seite an Bluetooth-Gerät senden - c:\program files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Iminent - c:\program files (x86)\Iminent\Iminent.exe
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
Toolbar-Locked - (no file)
HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-19 10:08:18
ComboFix-quarantined-files.txt 2014-08-19 09:08
.
Vor Suchlauf: 14 Verzeichnis(se), 54.306.062.336 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 54.245.445.632 Bytes frei
.
- - End Of File - - 7EB87C38F440A07D4430CDB4462E2F55
5FB38429D5D77768867C76DCBDB35194
|
|
20.08.2014, 07:58
| #10 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdeckt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.08.2014, 11:10
| #11 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Hallo Schrauber, alles ausgeführt, wie du geschrieben hast. Nachdem ich Mbam durchlaufen ließ, konnte ich wieder nicht ins Internet. Ich musste erst den Funknetzwerkadapter zurücksetzen. Nachdem letzen Suchlauf (JRT) war die zu Beginn heruntergeladene Shell-App leider auch verschwunden. Hier die Ergebnisse: Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 22/08/2014 um 09:47:01
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : user - IDEA-PC
# Gestartet von : C:\Users\user\Downloads\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : DptfParticipantProcessorService
Dienst Gelöscht : DptfPolicyConfigTDPService
[#] Dienst Gelöscht : DptfPolicyLpmService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\System Speedup
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\users\user\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\users\user\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\users\user\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
Datei Gelöscht : C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe
Datei Gelöscht : C:\WINDOWS\System32\DptfPolicyLpmService.exe
Datei Gelöscht : C:\users\user\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\users\user\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\users\user\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\users\user\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\users\user\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
Datei Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : BrowserSafeguard Update Task
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\System Speedup
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17054
-\\ Google Chrome v
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB
Gelöscht [Homepage] : hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [6816 octets] - [22/08/2014 09:44:21]
AdwCleaner[S0].txt - [6422 octets] - [22/08/2014 09:47:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6482 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.08.2014 Suchlauf-Zeit: 08:57:27 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.22.03 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: user Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 305364 Verstrichene Zeit: 23 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.Iminent, C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe, 2152, Löschen bei Neustart, [e4b75574b0cbcf67fada1300c9385ba5] Module: 0 (No malicious items detected) Registrierungsschlüssel: 27 PUP.Optional.Iminent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SProtection, In Quarantäne, [e4b75574b0cbcf67fada1300c9385ba5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [debdf2d72e4d7bbb76c6314434ce7c84], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [debdf2d72e4d7bbb76c6314434ce7c84], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [d7c4359495e62a0c1cabf8b07c8647b9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [d7c4359495e62a0c1cabf8b07c8647b9], PUP.Optional.Snapdo.T, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [346794353a4192a44b88d0dc9d65dd23], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [346794353a4192a44b88d0dc9d65dd23], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [4e4d01c87cfff541732daaff778b07f9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [7922bf0a3b40d165b4edbfea08faee12], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}, In Quarantäne, [aaf115b475068caae007a4cbd032649c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [4c4f3396aad1f83e701bcd48d23151af], PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, In Quarantäne, [0299cffaf289ff3787f508e22dd5da26], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [7922696086f5c670cdf09b98a65efe02], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\IminentToolbar, In Quarantäne, [d9c24a7f0c6f71c5cdb0fc1a24df44bc], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [6239a128a5d6aa8c922bcc67d2326898], PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [4556b91095e681b568caf91e42c1d52b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\igdhbblpcellaljokkpfhcjlagemhgjl, In Quarantäne, [534821a8dd9e1a1cacde1302c73cba46], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [485317b24536e84e39f5cb2635cdb24e], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [7f1c9b2e1764330367ce816ebd4502fe], PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, In Quarantäne, [c4d743861368d264f278929a94701ee2], PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowsersafeguardInstalled, Löschen bei Neustart, [504beedb0b7068ce1628fff2a75be61a], PUP.Optional.Iminent.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Löschen bei Neustart, [75268049007bfc3a5933051026dd0bf5], PUP.Optional.Iminent.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentToolbar, Löschen bei Neustart, [4952507988f3de58d2ac7b9b0003fa06], PUP.Optional.PriceGong.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Löschen bei Neustart, [623923a6e2990531759755bae51e55ab], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Löschen bei Neustart, [d4c7a7222952a096337b9d69946f728e], PUP.Optional.Iminent.