Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet

Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet


Log-Analyse und Auswertung: Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.09.2014, 22:45   #11
Darkloki
 
Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet - Standard

Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet


So adw Log:

Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 06/09/2014 um 23:18:53
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : wilbet - WILBET-MOBIL
# Gestartet von : C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\File Type Assistant
Ordner Gelöscht : C:\Program Files\FinalMediaPlayer
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\wilbet\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\wilbet\AppData\LocalLow\DataMngr

***** [ Tasks ] *****

Task Gelöscht : ProgramRefresh-ATFST
Task Gelöscht : ProgramUpdateCheck

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\SOFTWARE\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [31804 octets] - [10/10/2013 17:59:38]
AdwCleaner[R1].txt - [932 octets] - [10/10/2013 18:12:12]
AdwCleaner[R2].txt - [7644 octets] - [25/01/2014 13:35:28]
AdwCleaner[S0].txt - [29963 octets] - [10/10/2013 18:04:20]
AdwCleaner[S1].txt - [4384 octets] - [06/09/2014 23:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4444 octets] ##########
und JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by wilbet on 06.09.2014 at 23:23:43,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2305096267-3803267540-2786178057-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F87460D-D3DF-4878-B02C-16F1FBE45B71}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\wilbet\AppData\Roaming\mozilla\firefox\profiles\zy0jvk8q.default-1403376139352\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.09.2014 at 23:27:05,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und das frische FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by wilbet (administrator) on WILBET-MOBIL on 06-09-2014 23:27:52
Running from C:\Users\wilbet\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Conexant) C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Lenovo) C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PM Driver\PMHandler.exe [34352 2007-10-12] (Lenovo)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2701880 2008-07-21] (Conexant)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio)
HKLM\...\Run: [CameraApplicationLauncher] => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2008-10-07] ()
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [458752 2009-03-06] (LENOVO)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-08-07] (Lenovo)
HKLM\...\Run: [ACWlIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-08-07] (Lenovo)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [1904640 2009-05-07] (AVM Berlin)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook
SearchScopes: HKCU - {2C0D2B19-14BA-4274-9C99-D14BBBA408E0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A0FC47B-D436-44F2-966D-3527C3119C02} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {77D9BD89-FB4A-4BA1-A9B5-C01CDD5EE929} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {8C5617BE-4D4C-4FB0-9A4E-EAF13C661457} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {BDBB7E66-E88F-4F58-87F9-9CE89A95E7E2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {E1996CFE-053B-40AC-BB8B-641B52EB7572} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {F538D86D-F658-4EFD-90F9-19262D5AE149} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

FireFox:
========
FF ProfilePath: C:\Users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-11]

