| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Diverse Viren auf Win8 Rechner - wie gehts weiter?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.10.2014, 22:04
| #1 |
| |  Diverse Viren auf Win8 Rechner - wie gehts weiter? Hallo! durch einen Klick auf "Ihr Videoplayer ist nicht aktuell" hab ich mir (Laptop intel corei7 win8.1 64bit) einiges eingefangen, Umleitungen beim Surfen und eDeals, Rechner sehr langsam, Firefox sehr langsam, Rechner startet sehr langsam, Poups mit Umfragen etc., Dropbox findet keine Internetverbindung mehr etc. frst und frst64 laufen wohl nicht auf win8, oder? In den Programmen finde ich nichts, was mir auffällig vorkommt, leider, also nichts, was ich deinstallieren könnte (siehe Liste unten; bin aber auch kein Profi...). Spyhunter findet u.a. diese hier (aber Spyhunter kommt bei euch ja nicht so toll weg - weiß schon, aber war mal in der Nacht dann etwas hilflos...): Istartsurf.com Snap.do Webssearches.com 2o7 Adserver Adtech Advert Advertising Avware.V-bates Adware.Web Frog CasableMedia Media Mediaplex PUP.Freemake.Video Converter PUP.NewPlayer PUP.SupTab OTL sagt Code:
ATTFilter ebOTL logfile created on: 12.09.2014 16:59:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DieSinnnwells\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17278) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 71,05% Memory free 9,73 Gb Paging File | 6,33 Gb Available in Paging File | 65,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 891,22 Gb Total Space | 525,17 Gb Free Space | 58,93% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 22,73 Gb Free Space | 90,93% Space Free | Partition Type: NTFS Drive E: | 931,46 Gb Total Space | 542,70 Gb Free Space | 58,26% Space Free | Partition Type: NTFS Drive G: | 1862,82 Gb Total Space | 1167,45 Gb Free Space | 62,67% Space Free | Partition Type: NTFS Computer Name: SINNWELLNOTE | User Name: DieSinnnwells | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.09.11 10:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe PRC - [2014.09.04 20:49:42 | 000,060,452 | ---- | M] () -- C:\Windows\SysWOW64\DebugDirect3dMotion\DebugDirect3dMotion.exe PRC - [2014.09.04 20:49:34 | 000,251,429 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\BIOSPathTask.exe PRC - [2014.09.04 20:49:34 | 000,107,557 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\AppCursorFunction.exe PRC - [2014.08.06 09:19:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2014.08.06 09:19:44 | 001,021,520 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe PRC - [2014.08.06 09:19:43 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2014.08.06 09:19:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2014.08.04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe PRC - [2014.07.30 02:22:10 | 036,414,496 | ---- | M] (Dropbox, Inc.) -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.12.12 21:56:14 | 003,145,536 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe PRC - [2013.06.07 17:08:36 | 017,124,256 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe PRC - [2013.05.17 01:06:26 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013.05.17 01:06:22 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013.05.16 16:44:06 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.14 10:02:50 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE PRC - [2013.04.30 12:25:22 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013.04.30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013.03.18 15:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2013.03.18 15:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2013.03.08 15:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe PRC - [2013.01.09 08:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2013.01.09 02:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2013.01.09 02:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe PRC - [2012.12.13 22:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012.10.30 20:11:32 | 000,168,464 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2012.03.26 18:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2004.12.14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2014.09.12 16:27:55 | 000,043,008 | ---- | M] () -- c:\users\diesin~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpivmj.dll MOD - [2014.09.11 01:38:26 | 000,250,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\72004d1b2eec7dfa9cc465c9804c9e20\WindowsFormsIntegration.ni.dll MOD - [2014.09.11 01:38:13 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d82137c37ef37707446bb6056c0ee9c4\System.IdentityModel.ni.dll MOD - [2014.09.11 01:37:59 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\668eb7171833079353583f414ea7192d\System.ServiceModel.Internals.ni.dll MOD - [2014.09.11 01:37:59 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9c66601bad4851a24e037f606482160f\SMDiagnostics.ni.dll MOD - [2014.09.11 01:35:52 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\462e6667cb4ef74abec9524d96c4d7d5\System.Xml.ni.dll MOD - [2014.09.11 01:35:49 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\dd08601ab40a3c0743ee8d7b4350debe\System.Xaml.ni.dll MOD - [2014.09.11 01:35:48 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cc272fa4bc8ae7c468e3c75a57ae3c72\System.Windows.Forms.ni.dll MOD - [2014.09.11 01:35:43 | 000,219,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\e99d52ddc175721f6ed14653e32ba4c5\System.ServiceProcess.ni.dll MOD - [2014.09.11 01:35:42 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\528be8efca0c6b6c9ce63f3664c80443\System.ServiceModel.ni.dll MOD - [2014.09.11 01:35:33 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf112546e5e77b821db19d8b958cfeee\System.Runtime.Serialization.ni.dll MOD - [2014.09.11 01:35:30 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9e99d85dfa5a3de8e34fe912acf82021\System.Drawing.ni.dll MOD - [2014.09.11 01:35:29 | 007,385,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a7d80873c90c120b21057d652b039a52\System.Data.ni.dll MOD - [2014.09.11 01:35:26 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\04d455ea050b547ca661a16509fe4638\System.Configuration.ni.dll MOD - [2014.09.11 01:35:26 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\165bbf987a17d5254aeb43e769ab02f7\PresentationFramework.Aero2.ni.dll MOD - [2014.09.11 01:35:25 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\201ff175176fa9f3f7930492d6f8e140\PresentationFramework.ni.dll MOD - [2014.09.11 01:35:18 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\137698b247bb9989ebaf0a9c9528f17a\PresentationCore.ni.dll MOD - [2014.09.11 01:35:13 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\358c6ca55986bf6ef35d4de5806f3f99\WindowsBase.ni.dll MOD - [2014.09.11 01:35:10 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5e8ea4bc2ddce0edd65f5c68b7241c06\System.Core.ni.dll MOD - [2014.09.11 01:35:07 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3028925cf331e81d2b55093a3f131bd5\System.ni.dll MOD - [2014.09.04 20:49:34 | 000,251,429 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\BIOSPathTask.exe MOD - [2014.08.04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Users\DIESIN~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll MOD - [2014.07.30 02:20:20 | 003,610,624 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2014.05.07 13:05:21 | 000,146,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62\System.Numerics.ni.dll MOD - [2014.01.27 13:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll MOD - [2013.12.12 21:56:14 | 003,145,536 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe MOD - [2013.08.23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.09.11 10:29:19 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.04.06 13:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2014.04.03 04:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2014.03.14 08:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:64bit: - [2014.03.08 07:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2014.03.06 09:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2014.02.22 17:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2014.02.22 11:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014.02.22 11:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2014.02.22 11:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2014.02.22 11:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2014.02.22 11:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.12.10 09:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2013.11.23 06:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2013.08.22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2013.08.22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2013.08.22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2013.08.22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2013.08.22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2013.08.22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2013.08.22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2013.08.22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2013.08.22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2013.08.22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.08.22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.08.22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2013.08.22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2013.08.22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.08.22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV - [2014.09.09 22:17:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.09.04 20:49:42 | 000,060,452 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DebugDirect3dMotion\DebugDirect3dMotion.exe -- (DebugDirect3dMotion) SRV - [2014.09.04 20:49:34 | 000,107,557 | ---- | M] () [Auto | Running] -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\AppCursorFunction.exe -- (AppCursorFunction.exe) SRV - [2014.08.06 09:19:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014.08.06 09:19:44 | 001,021,520 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService) SRV - [2014.08.06 09:19:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2014.08.04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost) SRV - [2014.07.30 12:05:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.03.14 08:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2014.01.09 07:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.12.21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013.09.05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.09.01 13:30:33 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv) SRV - [2013.08.28 17:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2013.08.28 17:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2013.08.28 17:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2013.08.28 17:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2013.08.28 01:27:58 | 000,661,832 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Programme\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe -- (Avid DMF Service) SRV - [2013.08.28 01:25:32 | 000,662,344 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe -- (Avid Editor Broker) SRV - [2013.08.28 01:25:32 | 000,297,800 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe -- (Avid Editor Transcode Status) SRV - [2013.08.28 01:25:30 | 000,662,344 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe -- (Avid Editor Transcode Service) SRV - [2013.08.28 01:25:30 | 000,661,832 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe -- (Avid Editor Db Engine) SRV - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013.08.22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2013.08.22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2013.07.04 20:36:32 | 000,337,920 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2013.06.07 17:08:36 | 017,124,256 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices) SRV - [2013.06.04 12:49:42 | 000,156,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R) SRV - [2013.05.28 15:37:36 | 000,101,536 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity) SRV - [2013.05.17 01:06:26 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013.05.17 01:06:22 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013.05.01 09:04:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2013.04.30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2013.03.18 15:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2013.03.18 15:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2013.02.13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV - [2013.02.13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.01.09 08:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2013.01.09 02:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2013.01.09 02:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime) SRV - [2012.12.13 22:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.12.13 22:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV - [2012.09.12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.07.08 11:32:06 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Disabled | Unknown] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt) DRV:64bit: - [2014.07.01 15:54:46 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2014.06.05 09:06:52 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2014.05.31 12:07:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2014.05.12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.05.01 15:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2014.04.01 08:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2014.03.24 04:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2014.03.24 04:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2014.03.24 04:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2014.03.20 05:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2014.03.13 14:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2014.03.08 22:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2014.02.22 18:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2014.02.22 17:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2014.02.22 17:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2014.02.22 17:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2014.02.22 17:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2014.02.22 17:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2014.02.22 14:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2013.12.25 12:37:44 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2013.12.25 12:37:44 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.12.25 12:37:44 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2013.12.21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013.12.15 01:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2013.12.15 01:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2013.12.04 20:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2013.11.14 09:33:28 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2013.11.14 09:26:36 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2013.11.14 09:13:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013.11.14 09:13:36 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2013.10.31 20:25:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.10.08 23:52:34 | 003,648,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64) DRV:64bit: - [2013.09.25 23:52:42 | 003,589,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64) DRV:64bit: - [2013.09.05 03:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.09.01 13:33:08 | 000,035,600 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013.08.22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:64bit: - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2013.08.22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2013.08.22 13:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2013.08.22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2013.08.22 13:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2013.08.22 13:38:17 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2013.08.22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2013.08.22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2013.08.22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:64bit: - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2013.08.22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2013.08.22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2013.08.22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2013.07.04 20:36:32 | 000,550,912 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2013.06.20 07:29:10 | 000,532,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013.06.20 07:29:08 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013.06.18 16:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2013.06.04 12:49:20 | 000,115,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb) DRV:64bit: - [2013.05.31 11:45:12 | 001,064,704 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2013.05.28 15:37:28 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2013.05.17 01:06:24 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.05.01 09:04:36 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013.04.30 12:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2013.04.11 15:08:40 | 000,106,704 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2013.04.09 20:52:32 | 000,100,184 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\IntelPcc.sys -- (IntelHSWPcc) DRV:64bit: - [2013.03.28 13:47:00 | 001,366,328 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.10.03 11:26:58 | 000,095,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2012.06.22 11:01:32 | 000,022,704 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012.06.13 17:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2011.05.24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.09.17 08:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{CD4D22C8-F6CD-46CD-9432-456CB4AA5085}: "URL" = hxxp://url24.info/?id=4412f9766a2094&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E3D32510-4D0D-4B4A-BE19-108A12DB42AD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:21521 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2014.01.09 13:08:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.11.01 00:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Extensions [2014.09.08 12:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Firefox\Profiles\tdaqq3v8.default\extensions [2014.09.04 13:09:40 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Firefox\Profiles\tdaqq3v8.default\extensions\abs@avira.com [2014.07.30 12:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.07.30 12:05:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [DolbyTrayApp] c:\program files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () O4 - HKCU..