| |
| |||||||
Log-Analyse und Auswertung: Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.09.2014, 21:52
| #1 |
 |  Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hi@all, ich sitze seit gestern an einem Win8-PC, der infiziert war, es vielleicht sogar noch ist. Meine Frage: Soll der neu aufgesetzt werden oder ist dieser noch zu retten?! Vorab ist mit dem Gerät folgendes, zur Virenentfernung, geschehen: - Kompletter Virenscan mittel Avira Pro unter Windows - Kompletter Virenscan (nur lesend) mittels Desinfec´t und dessen Scannern Avira, Kaspersky und Bitdefender. Anschliessend händische Löschung des Avira- Quarantäne-Ordners 8wurde von mir vergessen) - nochmaliger Scan mittels Desinfec´t, Löschung aller gefundener Dateien aus dem Linux heraus. - Etwaiege Ordner- oder Dateireste wurden dann aus dem laufenden Windows gelöscht. - Kompletter Scan und Löschung aus einer GDATA-Rescue-CD (da gibt es aber keine Logs) - Nochmalige Kontrolle etwaiger Reste (waren auch vorhanden) und löschen selbiger aus Windows. - Deaktivierung der SaveSense-Dienste aus der Windows -Dienstekonsole - Kompletter Scan mittels MBAM (Log folgt). (ich hoffe ich habe nichts vergessen, Reihenfolge sollte aber stimmen) Hier ist der Meta-Scan vom DesinfeC´t Code:
ATTFilter Virenfunde
Avira Bitdefender Kaspersky
Aktion /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ru.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_en-GB.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_es.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/SaveSenseLive.exe
Adware.Agent.NUZ not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_uk.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/psuser.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ms.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/SaveSenseLive.exe
Adware.Agent.NUZ not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_hr.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_lt.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_bn.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_te.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_lv.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_hu.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_am.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_nl.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_de.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_sr.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_zh-TW.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_pl.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ko.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_th.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_et.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/SaveSenseLiveBroker.exe
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_fa.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/npGoogleUpdate3.dll
Adware.Agent.NXV not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_sl.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_no.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_is.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ja.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/SaveSenseLiveHandler.exe
Adware.Agent.NUZ not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_fil.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_pt-PT.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ca.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Users/xxx/AppData/Local/Mobogenie/Version/OldVersion/Mobogenie/nengine.dll
Gen:Variant.Adware.NewNextMe.1
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_id.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Users/xxx/AppData/Roaming/SaveSense/UpdateProc/UpdateTask.exe
not-a-virus:AdWare.Win32.Agent.dujt
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdate.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_iw.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_fi.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_hi.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_mr.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSense/SaveSenseUpdateVer.exe
not-a-virus:AdWare.Win32.DealPly.ag
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_kn.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Users/xxx/AppData/Local/genienext/nengine.dll
Gen:Variant.Adware.NewNextMe.1
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_it.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Users/xxx/AppData/Local/Mobogenie/Version/OldVersion/Mobogenie2.1.36.zip (Mobogenie/nengine.dll)
Gen:Variant.Adware.NewNextMe.1
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_es-419.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_bg.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_gu.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_sv.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_sw.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_da.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_pt-BR.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ml.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ar.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_fr.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ta.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSense/uninst.exe
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ro.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_cs.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Windows/assembly/GAC_32/System.Data.SQLite/1.0.66.0__db937bc2d44ff139/System.Data.SQLite.dll
Adware.Linkury.B
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_sk.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Users/xxx/AppData/Local/Temp/__tmp_1afc9b73
Application.BProtector.F
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_ur.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_zh-CN.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/SaveSenseLiveOnDemand.exe
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_en.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_tr.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_el.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/psmachine.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSense/SaveSenseIE.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen /media/Windows8_OS/Program Files (x86)/SaveSenseLive/Update/1.3.23.0/goopdateres_vi.dll
not-a-virus:AdWare.Win32.Agent.efre
VirusTotal Dateimanager umbenennen Alle gefundenen Dateien mit der Endung .VIRUS versehen
Habe den Usernamen gegen ein xxx getaucht, alles andere ist nicht angefasst worden. Sollten weitere Logs gewünscht oder benötigt sein, so werde ich die ab Morgen erstellen und hochladen, bin jetzt seit gut 12 Stunden beschäftigt, ich geniesse jetzt (m)ein Feierabendbier ;-) Für Tipps und Hilfe bin ich sehr dankbar. Vor allem, ob das System neu aufgesetzt werden sollte. MBAM habe ich nur gestartet und suchen lassen, aber NOCH nichts durch das Programm verändern lassen (es ist aber VOR meinem ersten Schritt ein komplettes Image angelegt worden, ich kann also auf den Ursprung zurück) Danke und Gruß Carsten |
|
27.09.2014, 23:11
| #2 |
| Ruhe in Frieden † 2019     | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Das sieht so erstmal nur nach Adware aus, Funde von Malwarebytes bitte löschen lassen, danach bitte Schritt 1 Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.09.2014, 07:53
| #3 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Guten Morgen Sandra,
__________________vielen Dank schon einmal für deine Hilfe. MBAM habe ich die Funde löschen lassen, hier ist sind die gewünschten Log´s. FSRT: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014 Ran by xxx (administrator) on WOHNZIMMER-PC on 28-09-2014 08:46:39 Running from F:\gb-av\Trojaner-Board\2 Loaded Profile: xxx (Available profiles: xxx) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe (Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Windows\jmesoft\Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe (Lenovo) C:\Program Files\Lenovo\LVT\LJYZ.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13625048 2013-06-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo) HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-14] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-14] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-22] (APN) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications)) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe ",EntryPoint -m l HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [GoogleChromeAutoLaunch_C7EF8EB3EEFCD46A6D6087D714014556] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [Amazon Music] => C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\MountPoints2: {637fdd80-8674-11e3-be7a-48d22448df10} - "E:\USBAutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=U281 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF SearchEngineOrder.1: Mysearchdial FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\user.js FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WEB.DE MailCheck - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar@web.de [2014-09-26] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-21] FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30] CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (WEB.DE MailCheck) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-13] CHR Extension: (Manta Ray) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm [2014-07-21] CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Re-markit) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneogiaeocdgoonnfmifhehajhgphoof [2014-09-04] CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [804944 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-07] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2012-08-08] (AVerMedia) [File not signed] R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25936 2013-03-22] (Microsoft) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed] R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-09] (Advanced Micro Devices, Inc.) R3 AVer7231_x64; C:\Windows\system32\DRIVERS\AVer7231_x64.sys [1873024 2012-06-07] (AVerMedia TECHNOLOGIES, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.) R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.) R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 