Chrome: 
=======
CHR CustomProfile: C:\Users\wilbet\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-05-07] (AVM Berlin) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [522792 2008-08-26] (Broadcom Corporation.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2006-05-24] (Lenovo) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel(R) Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [53325 2008-08-08] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 vToolbarUpdater11.0.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-05-07] (AVM Berlin) [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-08-20] (COMPAL ELECTRONIC INC.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2008-11-15] (Lenovo) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 23:27 - 2014-09-06 23:27 - 00001247 _____ () C:\Users\wilbet\Desktop\JRT.txt
2014-09-06 23:23 - 2014-09-06 23:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 23:14 - 2014-09-06 23:12 - 01370483 _____ () C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
2014-09-06 23:14 - 2014-09-06 23:12 - 01016261 _____ (Thisisu) C:\Users\wilbet\Desktop\JRT.exe
2014-09-06 21:04 - 2014-09-06 21:05 - 00110841 _____ () C:\Users\wilbet\Desktop\TDSS.txt.txt
2014-09-06 21:01 - 2014-09-06 20:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wilbet\Desktop\tdsskiller.exe
2014-09-06 20:33 - 2014-09-06 20:33 - 00012944 _____ () C:\Users\wilbet\Desktop\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:31 - 00012944 _____ () C:\ComboFix.txt
2014-09-06 20:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-06 20:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-06 20:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-06 20:09 - 2014-09-06 20:31 - 00000000 ____D () C:\Qoobox
2014-09-06 20:08 - 2014-09-06 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 20:05 - 2014-09-06 20:02 - 05576440 ____R (Swearware) C:\Users\wilbet\Desktop\ComboFix.exe
2014-09-06 15:48 - 2014-09-06 15:50 - 00000393 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-09-06 12:45 - 2014-09-06 12:45 - 00000000 ____D () C:\Windows\pss
2014-09-05 11:25 - 2014-09-05 11:25 - 00000796 _____ () C:\Windows\setupact.log
2014-09-05 11:25 - 2014-09-05 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 00:22 - 2014-09-05 11:25 - 00002878 _____ () C:\Users\wilbet\Desktop\gmer.log
2014-09-04 23:45 - 2014-09-04 23:57 - 00000000 _____ () C:\Users\wilbet\Desktop\gmer.txt.txt
2014-09-04 11:56 - 2014-09-04 11:56 - 00061752 _____ () C:\Users\wilbet\Desktop\Addition.txt
2014-09-04 11:55 - 2014-09-06 23:27 - 00016567 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:49 - 2014-09-06 23:27 - 00000000 ____D () C:\FRST
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 18:47 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 18:47 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 13:37 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:37 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 13:37 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 11:53 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 11:52 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 11:47 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 11:47 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 11:47 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 11:47 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 11:47 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:47 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 11:46 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 11:46 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 11:46 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 11:46 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 11:46 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 11:46 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 11:46 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 11:46 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 23:28 - 2014-09-04 11:55 - 00016567 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-06 23:27 - 2014-09-06 23:27 - 00001247 _____ () C:\Users\wilbet\Desktop\JRT.txt
2014-09-06 23:27 - 2014-09-04 11:49 - 00000000 ____D () C:\FRST
2014-09-06 23:25 - 2008-11-15 05:22 - 02025258 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 23:23 - 2014-09-06 23:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 23:20 - 2008-01-21 04:47 - 00506286 _____ () C:\Windows\PFRO.log
2014-09-06 23:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 23:20 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 23:20 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 23:19 - 2008-11-15 05:23 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-06 23:19 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-06 23:18 - 2013-10-10 17:59 - 00000000 ____D () C:\AdwCleaner
2014-09-06 23:12 - 2014-09-06 23:14 - 01370483 _____ () C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
2014-09-06 23:12 - 2014-09-06 23:14 - 01016261 _____ (Thisisu) C:\Users\wilbet\Desktop\JRT.exe
2014-09-06 22:53 - 2012-04-10 18:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 21:05 - 2014-09-06 21:04 - 00110841 _____ () C:\Users\wilbet\Desktop\TDSS.txt.txt
2014-09-06 20:59 - 2014-09-06 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wilbet\Desktop\tdsskiller.exe
2014-09-06 20:33 - 2014-09-06 20:33 - 00012944 _____ () C:\Users\wilbet\Desktop\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:31 - 00012944 _____ () C:\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:09 - 00000000 ____D () C:\Qoobox
2014-09-06 20:31 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-09-06 20:31 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-09-06 20:29 - 2014-09-06 20:08 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 20:25 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-09-06 20:23 - 2006-11-02 12:22 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\COMPON~2.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 22282240 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-06 20:02 - 2014-09-06 20:05 - 05576440 ____R (Swearware) C:\Users\wilbet\Desktop\ComboFix.exe
2014-09-06 15:50 - 2014-09-06 15:48 - 00000393 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-09-06 12:48 - 2008-12-25 12:01 - 00000000 ____D () C:\Program Files\Windows Live Toolbar
2014-09-06 12:45 - 2014-09-06 12:45 - 00000000 ____D () C:\Windows\pss
2014-09-05 11:25 - 2014-09-05 11:25 - 00000796 _____ () C:\Windows\setupact.log
2014-09-05 11:25 - 2014-09-05 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 11:25 - 2014-09-05 00:22 - 00002878 _____ () C:\Users\wilbet\Desktop\gmer.log
2014-09-04 23:57 - 2014-09-04 23:45 - 00000000 _____ () C:\Users\wilbet\Desktop\gmer.txt.txt
2014-09-04 12:02 - 2008-04-16 15:45 - 01714928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 11:56 - 2014-09-04 11:56 - 00061752 _____ () C:\Users\wilbet\Desktop\Addition.txt
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-08-31 20:30 - 2009-12-27 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 20:15 - 2008-12-31 17:19 - 00000000 ____D () C:\Users\wilbet\AppData\Roaming\ZoomBrowser EX
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 19:57 - 2006-11-02 14:47 - 00442248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 18:46 - 2008-11-15 05:51 - 00000000 ____D () C:\Program Files\Java
2014-08-23 03:03 - 2014-08-29 18:47 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 18:47 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 17:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 16:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 15:44 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 13:43 - 2012-04-10 18:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 13:43 - 2011-05-22 11:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 11:58 - 2013-08-02 19:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 11:55 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:28 - 2013-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 11:28 - 2012-11-04 16:08 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:28 - 2012-03-13 14:55 - 00000000 ____D () C:\ProgramData\Avira
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:55 - 2008-12-31 17:08 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software
2014-08-10 15:49 - 2008-12-25 12:01 - 00000000 ____D () C:\Users\wilbet