\Run: [GMX Application {sync-000021}] C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe (1&1 Mail & Media GmbH) O4 - Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D3612D4-07E1-4BDB-AF25-4BCFD39A5773}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014.09.11 09:00:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.09.12 16:58:53 | 000,000,000 | ---D | C] -- C:\_OTL [2014.09.11 11:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2014.09.11 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2014.09.11 10:59:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe [2014.09.11 09:00:13 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2014.09.11 09:00:12 | 000,000,000 | ---D | C] -- C:\sh4ldr [2014.09.11 09:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2014.09.11 08:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2014.09.08 12:48:29 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014.09.08 12:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.09.08 12:48:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2014.09.08 12:48:20 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2014.09.08 12:48:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2014.09.08 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.09.08 12:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.09.08 12:09:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.09.04 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Local\com [2014.09.04 20:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\DebugDirect3dMotion [2014.09.04 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction [2014.09.03 17:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.09.12 16:26:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014.09.11 11:08:49 | 000,001,295 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Revo Uninstaller.lnk [2014.09.11 10:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe [2014.09.11 10:44:59 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014.09.11 10:33:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.09.11 10:32:58 | 2503,389,183 | -HS- | M] () -- C:\hiberfil.sys [2014.09.11 10:32:22 | 000,012,800 | ---- | M] () -- C:\WINDOWS\SysNative\VfService.trf [2014.09.11 10:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014.09.11 09:00:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014.09.11 09:00:13 | 000,002,301 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\SpyHunter.lnk [2014.09.11 08:47:08 | 001,807,578 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2014.09.11 08:47:08 | 000,776,626 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2014.09.11 08:47:08 | 000,731,842 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2014.09.11 08:47:08 | 000,164,310 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2014.09.11 08:47:08 | 000,139,818 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2014.09.10 14:53:51 | 001,145,741 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Vertrag_UniBW_Sinnwell_MHSB1EW039EA976.pdf [2014.09.08 12:48:22 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.05 02:42:53 | 004,973,544 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\danieleAffen.avb [2014.09.04 22:14:24 | 000,034,646 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\cc_20140904_221415.reg [2014.09.04 22:11:10 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.09.04 21:53:44 | 000,059,572 | ---- | M] () -- C:\0525d0a5-f51b-43ca-a1c4-c98e5dba42ec.dmp [2014.09.04 20:49:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf [2014.09.02 13:33:36 | 000,017,012 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Sicherungskopie von To Do_as.wbk [2014.09.02 10:56:07 | 000,001,133 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Cyberlink Power2Go.lnk [2014.08.28 07:45:50 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2014.08.28 07:38:51 | 000,499,368 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2014.08.22 09:14:31 | 000,022,706 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\babydi_tstudie_-_den_zucker_im_brei_suchen.pdf [2014.08.22 09:10:25 | 000,060,370 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Newsletter_BABYDIAB.pdf [2014.08.18 23:45:19 | 000,076,918 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Antrag_101_Selbst.pdf [2014.08.18 21:18:06 | 000,058,162 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Antrag_101_Selbst.pdf [2014.08.16 16:32:11 | 002,744,896 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb [2014.08.15 09:57:11 | 000,002,469 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2014.08.15 00:19:45 | 000,001,123 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.08.15 00:19:24 | 000,001,107 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Dropbox.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.09.11 11:08:49 | 000,001,295 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Revo Uninstaller.lnk [2014.09.11 09:00:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014.09.11 09:00:17 | 000,022,704 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\EsgScanner.sys [2014.09.11 09:00:13 | 000,002,301 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\SpyHunter.lnk [2014.09.10 14:52:47 | 001,145,741 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Vertrag_UniBW_Sinnwell_MHSB1EW039EA976.pdf [2014.09.08 12:48:22 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.05 02:42:53 | 004,973,544 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\danieleAffen.avb [2014.09.04 22:14:18 | 000,034,646 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\cc_20140904_221415.reg [2014.09.04 21:53:44 | 000,059,572 | ---- | C] () -- C:\0525d0a5-f51b-43ca-a1c4-c98e5dba42ec.dmp [2014.09.04 20:49:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf [2014.09.04 20:49:06 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.09.02 13:33:36 | 000,017,012 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Sicherungskopie von To Do_as.wbk [2014.08.28 07:45:50 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2014.08.22 09:14:30 | 000,022,706 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\babydi_tstudie_-_den_zucker_im_brei_suchen.pdf [2014.08.22 09:10:23 | 000,060,370 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Newsletter_BABYDIAB.pdf [2014.08.18 21:26:52 | 000,076,918 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Antrag_101_Selbst.pdf [2014.08.18 21:18:06 | 000,058,162 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Antrag_101_Selbst.pdf [2014.08.15 15:27:11 | 002,744,896 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb [2014.08.15 00:19:45 | 000,001,123 | ---- | C] () -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.04.29 18:32:07 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014.04.28 13:16:02 | 000,019,474 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini [2014.03.18 16:24:24 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.01.10 02:42:48 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll [2013.12.21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll [2013.12.21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2013.12.21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2013.11.14 12:03:26 | 000,243,288 | ---- | C] () -- C:\WINDOWS\SysWow64\qtmlClient.dll [2013.09.01 13:11:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.09.01 13:10:40 | 000,001,677 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini [2013.09.01 13:10:40 | 000,001,677 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini [2013.09.01 13:10:08 | 001,809,786 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2014.01.09 13:09:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.04.06 18:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.04.06 17:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.04.03 21:36:43 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Avid Technology [2014.03.04 14:17:39 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Avid Technology Inc [2014.01.07 09:03:02 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Canon [2014.09.04 08:33:41 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox [2014.07.07 09:40:06 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\DVDVideoSoft [2014.01.03 13:32:05 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\HandBrake [2014.01.10 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Leawo [2013.11.01 00:01:55 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Lenovo [2013.11.27 10:06:41 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\MyPhoneExplorer [2013.10.23 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Nitro [2014.09.08 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Nitro PDF [2014.03.04 14:18:01 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\PACE Anti-Piracy [2014.01.10 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Sony [2014.01.10 03:03:54 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Sony Creative Software Inc [2014.04.03 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\SorensonMedia [2014.01.10 02:44:00 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\tiger-k [2014.01.03 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\TuneUp Software [2013.11.01 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\WebApp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\danieleAffen.