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, Löschen bei Neustart, [6c2f67625c1f76c004479b6527dc3bc5], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [6a316861accf69cd4be92ac540c26d93], Registrierungswerte: 3 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [485317b24536e84e39f5cb2635cdb24e] PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 4 } } } , In Quarantäne, [c4d743861368d264f278929a94701ee2] PUP.Optional.Snapdo.T, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [6e2d4e7bd6a590a666ab6e7faa5807f9] Registrierungsdaten: 4 PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000),Ersetzt,[326909c06b105adcf9cf775a15efb848] PUP.Optional.HelperBar.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000),Löschen bei Neustart,[089321a83843d363e5e81cb505ffdd23] PUP.Optional.HelperBar.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000),Löschen bei Neustart,[0299a722a7d4f73f3f8f1fb2758f2cd4] PUP.Optional.HelperBar.A, HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e96a7d7-6874-8293-910c-650244dd525f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/02/2014&type=hp1000),Löschen bei Neustart,[1b80caffa7d42f0709c0923f758f857b] Ordner: 22 PUP.Optional.SystemSpeedup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup, In Quarantäne, [25761eab6f0c0e2846ece50a45bd16ea], PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy, In Quarantäne, [96059336d5a674c2436e28940df58779], PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\B0A2E26BB10941FB9904252985E29FB4, In Quarantäne, [96059336d5a674c2436e28940df58779], PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\F18B6932284F4739ADE6895A16572732, In Quarantäne, [96059336d5a674c2436e28940df58779], PUP.Optional.Iminent.A, C:\Users\user\AppData\Roaming\IminentToolbar, In Quarantäne, [bdde25a498e365d182f3546a748eb34d], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong, In Quarantäne, [633802c7fe7d221497c50bb8897909f7], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\UI, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, In Quarantäne, [fe9d5d6c1b60360097fd9f33f60c36ca], PUP.Optional.SystemSpeedup, C:\Users\user\AppData\Roaming\systweak\ssd, In Quarantäne, [c1daf9d0ff7c69cd8a04e1f4808205fb], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, In Quarantäne, [f2a920a91566f145750915cd62a0649c], PUP.Optional.AdvancedSystemProtector.A, C:\Users\user\AppData\Roaming\systweak\Advanced System Protector, In Quarantäne, [2a719435aecd48eea6d8439fd92912ee], Dateien: 89 PUP.Optional.Iminent, C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe, Löschen bei Neustart, [e4b75574b0cbcf67fada1300c9385ba5], PUP.Optional.Linkury.A, C:\Users\user\AppData\Roaming\OpenCandy\B0A2E26BB10941FB9904252985E29FB4\Installer.exe, In Quarantäne, [3a6102c7017a191de87cd4c58084867a], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, In Quarantäne, [4853b019611a122414d115934db448b8], PUP.Optional.GenericExt.A, C:\Users\user\AppData\Local\temp\igdhbblpcellaljokkpfhcjlagemhgjl19eac\minibarchrome.exe, In Quarantäne, [8b1039908eedbf77fd6665d8728e738d], PUP.Optional.AppsInstaller, C:\Users\user\Downloads\Setup.exe, In Quarantäne, [8e0d5079dd9eab8bfc038e2d2fd59b65], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced System Protector_startup, In Quarantäne, [b8e346835328ca6c5b1d2fb8a35f0ef2], PUP.Optional.SystemSpeedup, C:\Windows\Tasks\System Speedup_DEFAULT.job, In Quarantäne, [e8b33693a4d78ea8f6e228c681816a96], PUP.Optional.SystemSpeedup, C:\Windows\System32\Tasks\System Speedup_DEFAULT, In Quarantäne, [6239a920a1dac175dbfe529c37cb8779], PUP.Optional.SystemSpeedup, C:\Windows\Tasks\System Speedup_UPDATES.job, In Quarantäne, [f8a3dceddc9f122428b24ba39e64ee12], PUP.Optional.SystemSpeedup, C:\Windows\System32\Tasks\System Speedup_UPDATES, In Quarantäne, [801bb118483389ad32a935b962a0c23e], PUP.Optional.SystemSpeedup, C:\Users\Public\Desktop\System Speedup.lnk, In Quarantäne, [6a312b9e7a01320455db5c937a885fa1], PUP.Optional.SystemSpeedup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup\System Speedup.lnk, In Quarantäne, [25761eab6f0c0e2846ece50a45bd16ea], PUP.Optional.SystemSpeedup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup\Register System Speedup.lnk, In Quarantäne, [25761eab6f0c0e2846ece50a45bd16ea], PUP.Optional.SystemSpeedup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup\System Speedup entfernen.lnk, In Quarantäne, [25761eab6f0c0e2846ece50a45bd16ea], PUP.Optional.BrowserSafeGuard.A, C:\Windows\System32\Tasks\BrowserSafeguard Update Task, In Quarantäne, [b4e750793d3e45f1420af6fc1fe3a35d], PUP.Optional.Iminent.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [8a1126a3611aaf87fb4e52ac887a24dc], PUP.Optional.AdPeak.A, C:\Program Files\003\xmkysecqun64.exe, In Quarantäne, [a3f8c009c2b942f43169ec1517ec08f8], PUP.Optional.Iminent.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, In Quarantäne, [07940bbe3843b77fec2104461be97f81], PUP.Optional.Iminent.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, In Quarantäne, [643708c153281422a46908425fa57888], PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\F18B6932284F4739ADE6895A16572732\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [96059336d5a674c2436e28940df58779], PUP.Optional.Iminent.A, C:\Users\user\AppData\Roaming\IminentToolbar\sqlite3.dll, In Quarantäne, [bdde25a498e365d182f3546a748eb34d], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\homePage.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury128.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury16.