Some content of TEMP:
====================
C:\Users\wilbet\AppData\Local\Temp\avgnt.exe
C:\Users\wilbet\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 23:27

==================== End Of Log ============================
--- --- ---


zu guter Letzt die Additions:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by wilbet at 2014-09-06 23:40:56
Running from C:\Users\wilbet\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.13.00 - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{9EC9754D-CA34-4293-B5DB-3BD245A88A43}) (Version: 1.5.42.1190 - ArcSoft)
ArcSoft MediaImpression 2 (HKLM\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version:  - AVM Berlin)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.52.12 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.27 - Lenovo)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.2.0.5 - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.2.6 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Digital Photo Professional 2.2 (HKLM\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.55.0.0 - Conexant)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version:  - )
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
EDEKA Foto (HKLM\...\EDEKA Foto) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
ERROR:unable to read certificate file (Version: 10.1.177 - Roxio) Hidden
Free YouTube Download version 3.2.2.430 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x86 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1268 - InterVideo Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.5100 - Lenovo.)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.0701.01 - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor 5 für Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.64.0.2 - Lenovo)
PM Driver (Version: 0.64.0.2 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.0.0022.00 - Lenovo Group Limited)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista  (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Ski Racing 2006 (HKLM\...\{97DDA53A-8346-467A-880C-655E847CC7D3}) (Version: 1.0.0 - JoWooD)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0024 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.02 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{AF70B943-5081-4BD8-88F2-75637FD34364}) (Version: 1.1.0026 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Wallpapers (Version:  - ) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2305096267-3803267540-2786178057-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

==================== Restore Points  =========================

31-08-2014 23:38:59 Geplanter Prüfpunkt
06-09-2014 10:47:41 Windows Live Toolbar wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-09-06 20:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {118C03A0-FF22-4216-A12A-0F30148E1645} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - wilbet => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {18D71246-626B-4FB4-9618-F180109F649B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {190A0345-389D-4138-81FE-EBE1256869A4} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {1B7ED24A-DE96-4245-BED5-0E8FF57F4626} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {21B10927-3D62-49FF-9610-10E0DCC9E447} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56FE3F50-EAC8-4D78-A649-51D4BE895C8E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6A7181B8-E69F-4E5C-80A0-3AFC6E2E870F} - System32\Tasks\OpenCandyHelperRunOnceFC1794B1622C4497B86974E008DEBFAF => C:\Users\wilbet\AppData\Roaming\OpenCandy\BBF507B2348E405786A11F859E502354\OCBrowserHelper_1.0.6.125.exe
Task: {6B7736C4-DE16-4C9A-A71D-C3AE0AE2670C} - System32\Tasks\OpenCandyHelperRunOnceC91E86EB5F384596AC5F1DB8B6959092 => C:\Users\wilbet\AppData\Roaming\OpenCandy\0E6BC8CBEFBE43EBA03D248497A47DA6\OCBrowserHelper_1.0.6.125.exe
Task: {8CFB5653-AA90-44F1-AC2E-9F6D39629C14} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A7725A42-AF1B-436F-BA51-6218375112D2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B635F47A-6E1D-4783-8957-71C3E4FCFF4A} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {D83C11A3-3889-4B9C-999E-7C1527BC1EBF} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-04-30 20:13 - 2008-04-30 20:13 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-05-24 17:17 - 2008-05-24 17:17 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-24 17:03 - 2008-05-24 17:03 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2006-05-24 14:33 - 2006-05-24 14:33 - 00024576 ____N () C:\Program Files\Lenovo\PM Driver\PMHlerIO.dll
2008-09-28 19:18 - 2008-09-28 19:18 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2008-11-15 05:49 - 2007-06-18 17:28 - 00056056 ____N () C:\Windows\system32\DLAAPI_W.DLL
2014-09-06 20:28 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\wilbet\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00028672 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00020480 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00024576 ____N () C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00007680 ____N () C:\Program Files\Lenovo\Camera Center\bin\de\LocalizationWrapper.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-12 15:10:24.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 15:10:23.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 15:04:23.691
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 15:04:23.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:58:11.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:58:11.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:57:30.780
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:57:30.302
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:57:24.509
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 14:57:24.064
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3031.65 MB
Available physical RAM: 1866.13 MB
Total Pagefile: 6275.56 MB
Available Pagefile: 4970.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.02 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:286.86 GB) (Free:194.99 GB) NTFS
Drive d: () (Removable) (Total:1.93 GB) (Free:1.71 GB) FAT
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.01 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 34ECC3B1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 824F8352)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)