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__SCHNITTvv.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__SCHNITT.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb:BINSTATE_RSRC @Alternate Data Stream - 161 bytes -> C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\P1160684klein.jpg:com.dropbox.attributes @Alternate Data Stream - 1047 bytes -> C:\Users\DieSinnnwells\AppData\Local\h4FUwrDK:Q7XyeUI637PNQWgnQxGGdIdqyf < End of report > ADWCLEANER findet nix, Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 10:09:59
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : DieSinnnwells - SINNWELLNOTE
# Gestartet von : C:\Users\DieSinnnwells\Downloads\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\STool
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10644 octets] - [08/09/2014 12:09:45]
AdwCleaner[R1].txt - [10432 octets] - [08/09/2014 12:35:50]
AdwCleaner[R2].txt - [1158 octets] - [11/09/2014 10:09:17]
AdwCleaner[S0].txt - [7637 octets] - [08/09/2014 12:36:37]
AdwCleaner[S1].txt - [1032 octets] - [11/09/2014 10:09:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1092 octets] ##########
Installierte Programme: Name Version Avid Codecs LE 2.4.0 SpyHunter 4.17.6.4336 Adobe Common File Installer 1.00.001 Microsoft Office OneNote MUI (German) 2007 12.0.6612.1000 Microsoft Office InfoPath MUI (German) 2007 12.0.6612.1000 Microsoft Office Access MUI (German) 2007 12.0.6612.1000 Microsoft Office Excel MUI (German) 2007 12.0.6612.1000 Microsoft Office PowerPoint MUI (German) 2007 12.0.6612.1000 Microsoft Office Publisher MUI (German) 2007 12.0.6612.1000 Microsoft Office Outlook MUI (German) 2007 12.0.6612.1000 Microsoft Office Office 64-bit Components 2007 12.0.6612.1000 Microsoft Office Shared 64-bit MUI (German) 2007 12.0.6612.1000 Microsoft Office Groove MUI (German) 2007 12.0.6612.1000 Microsoft Office Word MUI (German) 2007 12.0.6612.1000 Microsoft Office Proofing (German) 2007 12.0.4518.1014 Microsoft Office Shared MUI (German) 2007 12.0.6612.1000 Microsoft Office Proof (Italian) 2007 12.0.6612.1000 Microsoft Office Proof (German) 2007 12.0.6612.1000 Microsoft Office Proof (English) 2007 12.0.6612.1000 Microsoft Office Proof (French) 2007 12.0.6612.1000 Microsoft Office Enterprise 2007 12.0.6612.1000 Microsoft Office File Validation Add-In 14.0.5130.5003 Microsoft Office 15.0.4454.1510 Adobe Bridge 1.0 001.000.001 Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 16.0.5.0046 Intel® Trusted Connect Service Client 1.27.798.1 PACE License Support Win64 2.0.0.0256 Intel(R) Update Manager 2.3.1338 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 10.0.40219 Microsoft Visual C++ 2005 Redistributable (x64) 8.0.61000 Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology 3.0.1306.0342 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729 NVIDIA PhysX 9.13.0604 Sony PDZK-MA2 v3.21 3.21 Adobe InDesign CS2 004.000.000 Microsoft Visual C++ 2005 Redistributable 8.0.59193 OneKey Recovery 5.70.0000 Visual Studio C++ 10.0 Runtime 10.0.0 Avid License Control 3.0.1 Apple Software Update 2.1.3.127 Dolby Home Theater v4 7.2.8000.17 Adobe Photoshop CS2 9.0 Java 7 Update 67 7.0.670 Skype™ 6.18 6.18.106 Apple Application Support 2.3.6 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 9.0.30729 Intel(R) WiDi 4.1.19.0 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Adobe Acrobat 7.0 Professional - English, Français, Deutsch 7.0.0 Adobe Reader XI (11.0.09) - Deutsch 11.0.09 Avid FX (64 Bit) 6.4.0001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 9.0.21022 Energy Manager 1.0.0.28 Adobe Stock Photos 1.0 1.0.1 Intel(R) PRO/Wireless Driver 16.01.5000.0577 Microsoft Office Live Add-in 1.5 2.0.4024.1 Shared C Run-time for x64 10.0.0 Microsoft Visual C++ 2005 Redistributable (x64) 8.0.56336 Adobe Help Center 1.0 1.0.1 YouCam 4.10.0000 Avid DVD by Sonic 6.4.4 Benutzerhandbuch 1.0.0.15 Alcor Micro USB Card Reader 3.1.1245.72250 Intel(R) Rapid Storage Technology 12.6.0.1033 Avid Media Composer 7.0.3 Intel® PROSet/Wireless WiFi Software 16.01.5000.0269 Microsoft Visual C++ 2005 Redistributable 8.0.61001 Sentinel Protection Installer 7.6.6 7.6.6 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Avid Editor Transcode 3.0.6 Microsoft .NET Framework 1.1 1.1.4322 PowerDVD 10.00.0000 Nitro Pro 8 8.0.10.7 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729 Java Auto Updater 2.1.67.1 Avira 1.1.21.25162 QuickTime 7 7.75.80.95 Wer kann mir helfen??? Danke 1000x, lg Arne |
|
10.10.2014, 22:11
| #2 |
| /// the machine /// TB-Ausbilder    | Diverse Viren auf Win8 Rechner - wie gehts weiter? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.10.2014, 22:14
| #3 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter? frst und frst64 werden beide als auf diesem Rechner nicht lauffähig gemeldet (app kann auf diesem PC nicht ausgeführt werden)
__________________ |
|
11.10.2014, 16:48
| #4 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter? Screenshot von der Meldung bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2014, 22:41
| #5 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter? anbei |
|
12.10.2014, 14:08
| #6 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter? Antivirenprogramm komplett beenden, dann FRST nochmal versuchen.
__________________ --> Diverse Viren auf Win8 Rechner - wie gehts weiter? |
|
03.11.2014, 00:10
| #7 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter? geht trotzdem nicht arsi |
|
03.11.2014, 16:51
| #8 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter? Da brauchst Du knapp nen Monat zu?  FRST löschen und neu laden. Nochmal versuchen. Diese Probleme hast irgendwie nur du.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.11.2014, 17:01
| #9 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by DieSinnnwells (administrator) on SINNWELLNOTE on 03-11-2014 16:57:29
Running from C:\Users\DieSinnnwells\Desktop
Loaded Profile: DieSinnnwells (Available profiles: UpdatusUser & DieSinnnwells & Isolde)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(1&1 Mail & Media GmbH) C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidBackgroundServicesManager.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidMediaComposer.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidInspector.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\QuickTimeServer\QuickTime_OPServer.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\QuickTimeServer\QuickTime_OPServer.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\DSM\DSM_Server.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidBinIndexer.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidSearch.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Run: [Amazon Cloud Player] => C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Run: [GMX Application {sync-000021}] => C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [792064 2014-06-04] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Background Services Manager.lnk
ShortcutTarget: Avid Background Services Manager.lnk -> C:\Windows\Installer\{0427308A-76E7-4D9C-BAA2-0156215CB191}\EditorSvcMgr.CC044E7F_6970_4832_89FC_E9116CEDE7D4.exe (Flexera Software LLC)
Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:28257
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CD4D22C8-F6CD-46CD-9432-456CB4AA5085} URL = hxxp://url24.info/?id=4412f9766a2094&q={searchTerms}
SearchScopes: HKLM - {E3D32510-4D0D-4B4A-BE19-108A12DB42AD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipanw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipanw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}
SearchScopes: HKCU - {E3D32510-4D0D-4B4A-BE19-108A12DB42AD} URL =
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\Extensions\abs@avira.com [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-09]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-25] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)
S3 Avid DMF Service; C:\Program Files\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe [661832 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Broker; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe [662344 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Db Engine; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe [661832 2013-08-28] (Avid Technology, Inc.)