08:45 - 2014-09-28 08:46 - 00000000 ____D () C:\FRST 2014-09-27 22:52 - 2014-09-27 22:52 - 00000697 _____ () C:\gdbdrem.dat 2014-09-27 22:48 - 2014-09-27 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-27 22:13 - 2014-09-28 08:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-27 22:13 - 2014-09-27 22:13 - 00001089 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-27 22:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-27 22:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-09-27 22:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-27 22:12 - 2014-09-27 22:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-27 19:16 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-09-27 19:16 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-09-27 19:16 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-09-27 19:16 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-09-27 19:16 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-09-27 19:16 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-09-27 19:16 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-09-27 19:15 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-09-27 19:15 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-09-27 19:15 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-09-27 19:15 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-09-27 19:15 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-09-27 19:15 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-09-27 19:15 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-09-27 19:15 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-09-27 19:15 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-09-27 19:15 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-09-27 19:15 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-09-27 19:15 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-09-27 19:15 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-09-27 19:15 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-09-27 19:15 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-09-27 19:15 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-09-27 19:15 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-09-27 19:15 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-09-27 19:15 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-27 19:15 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-09-27 19:15 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-09-27 19:15 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-09-27 19:15 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-09-27 19:15 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-09-27 19:15 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-09-27 19:15 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-09-27 19:15 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-09-27 19:15 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-09-27 19:15 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-09-27 19:15 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-09-27 19:15 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-09-27 19:15 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-09-27 19:15 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-09-27 19:15 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-09-27 19:15 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-09-27 19:15 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-09-27 19:15 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-09-27 19:15 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-09-27 19:15 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-09-27 19:15 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-09-27 19:15 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-09-27 19:15 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-09-27 19:15 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-09-27 19:15 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-09-26 19:50 - 2014-09-26 19:50 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-09-26 17:38 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-09-26 17:38 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-09-26 17:38 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-09-26 17:38 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-09-26 17:38 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-09-26 17:38 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-09-26 17:38 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-09-26 17:38 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-09-26 17:38 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-09-26 17:38 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2014-09-26 17:38 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-09-26 17:38 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll 2014-09-26 17:37 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-09-26 17:37 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-09-26 17:37 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-09-26 17:36 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2014-09-26 17:36 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2014-09-26 17:35 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2014-09-26 17:34 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-09-26 17:27 - 2014-09-26 17:27 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-09-04 19:58 - 2014-09-04 19:58 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-04 18:19 - 2014-09-04 18:19 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-09-04 17:09 - 2014-09-04 17:09 - 00000000 ____D () C:\Users\xxx\Documents\Optimizer Pro ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 08:46 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-28 08:46 - 2013-11-14 09:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2014-09-28 08:46 - 2013-11-14 09:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2014-09-28 08:45 - 2014-01-13 19:28 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-28 08:43 - 2014-05-06 22:49 - 00005164 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WOHNZIMMER-PC-xxx Wohnzimmer-PC 2014-09-28 08:43 - 2013-12-27 23:53 - 00000000 __RDO () C:\Users\xxx\SkyDrive 2014-09-28 08:42 - 2014-01-13 19:27 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-28 08:41 - 2014-07-15 19:25 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\ClassicShell 2014-09-28 08:41 - 2014-07-12 13:07 - 01588328 _____ () C:\WINDOWS\PFRO.log 2014-09-28 08:41 - 2013-12-27 23:29 - 02037850 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-28 08:41 - 2013-12-27 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 08:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-09-28 08:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-28 08:41 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-28 08:40 - 2014-07-31 21:01 - 00000000 ____D () C:\ProgramData\Systweak 2014-09-28 08:40 - 2014-01-07 15:05 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Systweak 2014-09-28 08:40 - 2013-09-27 01:10 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-09-28 08:34 - 2014-01-07 13:50 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2825B5A0-6657-41C5-97B0-00913904FF3D} 2014-09-28 08:33 - 2013-12-27 19:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3251876849-3889825715-3622553512-1001 2014-09-27 23:22 - 2014-07-11 21:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-09-27 23:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-09-27 23:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-09-27 23:02 - 2014-04-06 11:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-27 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-27 22:57 - 2014-01-13 19:27 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-27 22:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-09-27 22:10 - 2014-01-07 14:49 - 00000000 ___RD () C:\Users\xxx\Dropbox 2014-09-27 21:24 - 2013-12-27 19:42 - 00000000 ____D () C:\ldiag 2014-09-27 20:59 - 2014-01-07 14:27 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Dropbox 2014-09-27 19:20 - 2014-07-12 13:07 - 00488320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-27 19:13 - 2014-07-07 00:36 - 00003917 _____ () C:\WINDOWS\setupact.log 2014-09-27 09:11 - 2014-01-09 15:07 - 00000328 _____ () C:\WINDOWS\Tasks\SaveSense.job 2014-09-27 09:07 - 2014-01-09 16:07 - 00000224 _____ () C:\Users\xxx\AppData\Roaming\WB.CFG 2014-09-26 19:25 - 2013-12-27 22:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-26 19:21 - 2013-12-27 22:18 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-26 18:02 - 2014-04-06 11:51 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-09-26 17:38 - 2014-01-07 14:49 - 00001090 _____ () C:\Users\xxx\Desktop\Dropbox.lnk 2014-09-26 17:38 - 2014-01-07 14:28 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-26 17:27 - 2013-12-27 23:19 - 00000000 ____D () C:\Users\xxx 2014-09-04 20:33 - 2013-12-27 23:16 - 00000000 ____D () C:\WINDOWS\VMC412 2014-09-04 20:33 - 2011-01-22 15:01 - 00000000 ____D () C:\Users\xxx\Documents\Mein Steuer-Sparbuch Heute 2014-09-04 20:32 - 2014-07-15 19:25 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-09-04 20:32 - 2014-01-13 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-04 20:32 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-09-04 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2014-09-04 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration 2014-09-04 20:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-09-04 20:25 - 2013-12-27 19:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\Packages 2014-09-02 22:06 - 2014-08-13 16:20 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-09-02 22:06 - 2014-08-13 16:20 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\Lenovo-32146.vbs Some content of TEMP: ==================== C:\Users\xxx\AppData\Local\Temp\avgnt.exe C:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpygaf2b.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 19:18 ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014 Ran by xxx (administrator) on WOHNZIMMER-PC on 28-09-2014 08:46:39 Running from F:\gb-av\Trojaner-Board\2 Loaded Profile: xxx (Available profiles: xxx) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe (Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Windows\jmesoft\Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe (Lenovo) C:\Program Files\Lenovo\LVT\LJYZ.