==================== End Of Log ============================
Loki
__________________
- Niemand ist 100% sicher! -
(User mit gefährlichem Halbwissen)
 

Themen zu Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet
4d36e972-e325-11ce-bfc1-08002be10318, adware, antivirus, bildschirm, canon, converter, dvdvideosoft ltd., email, fehlercode 0x0, flash player, monitor, mozilla, prozess, pup.optional.opencandy.a, registry, required, secure search, siehe titel, software, svchost.exe, system, vtoolbarupdater, win32/elex.s, win32/filetypeassistant.a, win32/toolbar.babylon.c, win32/toolbar.babylon.i, win32/toolbar.conduit, win32/toolbar.montiera.a, win32/toolbar.montiera.b, windows


« Wörter doppelt blau unterstrichen, Java Update Free | Windows lock screen resetet im Sekundentakt, keine Tastatur :headbang: »


Ähnliche Themen: Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet


  1. Vista Home Premium 32: Eingefrorener Bildschirm und unkontrolliertes, spontanes Runterfahren
    Log-Analyse und Auswertung - 20.06.2014 (13)
  2. Win 7 Home Premium 64Bit - Inkasso Email - ZIP Anhang angeklickt
    Log-Analyse und Auswertung - 06.06.2014 (3)
  3. Windows Vista Home Premium lässt sich nicht starten.
    Alles rund um Windows - 02.01.2014 (14)
  4. win32downloader.gen Befall unter Windows Vista Home Premium
    Log-Analyse und Auswertung - 26.09.2013 (15)
  5. Spam Email mit Mahnung, Zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  6. GVU Trojaner 2.07 Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (5)
  7. 100 Tan Abfrage Commerzbank Windows Vista Home Premium 32 Bit, IE 9.0.16
    Log-Analyse und Auswertung - 18.05.2013 (7)
  8. Sicherheitszentrum ausgeschaltet, einschalten nicht möglich - IE9-Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (23)
  9. GVU-Trojaner unter Windows VISTA 32 Bit Home Premium
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (19)
  10. Polizeivirus auf Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (33)
  11. GVU Trojaner 2.07 - Windows Vista Home Premium 32 Bit
    Log-Analyse und Auswertung - 07.10.2012 (6)
  12. GVU-Trojaner unter Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (18)
  13. TR/Medisys.F.10 in C:\Windows\System32 bei MS Vista home Premium
    Log-Analyse und Auswertung - 08.07.2012 (12)
  14. Vista Home Premium friert ein bei Anschluss externer Festplatte
    Alles rund um Windows - 18.02.2012 (0)
  15. Windows XP Pro Systemfestplatte unter Win Vista Home Premium auslesen (sichern)
    Alles rund um Windows - 01.12.2011 (5)
  16. VIRUSS! Windows Vista Home Premium
    Alles rund um Windows - 10.04.2010 (3)
  17. Vista home premium hängt sich auf Bitte dringend um hilfe
    Alles rund um Windows - 02.08.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet - So adw Log: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 06/09/2014 um 23:18:53 # Aktualisiert 02/09/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home - Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet...
Archiv
Du betrachtest: Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19