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury48.png, In Quarantäne, [8f0ce5e4502b83b3a43aa41b37cbbd43], PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Contact Us.lnk, In Quarantäne, [633802c7fe7d221497c50bb8897909f7], PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Help.lnk, In Quarantäne, [633802c7fe7d221497c50bb8897909f7], PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Homepage.lnk, In Quarantäne, [633802c7fe7d221497c50bb8897909f7], PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\Uninstall PriceGong.lnk, In Quarantäne, [633802c7fe7d221497c50bb8897909f7], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [56459534a1daf93dccaed1011ae89868], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, In Quarantäne, [fe9d5d6c1b60360097fd9f33f60c36ca], PUP.Optional.SystemSpeedup, C:\Users\user\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [c1daf9d0ff7c69cd8a04e1f4808205fb], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by user on 22.08.2014 at 9:58:46,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2014 at 10:33:00,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014 Ran by user (administrator) on IDEA-PC on 22-08-2014 10:47:44 Running from C:\Users\user\Downloads\FRST-OlderVersion Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe () C:\ProgramData\YogaSmartSwicth\yogaserver.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-23] (Synaptics) HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-06] (Lenovo) HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-06] () HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-06] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-06] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-23] (Synaptics Incorporated) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-10] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe () ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:58541;https=127.0.0.1:58541 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {B056DEF7-E1BA-429E-B971-7368C4B8EB4E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-12-06] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: search.iminent.com CHR DefaultSearchProvider: SearchTheWeb CHR DefaultSearchURL: hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB&ref=toolbox&q={searchTerms} CHR DefaultSuggestURL: CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-06] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-06] (Lenovo) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation) R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1574032 2012-09-11] (Realtek Semiconductor Corporation ) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [36864 2012-11-06] (Synaptics Incorporated) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 10:33 - 2014-08-22 10:33 - 00000611 _____ () C:\Users\user\Desktop\JRT.txt 2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-22 09:57 - 2014-08-22 09:57 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-08-22 09:56 - 2014-08-22 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-22 09:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-08-22 09:44 - 2014-08-22 09:47 - 00000000 ____D () C:\AdwCleaner 2014-08-22 09:37 - 2014-08-22 09:39 - 01364531 _____ () C:\Users\user\Downloads\adwcleaner_3.308.exe 2014-08-22 09:28 - 2014-08-22 09:28 - 00029178 _____ () C:\Users\user\Desktop\mbam.txt 2014-08-22 08:56 - 2014-08-22 09:51 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 08:55 - 2014-08-22 08:55 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 08:54 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-22 08:54 - 2014-08-22 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 08:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-22 08:54 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-22 08:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-22 08:50 - 2014-08-22 08:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 10:08 - 2014-08-19 10:08 - 00027501 _____ () C:\ComboFix.txt 2014-08-19 09:43 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-08-19 09:43 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-08-19 09:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-08-19 09:41 - 2014-08-19 10:08 - 00000000 ____D () C:\Qoobox 2014-08-19 09:41 - 2014-08-19 10:03 - 00000000 ____D () C:\WINDOWS\erdnt 2014-08-19 09:39 - 2014-08-19 09:40 - 05572251 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-08-17 18:05 - 2014-08-07 07:33 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-08-17 18:05 - 2014-08-07 04:09 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-08-14 10:34 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-08-14 10:31 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-08-14 10:31 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-08-14 08:38 - 2014-07-24 13:09 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-08-14 08:38 - 2014-06-13 02:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-08-14 08:38 - 2014-06-13 02:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-08-14 08:37 - 2014-07-24 13:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-08-14 08:37 - 2014-07-24 13:10 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-08-14 08:37 - 2014-07-24 13:09 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-08-14 08:37 - 2014-07-24 11:51 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-08-14 08:36 - 2014-07-24 13:09 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-08-14 08:36 - 2014-07-24 11:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-08-14 08:36 - 2014-07-24 11:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-08-14 08:36 - 2014-07-24 11:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-08-14 08:36 - 2014-07-24 09:03 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-08-14 08:36 - 2014-07-16 00:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-14 08:36 - 2014-07-15 23:55 - 04035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-14 08:36 - 2014-07-12 03:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-08-14 08:36 - 2014-06-20 00:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2014-08-14 08:36 - 2014-06-19 23:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2014-08-14 08:36 - 2014-06-05 18:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-08-14 08:36 - 2014-06-05 18:30 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-08-14 08:36 - 2014-06-05 18:29 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-08-14 08:36 - 2014-06-05 18:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-08-14 08:36 - 2014-06-05 18:28 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-08-14 08:36 - 2014-06-05 18:28 