S3 Avid Editor Transcode Service; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe [662344 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Transcode Status; C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe [297800 2013-08-28] (Avid Technology, Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-06-04] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-09-01] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-04] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [100184 2013-04-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1064704 2013-05-31] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 16:56 - 2014-11-03 16:58 - 00028339 _____ () C:\Users\DieSinnnwells\Desktop\FRST.txt
2014-11-03 16:56 - 2014-11-03 16:57 - 00000000 ____D () C:\FRST
2014-11-03 16:55 - 2014-11-03 16:55 - 02114560 _____ (Farbar) C:\Users\DieSinnnwells\Desktop\FRST64.exe
2014-11-03 15:55 - 2014-11-03 15:56 - 138350742 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-5763e6.zip
2014-11-03 15:31 - 2014-11-03 15:31 - 12450392 _____ () C:\Users\DieSinnnwells\Desktop\Fliegendes_Dach.tif
2014-11-03 13:48 - 2014-11-03 13:48 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-25fc31
2014-11-03 12:02 - 2014-11-03 12:02 - 00024691 _____ () C:\Users\DieSinnnwells\Desktop\CO_elefant.avb
2014-11-03 00:13 - 2014-11-03 00:13 - 19960546 _____ () C:\Users\DieSinnnwells\Downloads\0111_Stuerme.wav
2014-11-03 00:12 - 2014-11-03 00:13 - 159978268 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-25fc31.zip
2014-11-02 16:28 - 2014-11-02 23:53 - 00000000 ____D () C:\Users\DieSinnnwells\Desktop\Franzi
2014-10-31 14:13 - 2014-10-31 15:18 - 2278835888 _____ () C:\Users\DieSinnnwells\Downloads\Sturmbilder_ANC-NEWS_mpeg.mpg
2014-10-31 14:12 - 2014-10-31 14:12 - 00022307 _____ () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\www.htm
2014-10-31 14:12 - 2014-10-31 14:12 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\www-Dateien
2014-10-31 09:50 - 2014-10-31 09:50 - 00002481 _____ () C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-31 09:48 - 2014-10-31 09:54 - 00000000 ____D () C:\Program Files (x86)\ver3Re-Markable
2014-10-30 05:24 - 2014-10-30 05:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 09:23 - 2014-10-28 09:25 - 363041990 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-3f5ea8.zip
2014-10-21 09:35 - 2014-10-21 09:35 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 09:35 - 2014-10-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 09:35 - 2014-10-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 08:52 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 08:51 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 08:51 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 08:51 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 08:51 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 08:51 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 08:51 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 08:51 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 08:51 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 08:51 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 08:51 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 08:51 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 08:51 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 08:51 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 08:51 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 08:51 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 08:51 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 08:51 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-17 08:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 08:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 08:50 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 08:50 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 08:50 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-17 08:50 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-17 08:50 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-17 08:49 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 08:49 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 08:49 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 08:49 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 08:49 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 08:49 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 08:49 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 08:49 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 08:49 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 08:49 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 08:49 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 08:49 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 08:49 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 08:49 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 08:49 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 08:49 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 08:49 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 08:49 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 08:49 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 08:49 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 08:49 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 08:49 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 08:49 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 08:49 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 08:49 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 08:49 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 08:49 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 08:49 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 08:49 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 08:49 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 08:49 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 08:49 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 08:49 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-17 08:49 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-17 08:49 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-17 08:49 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-17 08:49 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-17 08:49 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-17 08:49 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-17 08:49 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-17 08:49 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-17 08:49 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-17 08:49 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-17 08:49 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-17 08:49 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-17 08:49 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-17 08:49 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-17 08:49 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-17 08:49 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-17 08:49 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-17 08:49 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-17 08:49 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:49 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-17 08:49 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-17 08:49 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-17 08:49 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:49 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-17 08:49 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-17 08:49 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-17 08:49 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-17 08:49 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-17 08:49 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 08:49 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-17 08:49 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-16 09:35 - 2014-10-16 09:35 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\Intel_Corporation
2014-10-15 14:35 - 2014-10-15 14:36 - 00580949 _____ () C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS16.avb
2014-10-15 14:34 - 2014-10-15 14:35 - 00362856 _____ () C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS17.avb
2014-10-10 21:57 - 2014-10-10 21:58 - 00000000 ____D () C:\liste
2014-10-09 22:50 - 2014-10-09 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-09 22:50 - 2014-10-09 22:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-09 22:39 - 2014-10-09 22:39 - 41273314 _____ () C:\Users\DieSinnnwells\Downloads\04_Anim_Map_Gewitter_v02.mov
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 16:35 - 2014-01-02 20:10 - 00000000 ____D () C:\BACKUP DESK D
2014-11-03 16:35 - 2014-01-02 20:07 - 00000000 ____D () C:\BACKUP DESK C
2014-11-03 16:17 - 2013-11-05 15:04 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-03 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-03 15:39 - 2013-11-18 20:42 - 01376256 ___SH () C:\Users\DieSinnnwells\Desktop\Thumbs.db
2014-11-03 15:38 - 2013-10-23 20:48 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Adobe
2014-11-03 14:56 - 2013-12-25 11:43 - 01484016 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-03 14:52 - 2013-10-31 22:21 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\vlc
2014-11-03 14:44 - 2013-10-24 12:05 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Nitro PDF