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13625048 2013-06-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo) HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-14] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-14] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-22] (APN) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications)) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe ",EntryPoint -m l HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [GoogleChromeAutoLaunch_C7EF8EB3EEFCD46A6D6087D714014556] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [Amazon Music] => C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\MountPoints2: {637fdd80-8674-11e3-be7a-48d22448df10} - "E:\USBAutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=U281 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF SearchEngineOrder.1: Mysearchdial FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\user.js FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WEB.DE MailCheck - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar@web.de [2014-09-26] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-21] FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30] CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (WEB.DE MailCheck) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-13] CHR Extension: (Manta Ray) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm [2014-07-21] CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Re-markit) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneogiaeocdgoonnfmifhehajhgphoof [2014-09-04] CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [804944 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-07] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2012-08-08] (AVerMedia) [File not signed] R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25936 2013-03-22] (Microsoft) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed] R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-09] (Advanced Micro Devices, Inc.) R3 AVer7231_x64; C:\Windows\system32\DRIVERS\AVer7231_x64.sys [1873024 2012-06-07] (AVerMedia TECHNOLOGIES, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.) R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.) R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 08:45 - 2014-09-28 08:46 - 00000000 ____D () C:\FRST 2014-09-27 22:52 - 2014-09-27 22:52 - 00000697 _____ () C:\gdbdrem.dat 2014-09-27 22:48 - 2014-09-27 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-27 22:13 - 2014-09-28 08:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-27 22:13 - 2014-09-27 22:13 - 00001089 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-27 22:13 - 2014-09-27 22:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-27 22:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-27 22:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-09-27 22:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-27 22:12 - 2014-09-27 22:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-27 19:16 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-09-27 19:16 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-09-27 19:16 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-09-27 19:16 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-09-27 19:16 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-09-27 19:16 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-09-27 19:16 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-09-27 19:15 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-09-27 19:15 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-09-27 19:15 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-09-27 19:15 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-09-27 19:15 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-09-27 19:15 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-09-27 19:15 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-09-27 19:15 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-09-27 19:15 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-09-27 19:15 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-09-27 19:15 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-09-27 19:15 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-09-27 19:15 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-09-27 19:15 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-09-27 19:15 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-09-27 19:15 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-09-27 19:15 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-09-27 19:15 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-09-27 19:15 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-27 19:15 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-09-27 19:15 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-09-27 19:15 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-09-27 19:15 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-09-27 19:15 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-09-27 19:15 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-09-27 19:15 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-09-27 19:15 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-09-27 19:15 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-09-27 19:15 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-09-27 19:15 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-09-27 19:15 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-09-27 19:15 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-09-27 19:15 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-09-27 19:15 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-09-27 19:15 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-09-27 19:15 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-09-27 19:15 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-09-27 19:15 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-09-27 19:15 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-09-27 19:15 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-09-27 19:15 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-09-27 19:15 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-09-27 19:15 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-09-27 19:15 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-09-26 19:50 - 2014-09-26 19:50 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-09-26 17:38 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-09-26 17:38 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-09-26 17:38 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-09-26 17:38 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-09-26 17:38 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-09-26 17:38 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-09-26 17:38 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-09-26 17:38 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-09-26 17:38 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-09-26 17:38 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2014-09-26 17:38 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-09-26 17:38 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll 2014-09-26 17:37 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-09-26 17:37 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-09-26 17:37 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-09-26 17:36 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2014-09-26 17:36 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2014-09-26 17:35 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2014-09-26 17:34 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-09-26 17:27 - 2014-09-26 17:27 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-09-04 19:58 - 2014-09-04 19:58 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-04 18:19 - 2014-09-04 18:19 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-09-04 17:09 - 2014-09-04 17:09 - 00000000 ____D () C:\Users\xxx\Documents\Optimizer Pro ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 08:46 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-28 08:46 - 2013-11-14 09:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2014-09-28 08:46 - 2013-11-14 09:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2014-09-28 08:45 - 2014-01-13 19:28 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-28 08:43 - 2014-05-06 22:49 - 00005164 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WOHNZIMMER-PC-xxx Wohnzimmer-PC 2014-09-28 08:43 - 2013-12-27 23:53 - 00000000 __RDO () C:\Users\xxx\SkyDrive 2014-09-28 08:42 - 2014-01-13 19:27 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-28 08:41 - 2014-07-15 19:25 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\ClassicShell 2014-09-28 08:41 - 2014-07-12 13:07 - 01588328 _____ () C:\WINDOWS\PFRO.log 2014-09-28 08:41 - 2013-12-27 23:29 - 02037850 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-28 08:41 - 2013-12-27 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 08:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-09-28 08:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-28 08:41 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-28 08:40 - 2014-07-31 21:01 - 00000000 ____D () C:\ProgramData\Systweak 2014-09-28 08:40 - 2014-01-07 15:05 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Systweak 2014-09-28 08:40 - 2013-09-27 01:10 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-09-28 08:34 - 2014-01-07 13:50 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2825B5A0-6657-41C5-97B0-00913904FF3D} 2014-09-28 08:33 - 2013-12-27 19:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3251876849-3889825715-3622553512-1001 2014-09-27 23:22 - 2014-07-11 21:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-09-27 23:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-09-27 23:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-09-27 23:02 - 2014-04-06 11:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-27 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-27 22:57 - 2014-01-13 19:27 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-27 22:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-09-27 22:10 - 2014-01-07 14:49 - 00000000 ___RD () C:\Users\xxx\Dropbox 2014-09-27 21:24 - 2013-12-27 19:42 - 00000000 ____D () C:\ldiag 2014-09-27 20:59 - 2014-01-07 14:27 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Dropbox 2014-09-27 19:20 - 2014-07-12 13:07 - 00488320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-27 19:13 - 2014-07-07 00:36 - 00003917 _____ () C:\WINDOWS\setupact.log 2014-09-27 09:11 - 2014-01-09 15:07 - 00000328 _____ () C:\WINDOWS\Tasks\SaveSense.job 2014-09-27 09:07 - 2014-01-09 16:07 - 00000224 _____ () C:\Users\xxx\AppData\Roaming\WB.CFG 2014-09-26 19:25 - 2013-12-27 22:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-26 19:21 - 2013-12-27 22:18 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-26 18:02 - 2014-04-06 11:51 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-09-26 17:38 - 2014-01-07 14:49 - 00001090 _____ () C:\Users\xxx\Desktop\Dropbox.lnk 2014-09-26 17:38 - 2014-01-07 14:28 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-26 17:27 - 2013-12-27 23:19 - 00000000 ____D () C:\Users\xxx 2014-09-04 20:33 - 2013-12-27 23:16 - 00000000 ____D () C:\WINDOWS\VMC412 2014-09-04 20:33 - 2011-01-22 15:01 - 00000000 ____D () C:\Users\xxx\Documents\Mein Steuer-Sparbuch Heute 2014-09-04 20:32 - 2014-07-15 19:25 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-09-04 20:32 - 2014-01-13 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-04 20:32 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-09-04 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2014-09-04 20:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration 2014-09-04 20:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-09-04 20:25 - 2013-12-27 19:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\Packages 2014-09-02 22:06 - 2014-08-13 16:20 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-09-02 22:06 - 2014-08-13 16:20 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\Lenovo-32146.vbs Some content of TEMP: ==================== C:\Users\xxx\AppData\Local\Temp\avgnt.exe C:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpygaf2b.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 19:18 ==================== End Of Log ============================ |
|
28.09.2014, 07:54
| #4 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Sorry für den Doppelpost der FSRT.TXT-Datei ;-( Hier kommt jetzt die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by xxx at 2014-09-28 08:47:18
Running from F:\gb-av\Trojaner-Board\2
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{8A7A4673-CB99-40B2-8699-FF46DFD05473}) (Version: 1.0.3 - Amazon)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.10.100.30619 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5C355384-9190-A2B9-160F-76EACD5EE9B7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVerMedia H339 Hybrid Analog/DVBT 2.2.64.80 (HKLM-x32\...\AVerMedia H339 Hybrid Analog/DVBT) (Version: 2.2.64.80 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1002}) (Version: 12.16.2.2041 - APN, LLC)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Catalyst Control Center InstallProxy (x32 Version: 2013.0619.1032.17041 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0619.1032.17041 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0619.1032.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0619.1031.17041 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0619.1032.17041 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0423 - Lenovo)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
ENE CIR Receiver Driver (HKLM\...\499D28A6DE62D62632A46275B1853F0EEE08DADB) (Version: 4.3.0.0 - ENE)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0604 - lenovo)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{AD741B21-068E-413B-89C6-C4E03FD3CDE2}) (Version: 5.0.013.0128 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.28 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.13 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.50250 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3614 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
OEM Application Profile (HKLM-x32\...\{AEBCFD63-63CC-04F9-1AA4-F76874E1A0AB}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TriDef 3D (IdeaCentre) 1.2.2 (HKLM-x32\...\experience-lenovo-b520-bundle) (Version: 1.2.2 - Dynamic Digital Depth Australia Pty Ltd)
VistaPrint Electronic Business Card (HKLM-x32\...\{253FCC55-E03D-40D4-A407-3470BE4101C0}) (Version: 1.00.0000 - VistaPrint)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{D01487C0-514A-41FF-B62A-6CF7E6EAA907}) (Version: 21.06.8612 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-09-2014 17:19:06 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {063B55C4-3C1C-4235-9A25-3DD340DD45FB} - \ASP No Task File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1D5932D9-3367-40CC-A655-D5B34169943F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {1DC81EF2-DFC3-4CED-8480-D2BB960BDAF7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {280D44B7-FE7B-4D6B-A16B-7C28BFFE99B9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {29BF0769-D1AC-4D14-980F-796E23FF7B7F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-06] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CFF67F6-375C-42D3-BDC2-8B9DF70C4CC6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37BE2833-566B-4B12-8B99-C8D797785FE4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42D5295F-9F01-4D9B-B7C9-32CE26ED29D2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-26] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EADBA50-7159-4B72-98D0-97267E1EC931} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5AFC1E99-3D5F-42B5-B333-788F3A0E96EC} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-25] (Microsoft Corporation)
Task: {5B5D7044-3AD4-4BCD-BD7B-77120BDB8269} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {6A878CD8-2373-457C-98F1-8345FC2A0ACB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3251876849-3889825715-3622553512-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EE51F04-6F43-447B-AAA1-1F3C2BE870CD} - System32\Tasks\Lenovo\Lenovo-32146 => C:\ProgramData\Lenovo-32146.vbs [2013-09-27] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7444DD03-4159-4B10-A343-CC4F46681598} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {808FA53B-B57F-4022-9DA9-47909CB08F20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {829423C5-F8F5-45E8-8ABB-E9C143C9358C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {833A3D56-28E5-4BA5-A1F2-6E930B6628AC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-12-14] (CyberLink)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9450B3AC-6745-45B9-A928-2605380EB81A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WOHNZIMMER-PC-xxx Wohnzimmer-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-06] (Microsoft Corporation)
Task: {9A7CC537-8CF0-4903-8E7A-D81144760FBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6E0AA14-C1D4-4451-B217-44F4BB597F4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {B6DBF3D8-2C56-4A59-897E-470BBF450C2F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {C7C6C265-F9B0-44F7-A155-A96278C23FF5} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {CD9EE746-61BB-4D59-A78C-AC402B328498} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7319277-8773-4984-A13F-9DDC78EE4659} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDAEB497-4677-4E6D-B941-1E7573D4296F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {E49EE795-BD8A-4C2C-93A6-601166C99F79} - \SaveSense No Task File <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\xxx\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-01-08 19:36 - 2006-02-23 13:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2014-01-08 19:36 - 2006-02-22 12:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-09-27 01:13 - 2011-04-01 08:52 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-05-06 22:36 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-27 23:04 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-09-27 00:52 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-06-28 06:02 - 2013-06-28 06:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 06:07 - 2013-06-28 06:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-08-03 21:53 - 2014-07-22 22:46 - 03356480 _____ () C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-09-27 01:13 - 2012-09-04 09:22 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2013-11-14 09:15 - 2013-11-14 09:15 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd
2014-06-08 14:29 - 2014-06-08 14:29 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll
2014-04-25 21:28 - 2014-04-25 21:28 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-04-25 21:28 - 2014-04-25 21:28 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\d1c5274ccd6fb2b4b5dbddd0f0ca6c6e\Windows.System.ni.dll
2014-04-25 21:28 - 2014-04-25 21:28 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\ba65f033632f4fc480cc45bc72bf25e4\Windows.Storage.ni.dll
2014-04-25 21:28 - 2014-04-25 21:28 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\43b92b6dbc9eb61983817ea32346d510\Windows.ApplicationModel.ni.dll
2014-04-25 21:28 - 2014-04-25 21:28 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2014-07-23 17:45 - 2014-07-23 17:45 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd
2014-06-08 14:29 - 2014-06-08 14:29 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\00ce12e0481a881d419350afd79395ef\Windows.Security.ni.dll
2014-02-18 12:47 - 2014-02-18 12:47 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\SqliteWrapper.winmd
2014-04-25 21:28 - 2014-04-25 21:28 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f6e236cd6041c81411f85852722670b\Windows.Networking.ni.dll
2014-02-18 12:47 - 2014-02-18 12:47 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2013-11-14 09:15 - 2013-11-14 09:15 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\Sqlite3.dll
2014-06-08 14:29 - 2014-06-08 14:29 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2014-06-08 14:29 - 2014-06-08 14:29 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\6e0851f140b7f4407968add9bcebb667\Windows.Web.ni.dll
2014-07-23 17:45 - 2014-07-23 17:45 - 00069624 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\HNF.Utilities.winmd