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-08-14 08:36 - 2014-06-05 14:12 - 08857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-08-14 08:36 - 2014-06-05 14:11 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-08-14 08:36 - 2014-06-05 14:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-08-14 08:36 - 2014-06-05 14:10 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-08-14 08:36 - 2014-06-05 14:10 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-08-14 08:29 - 2014-05-29 05:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2014-08-14 08:29 - 2014-05-08 02:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-08-13 08:49 - 2014-08-22 10:47 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion 2014-08-13 08:43 - 2014-08-13 08:43 - 00001271 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-08-13 08:43 - 2014-08-13 08:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-08-13 08:42 - 2014-08-13 08:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe 2014-08-12 09:08 - 2014-08-12 09:11 - 00027551 _____ () C:\Users\user\Downloads\Addition.txt 2014-08-12 09:05 - 2014-08-22 10:48 - 00000000 ____D () C:\FRST 2014-08-12 09:05 - 2014-08-12 09:11 - 00045779 _____ () C:\Users\user\Downloads\FRST.txt 2014-08-12 09:04 - 2014-08-13 08:49 - 01199104 _____ () C:\Users\user\Downloads\FRST64.exe 2014-08-10 13:22 - 2014-08-10 13:22 - 00000865 _____ () C:\Users\user\Downloads\TerminExport_140165179lmv1847.ics 2014-08-07 17:59 - 2014-08-07 17:59 - 00000168 _____ () C:\Users\user\Desktop\Neues Textdokument (11).txt 2014-08-04 10:29 - 2014-05-20 03:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-08-04 10:29 - 2014-05-20 00:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-08-04 10:29 - 2014-05-20 00:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-08-04 10:29 - 2014-05-20 00:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-08-04 10:29 - 2014-05-14 23:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-08-04 10:29 - 2014-05-14 23:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-08-04 10:29 - 2014-05-14 23:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-08-04 10:29 - 2014-05-14 23:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 10:49 - 2014-04-01 20:32 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e.job 2014-08-22 10:49 - 2013-12-06 17:22 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece.job 2014-08-22 10:48 - 2014-08-12 09:05 - 00000000 ____D () C:\FRST 2014-08-22 10:47 - 2014-08-13 08:49 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion 2014-08-22 10:33 - 2014-08-22 10:33 - 00000611 _____ () C:\Users\user\Desktop\JRT.txt 2014-08-22 10:13 - 2013-10-11 17:44 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-218488010-109497726-392906908-1001 2014-08-22 10:08 - 2013-10-11 17:38 - 00042803 _____ () C:\Users\user\AppData\Local\BTServer.log 2014-08-22 10:03 - 2012-12-06 11:39 - 01463222 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-22 10:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-22 09:58 - 2012-12-06 20:35 - 00758792 _____ () C:\WINDOWS\system32\perfh007.dat 2014-08-22 09:58 - 2012-12-06 20:35 - 00158188 _____ () C:\WINDOWS\system32\perfc007.dat 2014-08-22 09:58 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-22 09:57 - 2014-08-22 09:57 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-08-22 09:57 - 2013-11-29 13:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\ClassicShell 2014-08-22 09:56 - 2014-08-22 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-22 09:52 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify 2014-08-22 09:51 - 2014-08-22 08:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 09:50 - 2012-12-06 11:44 - 00000000 ____D () C:\ProgramData\Realtek 2014-08-22 09:50 - 2012-08-01 16:51 - 00070208 _____ () C:\WINDOWS\PFRO.log 2014-08-22 09:50 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-22 09:50 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-22 09:47 - 2014-08-22 09:44 - 00000000 ____D () C:\AdwCleaner 2014-08-22 09:39 - 2014-08-22 09:37 - 01364531 _____ () C:\Users\user\Downloads\adwcleaner_3.308.exe 2014-08-22 09:35 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-08-22 09:28 - 2014-08-22 09:28 - 00029178 _____ () C:\Users\user\Desktop\mbam.txt 2014-08-22 09:24 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-08-22 09:22 - 2012-12-06 11:48 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-08-22 08:55 - 2014-08-22 08:55 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 08:55 - 2014-08-22 08:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-22 08:54 - 2014-08-22 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 08:51 - 2014-08-22 08:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-22 08:31 - 2014-05-11 16:46 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-08-20 21:31 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify 2014-08-19 10:15 - 2014-07-15 14:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-08-19 10:08 - 2014-08-19 10:08 - 00027501 _____ () C:\ComboFix.txt 2014-08-19 10:08 - 2014-08-19 09:41 - 00000000 ____D () C:\Qoobox 2014-08-19 10:07 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-19 10:03 - 2014-08-19 09:41 - 00000000 ____D () C:\WINDOWS\erdnt 2014-08-19 10:02 - 2012-07-26 06:26 - 00000215 _____ () C:\WINDOWS\system.ini 2014-08-19 09:40 - 2014-08-19 09:39 - 05572251 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-08-14 18:10 - 2014-07-15 14:49 - 00281248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-14 18:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-08-14 18:06 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-08-13 13:54 - 2013-11-04 12:13 - 00002320 _____ () C:\Users\user\Desktop\Google Chrome.lnk 2014-08-13 08:49 - 2014-08-12 09:04 - 01199104 _____ () C:\Users\user\Downloads\FRST64.exe 2014-08-13 08:43 - 2014-08-13 08:43 - 00001271 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-08-13 08:43 - 2014-08-13 08:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-08-13 08:42 - 2014-08-13 08:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe 2014-08-12 09:11 - 2014-08-12 09:08 - 00027551 _____ () C:\Users\user\Downloads\Addition.txt 2014-08-12 09:11 - 2014-08-12 09:05 - 00045779 _____ () C:\Users\user\Downloads\FRST.txt 2014-08-10 13:22 - 2014-08-10 13:22 - 00000865 _____ () C:\Users\user\Downloads\TerminExport_140165179lmv1847.ics 2014-08-07 17:59 - 2014-08-07 17:59 - 00000168 _____ () C:\Users\user\Desktop\Neues Textdokument (11).txt 2014-08-07 07:33 - 2014-08-17 18:05 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-08-07 04:09 - 2014-08-17 18:05 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-08-02 01:15 - 2014-01-01 16:35 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-08-02 01:15 - 2014-01-01 16:35 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-29 10:47 - 2012-07-26 08:21 - 00037607 _____ () C:\WINDOWS\setupact.log 2014-07-24 13:11 - 2014-08-14 08:37 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-24 13:10 - 2014-08-14 08:37 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-24 13:10 - 2014-08-14 08:37 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-24 13:10 - 2014-08-14 08:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-07-24 13:10 - 2014-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-07-24 13:09 - 2014-08-14 08:38 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-24 13:09 - 2014-08-14 08:37 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-07-24 13:09 - 2014-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-07-24 13:09 - 2014-08-14 08:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-07-24 11:52 - 2014-08-14 08:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-24 11:52 - 2014-08-14 08:37 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-24 11:52 - 2014-08-14 08:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-24 11:51 - 2014-08-14 08:37 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-07-24 11:51 - 2014-08-14 08:37 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-07-24 11:51 - 2014-08-14 08:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-07-24 11:33 - 2014-08-14 08:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-07-24 11:29 - 2014-08-14 08:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-07-24 09:03 - 2014-08-14 08:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll Some content of TEMP: ==================== C:\Users\user\AppData\Local\temp\avgnt.exe C:\Users\user\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 11:34 ==================== End Of Log ============================ |
|
23.08.2014, 05:51
| #12 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdecktESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.09.2014, 09:11
| #13 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Hallo schrauber, ich habe den Eset Online-Scanner, wie von Dir gewünscht, installiert. Danach habe ich einen Scan durchlaufen lassen, jedoch vergessen, das Häckchen bei "Entdeckte Bedrohung entfernen" zu entfernen. Nachdem der Scan circa 30% durchgelaufen ist, habe ich diesen abgebrochen und von vorne gestartet, nachdem ich das Häckchen entfernt habe. Leider blieb der Scan bei 0% stehen. So habe ich nach ca. 15min Eset deinstaliert und erneut heruntergeladen. Anschließend habe ich erneut (diesmal alles richtig) den Scan gestartet. Nach über 13 Stunden war der Scan gerade einmal bei 48% und es hatte sich seit Stunden nichts getan. So habe ich den Scan wieder beendet. Das bisherige Prüfergebnis füge ich Dir bei. Was ist mein Fehler gewesen? Liebe Grüße Melina Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eb8c6dc261846a4499f83b04cfe81c89
# engine=19984
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-04 08:55:38
# local_time=2014-09-04 09:55:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5122 16777214 66 79 26482902 72136764 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9303378 69327049 0 0
# scanned=97967
# found=26
# cleaned=0
# scan_time=49455
sh=75F4A06A0290B613622C7E10E3B05EE0525C1481 ft=1 fh=e7b99738d4ab1513 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\System Speedup\systweakasp.exe.vir"
sh=0FD7F3F732BFBD0956BB319E25F361E2AE6D8F12 ft=1 fh=a33b31cb5f52c3c7 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=FFEC56FADE93CDC75BE54088182436632BE47C08 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir"
sh=E5D10734FD19C4B3933E89E409995BD65B0525AE ft=1 fh=2cfbb955d3345716 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=6F128DA8FF822762C3AFF6D4287B27F494D3C004 ft=1 fh=3391385024d0e020 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\AppData\Local\nsa2AE3.tmp.vir"
sh=212ED8B01386C69F4610FB0D8ECEC6EC59F34EB9 ft=1 fh=ca9f110549e6e28e vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE0SFPZI\SPSetup[1].exe"
sh=F951CF7FA1E4B8DF2497445966DB8C1436A37BF2 ft=1 fh=3fad4ded560aca25 vn="Win32/VOPackage.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE0SFPZI\VOPackage[1].exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE0SFPZI\wajam_validate[1].exe"
sh=508EC6CC4EA7799831B3F6EEF6756283FBBF07E9 ft=1 fh=2986675f493bbada vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCJN655Z\IminentMinibarIE[1].exe"
sh=A9928E2B4D421C747611B8047BBFE37D062681BD ft=1 fh=b84522b494f6a276 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCJN655Z\pricegong_2611[1]"
sh=9C4F6511740AB36A028832AE3DF0F50013BA33EC ft=1 fh=1fcc68b7aa7ba878 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCJN655Z\rcpsetup_imppi9_imppi9[1].exe"
sh=6F128DA8FF822762C3AFF6D4287B27F494D3C004 ft=1 fh=3391385024d0e020 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCJN655Z\Setup[1].exe"
sh=2BAE45A1CEAEFED3213B9AF45BBF38726AFB37A9 ft=1 fh=e01f9661de603fd7 vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AF9URT\installer[1].exe"
sh=F79C0EF8CFEF8154CBE021355BCE02A4F9046FEF ft=1 fh=2e53735c230ec7ab vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AF9URT\MinibarFirefox[1].exe"
sh=0CE29E4B3CE1004C7967DAF574BA8D2920782299 ft=1 fh=af37a12746f98a73 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMWIN0IP\IMinentToolbar[1].exe"