2014-11-03 14:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-03 13:43 - 2014-07-03 11:24 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Avid Projects
2014-11-03 12:30 - 2013-10-23 20:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3818593481-3971921926-4038305356-1002
2014-11-03 12:20 - 2013-11-14 08:27 - 01807578 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-03 12:20 - 2013-11-14 08:11 - 00776626 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-03 12:20 - 2013-11-14 08:11 - 00164310 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-03 00:07 - 2014-09-27 20:27 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-11-03 00:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-02 23:57 - 2014-09-08 11:38 - 00027730 _____ () C:\WINDOWS\PFRO.log
2014-11-02 23:56 - 2013-09-01 12:30 - 00016896 _____ () C:\WINDOWS\system32\VfService.trf
2014-11-02 23:50 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 23:43 - 2013-10-31 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 23:12 - 2014-09-04 21:14 - 00006555 _____ () C:\WINDOWS\setupact.log
2014-11-02 15:49 - 2013-11-05 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-31 11:15 - 2014-02-12 15:18 - 00505344 ___SH () C:\Users\DieSinnnwells\Downloads\Thumbs.db
2014-10-31 09:53 - 2014-09-04 19:49 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction
2014-10-29 15:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 18:11 - 2014-09-28 21:24 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-dcca13
2014-10-26 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-21 19:10 - 2013-10-24 13:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-21 10:28 - 2013-10-24 13:17 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-21 09:35 - 2014-07-17 08:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 09:32 - 2014-06-27 14:00 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\Adobe
2014-10-21 09:32 - 2013-11-05 15:04 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-21 09:32 - 2013-09-01 12:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-20 20:38 - 2014-07-03 11:24 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Angebote
2014-10-20 09:53 - 2014-09-13 20:43 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-20 09:53 - 2013-12-03 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-20 09:53 - 2013-09-01 12:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 09:52 - 2013-12-03 09:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-20 09:45 - 2013-08-22 15:44 - 00499368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-17 09:22 - 2013-10-24 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 09:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 08:21 - 2014-03-04 12:35 - 00000008 _____ () C:\Avid Editor Transcode
2014-10-14 14:57 - 2013-12-03 09:14 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-14 14:57 - 2013-12-03 09:14 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-14 14:57 - 2013-12-03 09:14 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-09 22:50 - 2013-10-31 22:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-08 09:29 - 2013-10-24 20:26 - 00001107 _____ () C:\Users\DieSinnnwells\Desktop\Dropbox.lnk
2014-10-08 09:29 - 2013-10-24 20:23 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-08 09:27 - 2013-10-24 20:21 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Dropbox
2014-10-05 21:56 - 2014-07-03 11:24 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\bmw briefing
2014-10-04 18:41 - 2014-09-26 10:21 - 00000000 ____D () C:\Users\DieSinnnwells\Desktop\Steuer Isolde Comdirect
Some content of TEMP:
====================
C:\Users\DieSinnnwells\AppData\Local\Temp\8B1C3E58-848C-5705-E124-93F12638266F.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\8B1C3E58-848C-5705-E124-93F12638266F.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\avgnt.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7othdo.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\post2.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\post2.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\Quarantine.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\SHelp2.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-22 14:09
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by DieSinnnwells at 2014-11-03 16:58:23
Running from C:\Users\DieSinnnwells\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
AndreaMosaic 3.33.0 (HKLM-x32\...\AndreaMosaic) (Version: - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avid Codecs LE (HKLM-x32\...\{96263993-5E28-424D-A542-FDDEE1217CFF}) (Version: 2.4.0 - Ihr Firmenname)
Avid DVD by Sonic (HKLM-x32\...\{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}) (Version: 6.4.4 - Avid Technology)
Avid Editor Transcode (HKLM\...\{778AB96D-5C59-4F53-AFB0-79476FE69AA2}) (Version: 3.0.6 - Avid Technology, Inc.)
Avid FX (64 Bit) (HKLM\...\{0FF63296-B13C-4C1B-90C7-BB811B587F77}) (Version: 6.4.0001 - Boris FX, Inc.)
Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.1 - Avid Technology, Inc.)
Avid Media Composer (HKLM\...\{0427308A-76E7-4D9C-BAA2-0156215CB191}) (Version: 7.0.3 - Avid Technology, Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6300 series Benutzerregistrierung (HKLM-x32\...\Canon MG6300 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
Free DVD Video Converter version 2.0.16.1230 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.16.1230 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
GMX MediaCenter 1.7.3289.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.7.3289.0 - 1&1 Mail & Media GmbH)
iDeer Blu-ray Player (HKLM-x32\...\iDeer Blu-ray Player) (Version: 1.4.5.1442 - iDeerApp Software Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{90621A56-901E-417D-A8CB-E8E3A6793C29}) (Version: 4.1.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6ec41eb7-bff8-4dd4-9278-57f45f6e6e0e}) (Version: 16.0.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.02 - iZotope, Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.531.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NewBlue Titler Pro for Windows (HKLM\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sentinel Protection Installer 7.6.6 (HKLM-x32\...\{8C2218AC-D1B1-4530-9E67-15164E0E52AB}) (Version: 7.6.6 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony PDZK-MA2 v3.21 (HKLM\...\{E4BBA342-FC20-4D4D-8856-6FD865C78DAB}) (Version: 3.21 - Sony Corporation)
Sorenson Squeeze 8.5.1 (HKLM-x32\...\{AD11F61E-604D-4B15-8FC3-E587224CA3DE}) (Version: 8.5.1 - Sorenson Media)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3818593481-3971921926-4038305356-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-10-2014 08:10:11 Windows Update
21-10-2014 08:33:54 Installed Java 7 Update 71
02-11-2014 22:19:44 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {134FDB6F-4E60-4401-B08E-00F74E14FD86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1958537B-D4BF-4665-8BC7-5F09F5BB187D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2218BB50-0DAF-4FDA-993A-528BEC127A6A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {24A00203-3A9E-4840-AC44-79D8E1DE4579} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AADECD8-5758-4156-A356-41C54FDD0CCA} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F6C2255-1577-4EF9-BD8C-F4A190BE0770} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {5E2395AF-0C1F-4445-9B06-0210239D6DD2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {83736C6F-EAF7-4B84-A334-1F474FE4826B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-21] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C6B6585-5AD9-45D3-B0FE-B57B82DCA4D5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FA748F7-D951-4371-BFAE-6BE32645539F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {96BDEE91-7BEA-4499-B0A0-FF47FEE75DAF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B3E017BE-A9E1-4041-AC6E-0FFB8D46F5C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {C4260B22-DFE8-4BB7-9306-D748DA8A52DE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7674644-C0F3-4B4F-8949-EF556D71EA8F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-08-26 13:51 - 2013-08-26 13:51 - 07740928 _____ () c:\program files\avid\editor transcode\transcodeservice\jre\bin\server\jvm.dll
2013-09-01 12:30 - 2013-09-01 12:30 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-09-01 12:30 - 2013-09-01 12:30 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-23 14:31 - 2013-12-12 20:56 - 03145536 _____ () C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-07-07 08:48 - 2014-06-04 17:17 - 00104448 _____ () C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2014-07-07 08:48 - 2014-06-04 17:17 - 00051200 _____ () C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2013-09-06 11:21 - 2013-09-06 11:21 - 32132608 _____ () C:\Program Files\Avid\Avid Media Composer\il.dll
2013-09-06 11:21 - 2013-09-06 11:21 - 04568064 _____ () C:\Program Files\Avid\Avid Media Composer\ilgpu.dll
2013-09-06 11:22 - 2013-09-06 11:22 - 00473600 _____ () C:\Program Files\Avid\Avid Media Composer\mt.dll
2013-09-06 11:21 - 2013-09-06 11:21 - 06370816 _____ () C:\Program Files\Avid\Avid Media Composer\ml.dll
2013-12-17 23:24 - 2013-12-17 23:24 - 22850560 _____ () C:\Program Files\Avid\Avid Media Composer\QtWebKit4.dll
2013-09-06 11:21 - 2013-09-06 11:21 - 03916800 _____ () C:\Program Files\Avid\Avid Media Composer\gk.dll