2014-07-23 17:45 - 2014-07-23 17:45 - 00907760 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\HealthVault.winmd
2014-04-25 21:28 - 2014-04-25 21:28 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\d07f690ce5d3a2de7c9089a6200d64db\Windows.Data.ni.dll
2014-07-23 17:45 - 2014-07-23 17:45 - 00088568 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\HNF.HealthVaultClient.winmd
2014-07-23 17:45 - 2014-07-23 17:45 - 00211448 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\HealthVault.Foundation.DLL
2014-06-08 14:29 - 2014-06-08 14:29 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-27 01:13 - 2012-06-09 12:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2014-05-06 22:38 - 2014-05-06 22:38 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-26 17:31 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-26 17:31 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-26 17:31 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-26 17:32 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-26 17:31 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-05-06 22:38 - 2014-05-06 22:45 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-09-27 00:41 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-27 22:48 - 2014-09-27 22:48 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\xxx\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "Lenovo Eye Distance System"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "NextLive"
HKCU\...\StartupApproved\Run: => "TomTomHOME.exe"
HKCU\...\StartupApproved\Run: => "MyDriveConnect.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3251876849-3889825715-3622553512-500 - Administrator - Disabled)
Gast (S-1-5-21-3251876849-3889825715-3622553512-501 - Limited - Enabled)
xxx (S-1-5-21-3251876849-3889825715-3622553512-1001 - Administrator - Enabled) => C:\Users\xxx
HomeGroupUser$ (S-1-5-21-3251876849-3889825715-3622553512-1009 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/28/2014 08:43:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER-PC)
Description: Bei der Aktivierung der App „Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2014 08:43:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1570
Startzeit: 01cfdae77b7429eb
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: c4bd2e7b-46da-11e4-bea7-208984ff3a49
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexHealthAndFitness
Error: (09/28/2014 08:43:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: WOHNZIMMER-PC)
Description: Die App „Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe+AppexHealthAndFitness“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (09/27/2014 10:57:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (09/27/2014 09:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (09/27/2014 09:02:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 159c
Startzeit: 01cfda847d61f64b
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: c4e1dcc2-4678-11e4-bea4-208984ff3a49
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (09/27/2014 08:57:06 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (09/27/2014 08:53:52 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (09/27/2014 09:03:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 135c
Startzeit: 01cfda2007731998
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 52278a62-4614-11e4-bea0-208984ff3a49
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (09/27/2014 08:59:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
System errors:
=============
Error: (09/28/2014 08:44:42 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Wohnzimmer-PCxxxS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbweS-1-15-2-1138804039-612586356-661925973-101396967-3526483782-2490177615-3594119953
Error: (09/28/2014 08:43:46 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Wohnzimmer-PCxxxS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbweS-1-15-2-1138804039-612586356-661925973-101396967-3526483782-2490177615-3594119953
Error: (09/27/2014 09:11:08 AM) (Source: DCOM) (EventID: 10010) (User: WOHNZIMMER-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (09/27/2014 09:11:08 AM) (Source: DCOM) (EventID: 10010) (User: WOHNZIMMER-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (09/27/2014 09:11:08 AM) (Source: DCOM) (EventID: 10010) (User: WOHNZIMMER-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (09/27/2014 08:53:20 AM) (Source: DCOM) (EventID: 10010) (User: WOHNZIMMER-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/26/2014 08:01:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Autom. Setup von Geräten, die mit dem Netzwerk verbunden sind" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/26/2014 08:01:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "NcdAutoSetup" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/26/2014 08:01:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1069
Error: (09/26/2014 08:01:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (09/28/2014 08:43:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER-PC)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927142
Error: (09/28/2014 08:43:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031157001cfdae77b7429eb4294967295C:\WINDOWS\system32\wwahost.exec4bd2e7b-46da-11e4-bea7-208984ff3a49Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbweAppexHealthAndFitness
Error: (09/28/2014 08:43:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: WOHNZIMMER-PC)
Description: Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe+AppexHealthAndFitness
Error: (09/27/2014 10:57:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/27/2014 09:57:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/27/2014 09:02:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384159c01cfda847d61f64b4294967295C:\WINDOWS\system32\backgroundTaskHost.exec4e1dcc2-4678-11e4-bea4-208984ff3a49C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp
Error: (09/27/2014 08:57:06 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/27/2014 08:53:52 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (09/27/2014 09:03:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384135c01cfda20077319984294967295C:\WINDOWS\system32\backgroundTaskHost.exe52278a62-4614-11e4-bea0-208984ff3a49C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp
Error: (09/27/2014 08:59:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342512b801cfda209733908dC:\Users\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlld5cc25b2-4613-11e4-bea0-208984ff3a49
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 28%
Total physical RAM: 8092.34 MB
Available physical RAM: 5774.99 MB
Total Pagefile: 9372.34 MB
Available Pagefile: 6555.06 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:926.36 GB) (Free:864.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Volume) (Fixed) (Total:910.05 GB) (Free:684.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 4A4E95B6)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gruß Carsten |
|
29.09.2014, 23:06
| #5 |
| Ruhe in Frieden † 2019 | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hallo, danke  Wie verhält sich der Rechner denn momentan? Bitte für diesen Fix den Usernamen in die anonymisierten Stellen wieder einfügen Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Mysearchdial
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-21]
CHR Extension: (Re-markit) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneogiaeocdgoonnfmifhehajhgphoof [2014-09-04]
Task: {063B55C4-3C1C-4235-9A25-3DD340DD45FB} - \ASP No Task File <==== ATTENTION
Task: {E49EE795-BD8A-4C2C-93A6-601166C99F79} - \SaveSense No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\xxx\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
C:\Users\xxx\AppData\Roaming\savesense
C:\Program Files (x86)\AskPartnerNetwork\
C:\ProgramData\Systweak
C:\Users\xxx\AppData\Roaming\Systweak
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
30.09.2014, 10:42
| #6 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hi Bootsektor, habe dir eine pn geschickt. Gruß Carsten |
|
03.11.2014, 16:49
| #8 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hallo Sandra, hier ist zunächst die Datei Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Gebhard at 2014-11-03 15:27:42 Run:1
Running from F:\gb-av\Trojaner-Board\2
Loaded Profile: Gebhard (Available profiles: Gebhard)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Mysearchdial
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-21]
CHR Extension: (Re-markit) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneogiaeocdgoonnfmifhehajhgphoof [2014-09-04]
Task: {063B55C4-3C1C-4235-9A25-3DD340DD45FB} - \ASP No Task File <==== ATTENTION
Task: {E49EE795-BD8A-4C2C-93A6-601166C99F79} - \SaveSense No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\Gebhard\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
C:\Users\Gebhard\AppData\Roaming\savesense
C:\Program Files (x86)\AskPartnerNetwork\
C:\ProgramData\Systweak
C:\Users\Gebhard\AppData\Roaming\Systweak
*****************
[1776] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => Process closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{41564952-412D-5637-4300-7A786E7484D7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-4300-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-4300-7A786E7484D7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{41564952-412D-5637-4300-7A786E7484D7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-4300-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}" => Key not found.
Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi not found.
C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneogiaeocdgoonnfmifhehajhgphoof => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{063B55C4-3C1C-4235-9A25-3DD340DD45FB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E49EE795-BD8A-4C2C-93A6-601166C99F79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49EE795-BD8A-4C2C-93A6-601166C99F79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense" => Key deleted successfully.
C:\WINDOWS\Tasks\SaveSense.job => Moved successfully.
APNMCP => Service deleted successfully.
"C:\Users\Gebhard\AppData\Roaming\savesense" => File/Directory not found.
C:\Program Files (x86)\AskPartnerNetwork => Moved successfully.
C:\ProgramData\Systweak => Moved successfully.