sh=92ABB9F8A2057EBBD276E0A76BF5217E90D88758 ft=1 fh=8316fae4dab5099f vn="Variante von Win32/Toolbar.Iminent.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMWIN0IP\metro[1].exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMWIN0IP\sp-downloader[1].exe"
sh=99494F1A58D941E623698D5ED4E3D3CB73D6FD88 ft=1 fh=f97cef5fd46b6798 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
|
|
05.09.2014, 06:54
| #14 |
| /// the machine /// TB-Ausbilder | 22 Trojaner oder Viren nach Avira-Scan entdeckt Passt schon, aber der Rest der obigen Anleitung fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2014, 12:08
| #15 |
| | 22 Trojaner oder Viren nach Avira-Scan entdeckt Alles klar :-) Hier das Ergebnis vom SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.87 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop McAfee Anti-Virus und Anti-Spyware Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome 37.0.2062.102 Google Chrome 37.0.2062.103 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` [CODE FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01 Ran by user (administrator) on IDEA-PC on 10-09-2014 13:02:11 Running from C:\Users\user\Downloads\FRST-OlderVersion Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe () C:\ProgramData\YogaSmartSwicth\yogaserver.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\user\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe (The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe (The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-23] (Synaptics) HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-06] (Lenovo) HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-06] () HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-06] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-06] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-23] (Synaptics Incorporated) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-26] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-26] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd) HKU\S-1-5-21-218488010-109497726-392906908-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-26] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe () ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:58541;https=127.0.0.1:58541 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {B056DEF7-E1BA-429E-B971-7368C4B8EB4E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-12-06] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchKeyword: Default -> search.iminent.com CHR DefaultSearchProvider: Default -> SearchTheWeb CHR DefaultSearchURL: Default -> hxxp://search.iminent.com/?appId=6834B3EF-E6FE-49EB-80EB-A3A13FA060FB&ref=toolbox&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-06] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-06] (Lenovo) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation) R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1574032 2012-09-11] (Realtek Semiconductor Corporation ) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [36864 2012-11-06] (Synaptics Incorporated) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 12:36 - 2014-09-10 12:36 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe 2014-09-10 12:33 - 2014-09-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-09-07 18:21 - 2014-09-07 18:21 - 00008650 _____ () C:\Users\user\Desktop\Unbenannt 1.odt 2014-09-06 15:56 - 2014-09-06 15:56 - 00009275 _____ () C:\Users\user\Desktop\b3 Seminar.odt 2014-09-04 09:56 - 2014-09-04 09:56 - 00004090 _____ () C:\Users\user\Desktop\123.txt 2014-09-03 20:05 - 2014-09-03 20:05 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-03 19:23 - 2014-09-03 19:23 - 00000611 _____ () C:\Users\user\Desktop\JRT.txt 2014-09-03 18:45 - 2014-09-03 18:45 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT (1).exe 2014-09-03 17:21 - 2014-09-03 17:23 - 01370483 _____ () C:\Users\user\Downloads\adwcleaner_3.309.exe 2014-09-03 17:20 - 2014-09-03 17:20 - 00001141 _____ () C:\Users\user\Desktop\mbam.txt.txt 2014-09-03 16:52 - 2014-09-03 16:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-08-31 14:07 - 2014-08-23 07:47 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-30 10:48 - 2014-08-30 10:48 - 00026102 _____ () C:\Users\user\Desktop\Mietbescheinigung.odt 2014-08-30 09:38 - 2014-08-30 09:38 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-30 09:38 - 2014-08-30 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-30 09:37 - 2014-08-30 09:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-30 09:37 - 2014-08-30 09:38 - 00000000 ____D () C:\Program Files\iTunes 2014-08-30 09:37 - 2014-08-30 09:38 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-30 09:37 - 2014-08-30 09:37 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 14:46 - 2014-08-29 14:46 - 00409796 _____ () C:\Users\user\Downloads\message-rfc822-attachment 2014-08-27 10:16 - 2014-09-09 15:49 - 00023314 _____ () C:\Users\user\Desktop\B5 Seminar.odt 2014-08-27 09:32 - 2014-08-27 09:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\LibreOffice 2014-08-27 09:31 - 2014-08-27 09:31 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk 2014-08-27 09:31 - 2014-08-27 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3 2014-08-27 09:20 - 2014-08-27 09:31 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-08-27 09:18 - 2014-08-27 09:25 - 223113216 _____ () C:\Users\user\Downloads\LibreOffice_4.3.0_Win_x86.msi 2014-08-27 09:18 - 2014-08-27 09:19 - 07393280 _____ () C:\Users\user\Downloads\LibreOffice_4.3.0_Win_x86_helppack_de.msi 2014-08-24 10:10 - 2014-08-24 10:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-22 09:57 - 2014-08-22 09:57 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-08-22 09:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-08-22 09:44 - 2014-09-03 18:45 - 00000000 ____D () C:\AdwCleaner 2014-08-22 09:37 - 2014-08-22 09:39 - 01364531 _____ () C:\Users\user\Downloads\adwcleaner_3.308.exe 2014-08-22 09:28 - 2014-08-22 09:28 - 00029178 _____ () C:\Users\user\Desktop\mbam.txt 2014-08-22 08:56 - 2014-09-10 12:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 08:55 - 2014-09-03 16:54 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 08:55 - 2014-09-03 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 08:54 - 2014-09-03 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-22 08:54 - 2014-08-22 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 08:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-22 08:54 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-22 08:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-22 08:50 - 2014-08-22 08:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 10:08 - 2014-08-19 10:08 - 00027501 _____ () C:\ComboFix.txt 2014-08-19 09:43 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-08-19 09:43 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-08-19 09:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-08-19 09:43 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-08-19 09:41 - 2014-08-19 10:08 - 00000000 ____D () C:\Qoobox 2014-08-19 09:41 - 2014-08-19 10:03 - 00000000 ____D () C:\WINDOWS\erdnt 2014-08-19 09:39 - 2014-08-19 09:40 - 05572251 ____R () C:\Users\user\Downloads\ComboFix.exe 2014-08-17 18:05 - 2014-08-07 07:33 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-08-17 18:05 - 2014-08-07 04:09 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-08-14 10:34 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-08-14 10:31 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-08-14 10:31 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-08-14 08:38 - 2014-07-24 13:09 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-08-14 08:38 - 2014-06-13 02:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-08-14 08:38 - 2014-06-13 02:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-08-14 08:37 - 2014-07-24 13:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-08-14 08:37 - 2014-07-24 13:10 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-08-14 08:37 - 2014-07-24 13:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-08-14 08:37 - 2014-07-24 13:09 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-08-14 08:37 - 2014-07-24 13:09 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-08-14 08:37 - 2014-07-24 11:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-08-14 08:37 - 2014-07-24 11:51 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-08-14 08:37 - 2014-07-24 11:51 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-08-14 08:36 - 2014-07-24 13:09 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-08-14 08:36 - 2014-07-24 11:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-08-14 08:36 - 2014-07-24 11:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-08-14 08:36 - 2014-07-24 11:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-08-14 08:36 - 2014-07-24 09:03 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-08-14 08:36 - 2014-07-16 00:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-14 08:36 - 2014-07-12 03:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-08-14 08:36 - 2014-06-20 00:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2014-08-14 08:36 - 2014-06-19 23:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2014-08-14 08:36 - 2014-06-05 18:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-08-14 08:36 - 2014-06-05 18:30 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-08-14 08:36 - 2014-06-05 18:29 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-08-14 08:36 - 2014-06-05 18:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-08-14 08:36 - 2014-06-05 18:28 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-08-14 08:36 - 2014-06-05 18:28 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-08-14 08:36 - 2014-06-05 14:12 - 08857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-08-14 08:36 - 2014-06-05 14:11 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-08-14 08:36 - 2014-06-05 14:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-08-14 08:36 - 2014-06-05 14:10 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-08-14 08:36 - 2014-06-05 14:10 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-08-14 08:29 - 2014-05-29 05:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2014-08-14 08:29 - 2014-05-08 02:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-08-13 08:49 - 2014-09-10 13:02 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion 2014-08-13 08:43 - 2014-08-13 08:43 - 00001271 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-08-13 08:43 - 2014-08-13 08:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-08-13 08:42 - 2014-08-13 08:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe 2014-08-12 09:08 - 2014-08-12 09:11 - 00027551 _____ () C:\Users\user\Downloads\Addition.txt 2014-08-12 09:05 - 2014-09-10 13:02 - 00000000 ____D () C:\FRST 2014-08-12 09:05 - 2014-08-12 09:11 - 00045779 _____ () C:\Users\user\Downloads\FRST.txt 2014-08-12 09:04 - 2014-08-13 08:49 - 01199104 _____ () C:\Users\user\Downloads\FRST64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 13:03 - 2012-12-06 11:44 - 00000000 ____D () C:\ProgramData\Realtek 2014-09-10 13:02 - 2014-08-13 08:49 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion 2014-09-10 13:02 - 2014-08-12 09:05 - 00000000 ____D () C:\FRST 2014-09-10 13:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-10 12:52 - 2012-12-06 11:39 - 01061227 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-10 12:49 - 2013-12-06 17:22 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001UA1cef29f5b894ece.job 2014-09-10 12:36 - 2014-09-10 12:36 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe 2014-09-10 12:36 - 2013-10-11 17:44 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-218488010-109497726-392906908-1001 2014-09-10 12:33 - 2014-09-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-09-10 12:33 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify 2014-09-10 12:32 - 2014-08-22 08:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 12:32 - 2013-10-11 17:38 - 00083209 _____ () C:\Users\user\AppData\Local\BTServer.log 