2013-12-18 02:27 - 2013-12-18 02:27 - 00325120 _____ () C:\Program Files\Avid\Avid Media Composer\turbojpeg.dll
2013-12-18 02:27 - 2013-12-18 02:27 - 00357376 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\AS11\MXF_SDK_MXFIO_AS11_1.3.29.dll
2013-12-18 02:27 - 2013-12-18 02:27 - 00025088 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\AS11\MXF_SDK_Metadata_AS11_1.3.29.dll
2013-12-17 23:32 - 2013-12-17 23:32 - 00346112 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\AS11\MOG_Framework_2.2.11.dll
2013-12-18 02:27 - 2013-12-18 02:27 - 03915776 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\AS11\mog_xqilla22.dll
2013-12-18 02:24 - 2013-12-18 02:24 - 00388608 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\AMPIPluginDSM.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 01726464 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\acpl_main.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 01835008 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\acpl_cpu.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 00754688 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\acpl_processing.acf
2013-12-18 02:23 - 2013-12-18 02:23 - 00457216 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\acpl_convert.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 01342976 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\AcplEffects.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 01133056 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\MCEffects.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 00146432 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\ACFString.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 00332288 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\Codecs\TSParser.acf
2013-09-26 01:36 - 2013-09-26 01:36 - 00881664 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\XDSDeck\MVP_SonyXDCAMEX.avx
2013-10-12 15:01 - 2013-10-12 15:01 - 00028160 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\XDSDeck\Sony_XDS.avx
2013-10-12 15:02 - 2013-10-12 15:02 - 01447936 _____ () C:\Program Files\Avid\AVX2_Plug-ins\AMA\XDSDeck\MVP_MSP_SonyXDCAM.dll
2013-12-18 02:24 - 2013-12-18 02:24 - 00027648 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\DynViewLoader.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 00064512 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\DynViewEngineQt4.avx
2013-12-18 02:24 - 2013-12-18 02:24 - 00142848 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\TE_Client.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 00056832 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\RestClient.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 00249344 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\Codecs\QTParser.acf
2013-12-18 02:24 - 2013-12-18 02:24 - 00102912 _____ () C:\Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\ByteBlock.avx
2013-07-05 04:03 - 2013-07-05 04:03 - 00442368 _____ () C:\Program Files\Avid\AVX2_Plug-ins\NewBlue\NewBlue Starter Pack for Windows\StarterPack64.avx
2013-08-13 10:00 - 2013-08-13 10:00 - 22734848 _____ () C:\Program Files\NewBlue\Titler Pro for Windows\StarterPackOpenGL64.dll
2013-08-13 10:08 - 2013-08-13 10:08 - 00403456 _____ () C:\Program Files\NewBlue\Titler Pro for Windows\Resources64.dll
2013-08-13 10:11 - 2013-08-13 10:11 - 00271872 _____ () C:\Program Files\NewBlue\Titler Pro for Windows\ManagerGL.dll
2013-09-01 12:10 - 2013-05-17 00:06 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-18 02:25 - 2013-12-18 02:25 - 00107520 _____ () C:\Program Files\Avid\Avid Media Composer\QuickTimeServer\AVX2_Plug-Ins\ACFString.avx
2013-12-18 02:25 - 2013-12-18 02:25 - 00091136 _____ () C:\Program Files\Avid\Avid Media Composer\QuickTimeServer\AVX2_Plug-Ins\ByteBlock.avx
2013-12-13 15:26 - 2013-12-13 15:26 - 04963840 _____ () C:\Program Files (x86)\QuickTime\QTComponents\AvidAVJ2Codec.qtx
2013-12-18 02:27 - 2013-12-18 02:27 - 01550336 _____ () C:\Program Files\Avid\Avid Media Composer\DSM\DigiExt.dll
2014-10-30 05:24 - 2014-10-30 05:24 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\DieSinnnwells\Lokale Einstellungen:lWcebLxyH4dyYsc7Z3wmrN1
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\CO_elefant.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\danieleAffen.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\__SCHNITT.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\__SCHNITTvv.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS16.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS17.avb:BINSTATE_RSRC
AlternateDataStreams: C:\Users\DieSinnnwells\AppData\Local:lWcebLxyH4dyYsc7Z3wmrN1
AlternateDataStreams: C:\Users\DieSinnnwells\AppData\Local\Anwendungsdaten:lWcebLxyH4dyYsc7Z3wmrN1
AlternateDataStreams: C:\Users\DieSinnnwells\AppData\Local\h4FUwrDK:Q7XyeUI637PNQWgnQxGGdIdqyf
AlternateDataStreams: C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\P1160684klein.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
========================= Accounts: ==========================
03265BBED06B4FEC8AB0 (S-1-5-21-3818593481-3971921926-4038305356-1010 - Limited - Enabled)
0F3F7295616E405FBD2D (S-1-5-21-3818593481-3971921926-4038305356-1011 - Limited - Enabled)
Administrator (S-1-5-21-3818593481-3971921926-4038305356-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3818593481-3971921926-4038305356-1012 - Limited - Enabled)
DieSinnnwells (S-1-5-21-3818593481-3971921926-4038305356-1002 - Administrator - Enabled) => C:\Users\DieSinnnwells
Gast (S-1-5-21-3818593481-3971921926-4038305356-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3818593481-3971921926-4038305356-1008 - Limited - Enabled)
Isolde (S-1-5-21-3818593481-3971921926-4038305356-1005 - Limited - Enabled) => C:\Users\Isolde
test (S-1-5-21-3818593481-3971921926-4038305356-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-3818593481-3971921926-4038305356-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2014 04:57:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 2.11.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fe8
Startzeit: 01cff77eba9d75e6
Endzeit: 4294967295
Anwendungspfad: C:\Users\DieSinnnwells\Desktop\FRST64.exe
Berichts-ID: 18629e52-6372-11e4-bead-54bef73a39df
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/03/2014 04:08:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.2.5413, Zeitstempel: 0x544ef530
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.2.5413, Zeitstempel: 0x544ed089
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x34b4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (11/03/2014 03:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.2.5413, Zeitstempel: 0x544ef530
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.2.5413, Zeitstempel: 0x544ed089
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xd50
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (11/03/2014 11:33:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215f6c5
Name des fehlerhaften Moduls: VfCredProv.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519ca83b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000031a8
ID des fehlerhaften Prozesses: 0x10e4
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5
Error: (11/03/2014 00:03:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SinnwellNOTE)
Description: Bei der Aktivierung der App „C59AD0AF.LenovoCloudStorageBySugarSync_m3tnjedffpfhj!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/02/2014 11:52:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SinnwellNOTE)
Description: Bei der Aktivierung der App „C59AD0AF.LenovoCloudStorageBySugarSync_m3tnjedffpfhj!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/02/2014 11:48:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SinnwellNOTE)
Description: Bei der Aktivierung der App „C59AD0AF.LenovoCloudStorageBySugarSync_m3tnjedffpfhj!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/02/2014 11:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215f6c5
Name des fehlerhaften Moduls: uiautomationcore.dll, Version: 7.2.9600.16421, Zeitstempel: 0x524fd431
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000031c3
ID des fehlerhaften Prozesses: 0x504
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5
Error: (11/02/2014 11:15:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SinnwellNOTE)
Description: Bei der Aktivierung der App „C59AD0AF.LenovoCloudStorageBySugarSync_m3tnjedffpfhj!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/02/2014 11:07:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SinnwellNOTE)
Description: Bei der Aktivierung der App „C59AD0AF.LenovoCloudStorageBySugarSync_m3tnjedffpfhj!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (11/03/2014 03:01:52 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/03/2014 00:04:50 AM) (Source: DCOM) (EventID: 10010) (User: SinnwellNOTE)
Description: {0006F03A-0000-0000-C000-000000000046}
Error: (11/03/2014 00:03:29 AM) (Source: DCOM) (EventID: 10010) (User: SinnwellNOTE)
Description: App.AppXcyvfcwcmvt407c68e8nh5pzxzx8k1vds.mca
Error: (11/03/2014 00:02:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (11/03/2014 00:01:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/03/2014 00:01:46 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/03/2014 00:01:34 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (11/03/2014 00:01:19 AM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts.