C:\Users\Gebhard\AppData\Roaming\Systweak => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\AspManager.exe Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\ASPUninstall.exe Win32/Systweak.K evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\filetypehelper.exe Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\scandll.dll Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\firefox.com MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\Users\Gebhard\Documents\Eigene Dokumente\synchred.exe Win32/DownWare.W evtl. unerwünschte Anwendung
C:\Users\Gebhard\Downloads\rcpsp_310706592166624156.exe Win32/Systweak.D evtl. unerwünschte Anwendung
C:\Users\Gebhard\Downloads\RegistryReviverSetup.exe Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung
C:\Users\Gebhard\Downloads\slow-pcfighter_Web.exe Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung
C:\Users\Gebhard\Downloads\speedupmypc.exe Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Gebhard\Downloads\WinMaximizer.exe Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung
F:\download_audiograbber.exe Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung
Arbeitsspeicher Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8678d36548e7f948989c1439e835429c
# engine=20906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-03 03:27:22
# local_time=2014-11-03 04:27:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 14921446 23354763 0 0
# scanned=231816
# found=19
# cleaned=0
# scan_time=3035
sh=2671548167495E39329843E5DD8CF0B173859219 ft=1 fh=9bf2e40bfdf54f72 vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe"
sh=7ADCD80E14C3E7A47BF8C8C2F0ADA286F5B4C16E ft=1 fh=e62981ea7f9835cd vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\AspManager.exe"
sh=95AABFBC3A7FCEA51179B455FBDD5B7B4888C6EC ft=1 fh=567a33047db71482 vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\ASPUninstall.exe"
sh=F6B59E152671D8D099CC661E16A8DA5B338A0686 ft=1 fh=3d8f0c47870fbd98 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\filetypehelper.exe"
sh=DB4023A8DFB2D12D61356A0126B2FB0C36C99645 ft=1 fh=708bce69133986f1 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\scandll.dll"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\firefox.com"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe"
sh=6F47AD2D03CECFAC7E0EE7187CDD35380830F6B4 ft=1 fh=fd19285fc29de9d2 vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Documents\Eigene Dokumente\synchred.exe"
sh=7112B723E27B90986B5584A4FCF584B22D68EAE4 ft=1 fh=85d5090a6d52f7b9 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Downloads\rcpsp_310706592166624156.exe"
sh=CBAB031B3935A09A20845C238EC54F5475D6A89B ft=1 fh=f86cce18bc0d2819 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Downloads\RegistryReviverSetup.exe"
sh=A9AF041B7E158A2CDE30EBC7D120933A390E900F ft=1 fh=dbb0d1cc0ca58397 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Downloads\slow-pcfighter_Web.exe"
sh=A0E953B175660BB0E341115172BDCB21C15289A4 ft=1 fh=b7b4a2d946e52c1a vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Downloads\speedupmypc.exe"
sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gebhard\Downloads\WinMaximizer.exe"
sh=EAC53C6D0C4279E1EBCA7EF1B6FCCD9B801FB460 ft=1 fh=61932db1226dae80 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="F:\download_audiograbber.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Gebhard (administrator) on WOHNZIMMER-PC on 03-11-2014 16:39:04
Running from F:\gb-av\Trojaner-Board\2
Loaded Profile: Gebhard (Available profiles: Gebhard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Systweak) C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\Gebhard\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Users\Gebhard\AppData\Roaming\InetStat\inetstat.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13625048 2013-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-14] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe ",EntryPoint -m l
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [GoogleChromeAutoLaunch_C7EF8EB3EEFCD46A6D6087D714014556] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [Amazon Music] => C:\Users\Gebhard\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\Run: [InetStat] => C:\Users\Gebhard\AppData\Roaming\InetStat\inetstat.exe [700430 2014-10-03] ()
HKU\S-1-5-21-3251876849-3889825715-3622553512-1001\...\MountPoints2: {637fdd80-8674-11e3-be7a-48d22448df10} - "E:\USBAutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=U281
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {FF6AF8F3-C43F-40D7-A928-9BDE4DD8EC57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF user.js: detected! => C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\user.js
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar@web.de [2014-09-26]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-20]
FF Extension: Adblock Plus - C:\Users\Gebhard\AppData\Roaming\Mozilla\Firefox\Profiles\4tyr232n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U281
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U281", "hxxp://www.istartsurf.com/?type=hp&ts=1409843327&from=tugs&uid=ST2000DM001-1CH164_W1E4SLT9XXXXW1E4SLT9"
CHR DefaultSearchKeyword: Default -> bing.com_
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U281DF&PC=U281&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U281DF&PC=U281
CHR Profile: C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (Google-Suche) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-13]
CHR Extension: (Manta Ray) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (Google Mail) - C:\Users\Gebhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2012-08-08] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25936 2013-03-21] (Microsoft) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-09] (Advanced Micro Devices, Inc.)
R3 AVer7231_x64; C:\Windows\system32\DRIVERS\AVer7231_x64.sys [1873024 2012-06-07] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 15:26 - 2014-11-03 15:26 - 00001751 _____ () C:\Users\Gebhard\Desktop\Fixlist.txt
2014-10-28 13:29 - 2014-10-28 13:30 - 00034544 _____ () C:\Users\Gebhard\Documents\adressen_Fritz.csv
2014-10-28 11:42 - 2014-10-28 11:43 - 00000000 ____D () C:\Users\Gebhard\Downloads\Anruflisten Fritz
2014-10-22 15:26 - 2014-10-22 15:26 - 16327512 _____ (Geek Software GmbH ) C:\Users\Gebhard\Downloads\pdf24-creator-6.8.0.exe
2014-10-22 15:26 - 2014-10-22 15:26 - 00001066 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-10-22 15:26 - 2014-10-22 15:26 - 00001046 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-10-22 15:26 - 2014-10-22 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-10-22 15:26 - 2014-10-22 15:26 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-10-17 08:45 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 08:44 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 08:44 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 08:44 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 08:44 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 08:44 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 08:44 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 08:44 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 08:44 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 08:44 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 08:44 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 08:44 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 08:44 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 08:44 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 08:44 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 08:44 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 08:44 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 08:44 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-17 08:43 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-17 08:43 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-17 08:43 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 08:43 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 08:43 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 08:43 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 08:43 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 08:43 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 08:43 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 08:43 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 08:43 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 08:43 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 08:43 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 08:43 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 08:43 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 08:43 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 08:43 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-17 08:43 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 08:43 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 08:43 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 08:43 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 08:43 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 08:43 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 08:43 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 08:43 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 08:43 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 08:43 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 08:43 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 08:43 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 08:43 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 08:43 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 08:43 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 08:43 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 08:43 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 08:43 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 08:43 