2014-09-10 07:54 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-09-09 15:49 - 2014-08-27 10:16 - 00023314 _____ () C:\Users\user\Desktop\B5 Seminar.odt 2014-09-09 15:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-09-08 15:24 - 2014-02-14 11:12 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify 2014-09-07 18:21 - 2014-09-07 18:21 - 00008650 _____ () C:\Users\user\Desktop\Unbenannt 1.odt 2014-09-06 15:56 - 2014-09-06 15:56 - 00009275 _____ () C:\Users\user\Desktop\b3 Seminar.odt 2014-09-04 09:56 - 2014-09-04 09:56 - 00004090 _____ () C:\Users\user\Desktop\123.txt 2014-09-03 23:53 - 2013-11-04 12:13 - 00002320 _____ () C:\Users\user\Desktop\Google Chrome.lnk 2014-09-03 20:05 - 2014-09-03 20:05 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-03 19:34 - 2012-12-06 20:35 - 00758792 _____ () C:\WINDOWS\system32\perfh007.dat 2014-09-03 19:34 - 2012-12-06 20:35 - 00158188 _____ () C:\WINDOWS\system32\perfc007.dat 2014-09-03 19:34 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-03 19:26 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-03 19:26 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-03 19:23 - 2014-09-03 19:23 - 00000611 _____ () C:\Users\user\Desktop\JRT.txt 2014-09-03 18:45 - 2014-09-03 18:45 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT (1).exe 2014-09-03 18:45 - 2014-08-22 09:44 - 00000000 ____D () C:\AdwCleaner 2014-09-03 18:41 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-09-03 18:40 - 2012-08-01 16:51 - 00073076 _____ () C:\WINDOWS\PFRO.log 2014-09-03 17:23 - 2014-09-03 17:21 - 01370483 _____ () C:\Users\user\Downloads\adwcleaner_3.309.exe 2014-09-03 17:20 - 2014-09-03 17:20 - 00001141 _____ () C:\Users\user\Desktop\mbam.txt.txt 2014-09-03 16:54 - 2014-08-22 08:55 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-03 16:54 - 2014-08-22 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-03 16:54 - 2014-08-22 08:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-03 16:52 - 2014-09-03 16:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-09-01 12:03 - 2014-07-15 14:49 - 00337800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-31 14:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-30 10:49 - 2014-04-01 20:32 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-218488010-109497726-392906908-1001Core1cf4de120ffb11e.job 2014-08-30 10:48 - 2014-08-30 10:48 - 00026102 _____ () C:\Users\user\Desktop\Mietbescheinigung.odt 2014-08-30 10:00 - 2013-10-29 18:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-30 09:55 - 2013-10-29 18:41 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-30 09:38 - 2014-08-30 09:38 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-30 09:38 - 2014-08-30 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-30 09:38 - 2014-08-30 09:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-30 09:38 - 2014-08-30 09:37 - 00000000 ____D () C:\Program Files\iTunes 2014-08-30 09:38 - 2014-08-30 09:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-30 09:37 - 2014-08-30 09:37 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 14:46 - 2014-08-29 14:46 - 00409796 _____ () C:\Users\user\Downloads\message-rfc822-attachment 2014-08-27 09:32 - 2014-08-27 09:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\LibreOffice 2014-08-27 09:31 - 2014-08-27 09:31 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk 2014-08-27 09:31 - 2014-08-27 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3 2014-08-27 09:31 - 2014-08-27 09:20 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-08-27 09:25 - 2014-08-27 09:18 - 223113216 _____ () C:\Users\user\Downloads\LibreOffice_4.3.0_Win_x86.msi 2014-08-27 09:19 - 2014-08-27 09:18 - 07393280 _____ () C:\Users\user\Downloads\LibreOffice_4.3.0_Win_x86_helppack_de.msi 2014-08-24 10:10 - 2014-08-24 10:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-08-23 07:47 - 2014-08-31 14:07 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-22 10:58 - 2013-11-29 13:20 - 00000000 ____D () C:\Program Files\Classic Shell 2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-22 09:57 - 2014-08-22 09:57 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-08-22 09:57 - 2013-11-29 13:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\ClassicShell 2014-08-22 09:39 - 2014-08-22 09:37 - 01364531 _____ () C:\Users\user\Downloads\adwcleaner_3.308.exe 2014-08-22 09:28 - 2014-08-22 09:28 - 00029178 _____ () C:\Users\user\Desktop\mbam.txt 2014-08-22 09:22 - 2012-12-06 11:48 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-08-22 08:54 - 2014-08-22 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 08:51 - 2014-08-22 08:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 10:15 - 2014-07-15 14:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-08-19 10:08 - 2014-08-19 10:08 - 00027501 _____ () C:\ComboFix.txt 2014-08-19 10:08 - 2014-08-19 09:41 - 00000000 ____D () C:\Qoobox 2014-08-19 10:03 - 2014-08-19 09:41 - 00000000 ____D () C:\WINDOWS\erdnt 2014-08-19 10:02 - 2012-07-26 06:26 - 00000215 _____ () C:\WINDOWS\system.ini 2014-08-19 09:40 - 2014-08-19 09:39 - 05572251 ____R () C:\Users\user\Downloads\ComboFix.exe 2014-08-14 18:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-08-13 08:49 - 2014-08-12 09:04 - 01199104 _____ () C:\Users\user\Downloads\FRST64.exe 2014-08-13 08:43 - 2014-08-13 08:43 - 00001271 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-08-13 08:43 - 2014-08-13 08:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-08-13 08:42 - 2014-08-13 08:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe 2014-08-12 09:11 - 2014-08-12 09:08 - 00027551 _____ () C:\Users\user\Downloads\Addition.txt 2014-08-12 09:11 - 2014-08-12 09:05 - 00045779 _____ () C:\Users\user\Downloads\FRST.txt Some content of TEMP: ==================== C:\Users\user\AppData\Local\temp\avgnt.exe C:\Users\user\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 18:31 ==================== End Of Log ============================ ][/CODE] Vielen Dank und liebe Grüße Melina |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