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 08:43 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 08:43 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 08:43 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 08:43 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-17 08:43 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-17 08:43 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-17 08:43 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-17 08:43 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-17 08:43 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-17 08:43 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-17 08:43 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-17 08:43 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-17 08:43 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-17 08:43 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-17 08:43 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-17 08:43 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-17 08:43 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-17 08:43 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-17 08:43 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-17 08:43 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-17 08:43 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-17 08:43 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-17 08:43 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-17 08:43 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-17 08:43 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-17 08:43 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:43 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-17 08:43 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-17 08:43 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-17 08:43 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:43 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-17 08:43 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-17 08:43 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-17 08:43 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 08:43 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-17 08:43 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-17 08:43 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-17 08:43 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-17 08:43 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 08:43 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-17 08:43 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-16 15:25 - 2014-10-16 19:27 - 00011368 _____ () C:\Users\Gebhard\Documents\Regelmässige Zahlungen.xlsx
2014-10-08 21:19 - 2014-10-08 21:19 - 00031775 _____ () C:\Users\Gebhard\Documents\Einladung.odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 16:39 - 2014-09-28 07:45 - 00000000 ____D () C:\FRST
2014-11-03 16:03 - 2014-01-13 18:27 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 16:02 - 2014-04-06 10:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-03 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-03 15:41 - 2013-12-27 22:29 - 01246386 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-03 15:35 - 2014-07-15 18:25 - 00000000 ____D () C:\Users\Gebhard\AppData\Roaming\ClassicShell
2014-11-03 11:55 - 2013-12-27 18:39 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3251876849-3889825715-3622553512-1001
2014-11-03 11:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-03 11:07 - 2014-05-06 21:49 - 00005164 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WOHNZIMMER-PC-Gebhard Wohnzimmer-PC
2014-11-03 11:02 - 2014-01-07 12:50 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2825B5A0-6657-41C5-97B0-00913904FF3D}
2014-11-03 10:57 - 2014-10-03 15:14 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
2014-11-03 10:57 - 2013-12-27 22:53 - 00000000 ___DO () C:\Users\Gebhard\SkyDrive
2014-11-03 10:55 - 2014-01-13 18:27 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 10:55 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-02 23:31 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 20:17 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 20:17 - 2013-11-14 08:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-02 20:17 - 2013-11-14 08:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-28 23:03 - 2014-01-13 18:28 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 22:47 - 2009-08-27 14:26 - 00000000 ____D () C:\Users\Gebhard\Documents\Jewel Master - Cradle Of Rome
2014-10-25 23:15 - 2014-01-07 13:49 - 00000000 ___RD () C:\Users\Gebhard\Dropbox
2014-10-25 15:45 - 2014-01-07 13:27 - 00000000 ____D () C:\Users\Gebhard\AppData\Roaming\Dropbox
2014-10-23 19:57 - 2014-01-13 18:27 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 19:57 - 2014-01-13 18:27 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 15:36 - 2010-05-29 20:07 - 00000000 ___RD () C:\Users\Gebhard\Documents\Eigene Dokumente
2014-10-22 09:10 - 2013-12-27 21:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-22 09:06 - 2013-12-27 21:18 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-18 07:39 - 2014-07-12 12:07 - 01595366 _____ () C:\WINDOWS\PFRO.log
2014-10-17 15:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-17 14:48 - 2014-07-12 12:07 - 00488352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 09:09 - 2014-07-11 20:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-17 09:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 09:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-17 09:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-17 09:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-17 09:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-17 08:52 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 19:53 - 2014-01-12 00:41 - 00000000 ____D () C:\Users\Gebhard\AppData\Local\FRITZ!
2014-10-08 21:35 - 2013-12-27 18:30 - 00000000 ____D () C:\Users\Gebhard\AppData\Local\Packages
2014-10-08 14:27 - 2014-06-21 16:12 - 00000592 _____ () C:\WINDOWS\wiso.ini
2014-10-05 17:43 - 2014-09-28 15:51 - 00000000 ____D () C:\Users\Gebhard\AppData\Roaming\HpUpdate
Files to move or delete:
====================
C:\ProgramData\Lenovo-32146.vbs
Some content of TEMP:
====================
C:\Users\Gebhard\AppData\Local\Temp\avgnt.exe
C:\Users\Gebhard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7czsav.dll
C:\Users\Gebhard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvbgwea.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-03 11:18
==================== End Of Log ============================
--- --- --- und das zweite Additions.txt-Log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Gebhard at 2014-11-03 16:39:46
Running from F:\gb-av\Trojaner-Board\2
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.13727 - Systweak Software) <==== ATTENTION
Amazon 1Button App (HKLM-x32\...\{8A7A4673-CB99-40B2-8699-FF46DFD05473}) (Version: 1.0.3 - Amazon)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5C355384-9190-A2B9-160F-76EACD5EE9B7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVerMedia H339 Hybrid Analog/DVBT 2.2.64.80 (HKLM-x32\...\AVerMedia H339 Hybrid Analog/DVBT) (Version: 2.2.64.80 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1200}) (Version: 12.18.0.3052 - APN, LLC)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0423 - Lenovo)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
ENE CIR Receiver Driver (HKLM\...\499D28A6DE62D62632A46275B1853F0EEE08DADB) (Version: 4.3.0.0 - ENE)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0604 - lenovo)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{AD741B21-068E-413B-89C6-C4E03FD3CDE2}) (Version: 5.0.013.0128 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{EF3293DE-FCAC-4742-91BF-AD0174143FC3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.28 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.13 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.50250 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3614 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
OEM Application Profile (HKLM-x32\...\{AEBCFD63-63CC-04F9-1AA4-F76874E1A0AB}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{7ABE6772-4A13-47F7-A09A-1D4CCB5981D9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TriDef 3D (IdeaCentre) 1.2.2 (HKLM-x32\...\experience-lenovo-b520-bundle) (Version: 1.2.2 - Dynamic Digital Depth Australia Pty Ltd)
VistaPrint Electronic Business Card (HKLM-x32\...\{253FCC55-E03D-40D4-A407-3470BE4101C0}) (Version: 1.00.0000 - VistaPrint)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{D01487C0-514A-41FF-B62A-6CF7E6EAA907}) (Version: 21.06.8612 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gebhard\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3251876849-3889825715-3622553512-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gebhard\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-10-2014 18:39:36 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1D5932D9-3367-40CC-A655-D5B34169943F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {1DC81EF2-DFC3-4CED-8480-D2BB960BDAF7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {1E161429-6138-4D0D-8F7F-69FC6BFFEB10} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-06] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {280D44B7-FE7B-4D6B-A16B-7C28BFFE99B9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CFF67F6-375C-42D3-BDC2-8B9DF70C4CC6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37BE2833-566B-4B12-8B99-C8D797785FE4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4024A3E9-58DB-454C-A1C9-F8E668CB67F9} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-08-25] (Systweak) <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EADBA50-7159-4B72-98D0-97267E1EC931} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5AFC1E99-3D5F-42B5-B333-788F3A0E96EC} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-25] (Microsoft Corporation)
Task: {5B5D7044-3AD4-4BCD-BD7B-77120BDB8269} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {6A878CD8-2373-457C-98F1-8345FC2A0ACB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3251876849-3889825715-3622553512-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EE51F04-6F43-447B-AAA1-1F3C2BE870CD} - System32\Tasks\Lenovo\Lenovo-32146 => C:\ProgramData\Lenovo-32146.vbs [2013-09-26] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7444DD03-4159-4B10-A343-CC4F46681598} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CD6CAEE-F245-489E-AF38-24230115CA7A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {808FA53B-B57F-4022-9DA9-47909CB08F20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {829423C5-F8F5-45E8-8ABB-E9C143C9358C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {833A3D56-28E5-4BA5-A1F2-6E930B6628AC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-12-14] (CyberLink)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9450B3AC-6745-45B9-A928-2605380EB81A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WOHNZIMMER-PC-Gebhard Wohnzimmer-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-06] (Microsoft Corporation)
Task: {9A7CC537-8CF0-4903-8E7A-D81144760FBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {9F70A4FE-9B23-47B8-B6A3-B31B0E7AD4BA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6E0AA14-C1D4-4451-B217-44F4BB597F4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {B6DBF3D8-2C56-4A59-897E-470BBF450C2F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {C7C6C265-F9B0-44F7-A155-A96278C23FF5} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {CD9EE746-61BB-4D59-A78C-AC402B328498} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7319277-8773-4984-A13F-9DDC78EE4659} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDAEB497-4677-4E6D-B941-1E7573D4296F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-08 18:36 - 2006-02-23 12:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2014-01-08 18:36 - 2006-02-22 11:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-09-27 00:13 - 2011-04-01 07:52 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-05-06 21:36 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-27 22:04 - 2014-03-25 12:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-09-26 23:52 - 2011-03-15 19:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-06-28 05:02 - 2013-06-28 05:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 05:00 - 2013-06-28 05:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 05:07 - 2013-06-28 05:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-08-03 20:53 - 2014-07-22 21:46 - 03356480 _____ () C:\Users\Gebhard\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-03 15:14 - 2014-10-03 15:14 - 00700430 _____ () C:\Users\Gebhard\AppData\Roaming\InetStat\inetstat.exe
2013-09-27 00:13 - 2012-09-04 08:22 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-27 00:13 - 2012-06-09 11:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2014-10-03 15:14 - 2012-07-25 11:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-10-03 15:14 - 2014-08-25 17:35 - 01730928 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-10-03 15:14 - 2012-07-25 11:03 - 00168448 _____ () C:\Program Files (x86)\ASP\UNRAR.DLL
2014-05-06 21:38 - 2014-05-06 21:45 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-09-26 23:41 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-27 21:48 - 2014-09-27 21:48 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Gebhard\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "Lenovo Eye Distance System"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "NextLive"
HKCU\...\StartupApproved\Run: => "TomTomHOME.exe"
HKCU\...\StartupApproved\Run: => "MyDriveConnect.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3251876849-3889825715-3622553512-500 - Administrator - Disabled)
Gast (S-1-5-21-3251876849-3889825715-3622553512-501 - Limited - Enabled)
Gebhard (S-1-5-21-3251876849-3889825715-3622553512-1001 - Administrator - Enabled) => C:\Users\Gebhard
HomeGroupUser$ (S-1-5-21-3251876849-3889825715-3622553512-1009 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2014 04:37:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 04:32:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 04:02:08 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (11/03/2014 03:34:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 03:34:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 03:34:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/03/2014 03:12:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f14
Startzeit: 01cff76f7a48f5cd
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 6ad82edc-6363-11e4-bed2-208984ff3a49
Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/03/2014 02:02:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (11/03/2014 01:02:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
System errors:
=============
Error: (11/03/2014 03:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ask Aktualisierungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/03/2014 10:56:16 AM) (Source: DCOM) (EventID: 10016) (User: WOHNZIMMER-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Wohnzimmer-PCGebhardS-1-5-21-3251876849-3889825715-3622553512-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (11/03/2014 04:37:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\gb-av\Trojaner-Board\4\esetsmartinstaller_deu.exe
Error: (11/03/2014 04:32:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (11/03/2014 04:02:08 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/03/2014 03:34:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\gb-av\Trojaner-Board\4\esetsmartinstaller_deu.exe
Error: (11/03/2014 03:34:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\gb-av\Trojaner-Board\4\esetsmartinstaller_deu.exe
Error: (11/03/2014 03:34:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\gb-av\Trojaner-Board\4\esetsmartinstaller_deu.exe
Error: (11/03/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\gb-av\Trojaner-Board\4\esetsmartinstaller_deu.exe
Error: (11/03/2014 03:12:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841f1401cff76f7a48f5cd4294967295C:\WINDOWS\system32\backgroundTaskHost.exe6ad82edc-6363-11e4-bed2-208984ff3a49C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp
Error: (11/03/2014 02:02:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/03/2014 01:02:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8092.34 MB
Available physical RAM: 5721.52 MB
Total Pagefile: 9372.34 MB
Available Pagefile: 6547.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:926.36 GB) (Free:861.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Volume) (Fixed) (Total:910.05 GB) (Free:683.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 4A4E95B6)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
03.11.2014, 23:58
| #9 |
| Ruhe in Frieden † 2019 | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hallo, sind noch n paar Kleinigkeiten drauf. Vorsicht mit der Verwendung von Registrycleanern und Systementrümplern! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Gebhard\Downloads\RegistryReviverSetup.exe
C:\Users\Gebhard\Downloads\slow-pcfighter_Web.exe
C:\Users\Gebhard\Downloads\speedupmypc.exe
C:\Users\Gebhard\Downloads\WinMaximizer.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Deinstalliere bitte noch den Advanced-System Protector OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren Bitte deinstalliere noch: Java 7 Update 67
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
Lade dir bitte von hier den aktuellen Firefox herunter. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Falls du Java doch unbedingt benötigst, dann
Dazu:
Hier findest du eine Anleitung dazu. Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
|
04.11.2014, 12:30
| #10 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hi Sandra, sehr langer Post von dir, ich arbeite den nach und nach ab.. Zu 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Gebhard at 2014-11-04 11:00:48 Run:2
Running from F:\gb-av\Trojaner-Board\2
Loaded Profile: Gebhard (Available profiles: Gebhard)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
*****************
==== End of Fixlog ====
Eset und MBAM deinstalliert, leider kann ich die kostenlose Version vom MBAM nicht nutzen, ich hatte wohl fälschlicherweise die Testversion vom Premium installiert, jetzt weigert der Installer quasi die Installation der eigentlich ausreichenden kostenlosen Version (bzw. es kommt die Meldung "Lizenz abgelaufen") Advanced System Protector habe ich deinstalliert, Delfix ausgeführt. Die Updates von Flash, Java, etc werde ich nach und nach einspielen... Ich melde mich dazu dann. Schon einmal vielen Dank Carsten Hi Sandra, scheinbar wäre ICH durch ;-) Habe die Updates installiert und auf automatische Installation gestellt (zukünftige Installationen). Windows und Office updates sich eh automatisch, als Browser wird hier nur ein Nicht-IE eingesetzt (FF, Chrome). Avira Pro läuft auch, insofern bin ich hier guter Dinge. Wie schaut es deinerseits aus ?! Gruß Carsten |
|
05.11.2014, 00:21
| #12 |
| | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Nein, wie "üblich" bin ich fraglos glücklich ;-) Vielen Dank, vor allem für dein Verständis (siehe PN).. Gruß, auch von meinem Kumpel, für den wir das hier gemacht haben... carsten |
|
05.11.2014, 00:23
| #13 | |
| Ruhe in Frieden † 2019 | Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? Hallo Carsten, Zitat:
  und das andere versteht sich von selbst, alles Gute für dich und deinen Kumpel |
|
| Themen zu Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ? |
| avira, dateien, entfernung, fehlercode 0x80000003, fehlercode 22, folge, frage, infiziert, kaspersky, löschen, mbam, nichts, programm, scan, scanner, this device is disabled. (code 22), tipps, tmp, win, windows |
Linear-Darstellung