Error: (11/03/2014 00:01:19 AM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird.
Error: (11/03/2014 00:00:46 AM) (Source: DCOM) (EventID: 10005) (User: SinnwellNOTE)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (09/04/2014 04:59:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33962 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (12/15/2013 03:29:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3795 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/30/2013 10:24:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 282641 seconds with 3900 seconds of active time. This session ended with a crash.
Error: (10/27/2013 03:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1073 seconds with 120 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8104.27 MB
Available physical RAM: 3274.77 MB
Total Pagefile: 14371.83 MB
Available Pagefile: 3603.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:891.22 GB) (Free:493.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.73 GB) NTFS
Drive e: (TR_Raid 38) (Fixed) (Total:1862.96 GB) (Free:681.85 GB) exFAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 719A11C5)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: F4EFAB92)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.11.2014, 10:21
| #10 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2014, 10:24
| #11 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter? dummerweise hatte ich schon Malwarebytes vor einiger Zeit installiert, da ist jetzt die testversion abgelaufen...und nun? danke!! lg arsi |
|
04.11.2014, 20:31
| #12 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter? Ja und? Läuft doch als Freeware weiter. Einfach updaten und scannen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.11.2014, 00:31
| #13 |
| | Diverse Viren auf Win8 Rechner - wie gehts weiter?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.11.2014 Suchlauf-Zeit: 23:16:09 Logdatei: mwb_suchlauf_prot.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.04.07 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: DieSinnnwells Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 432739 Verstrichene Zeit: 21 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.Snapdo.T, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [1a8172c4720a71c5c72049a158aa4fb1], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [1a8172c4720a71c5c72049a158aa4fb1], PUP.Optional.QuickShare.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Löschen bei Neustart, [9902e452fa82e3532ad3f6f0de24c43c], PUP.Optional.QuickShare.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Löschen bei Neustart, [9902e452fa82e3532ad3f6f0de24c43c], PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Löschen bei Neustart, [603bb2846b114fe7c7b60f8d13f119e7], Registrierungswerte: 5 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [4d4e81b5fe7eaf87ca32e94af50efc04] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [47546fc7c8b468cec53746ed1be87987] PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, In Quarantäne, [1c7fdc5ac0bcdf576be09891bd467d83] PUP.Optional.Snapdo.T, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [801bf93da5d72610594fcb72f90a0000] PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Löschen bei Neustart, [603bb2846b114fe7c7b60f8d13f119e7] Registrierungsdaten: 6 PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipanw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipanw,,&q={searchTerms}),Ersetzt,[9506d0664b316ec8211771bec0457e82] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}),Löschen bei Neustart,[4655cd695626e254b18a0b24a16451af] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}),Löschen bei Neustart,[86154aec037969cd9d9d80afeb1a1be5] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}),Löschen bei Neustart,[02993105126a3402003dfc3326dff40c] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}),Löschen bei Neustart,[f2a9df572d4f7eb8a89617187c89649c] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3818593481-3971921926-4038305356-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q={searchTerms}),Löschen bei Neustart,[910ab680592358de6acf75baff063fc1] Ordner: 2 PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\x64, In Quarantäne, [2477d264ee8ead896127a46f976c8878], Dateien: 16 PUP.Optional.Graftor, C:\Program Files (x86)\ver3Re-Markable\181.dll, In Quarantäne, [108bc373f9834ee88565b1a6bf4126da], PUP.Optional.Graftor, C:\Program Files (x86)\ver3Re-Markable\181_x64.dll, In Quarantäne, [e4b741f54537cc6a5c8e9eb90df3a858], PUP.Optional.Graftor, C:\Program Files (x86)\ver3Re-Markable\Uninstall.exe, In Quarantäne, [732838fe601c171f0fdb9fb8738df30d], PUP.Optional.ShopHelper, C:\Users\DieSinnnwells\AppData\Local\Temp\SHelp2.exe, In Quarantäne, [6b30b97dbfbdeb4b2668594bdf23da26], PUP.Optional.WebSearch.A, C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\searchplugins\Web Search.xml, In Quarantäne, [d0cbbe7825570036b36ace8d3dc6cb35], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\181.xpi, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\a.db, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\b.db, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\Q6ER181.bin, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\q8Re-Markablek02.dll, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\Sqlite3.dll, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\x64\TandemRunner.exe, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\x64\WdfCoInstaller01009.dll, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\x64\webinstr.inf, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\ver3Re-Markable\x64\webinstrNew.sys, In Quarantäne, [2477d264ee8ead896127a46f976c8878], PUP.Optional.SnapDo.A, C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5fOZfN0BxybFzRxFN69gqkfkseu7I--VeOQm3PwqKPmfuZsGSaHm0hQCRu2bfjUmWxq54Zf0zD-z3wKHJlpDjLRER0NOv54_6VYNYZTo3-V8ZtkxvNfROs2TEbq_108NctkKtQZLc1tPoPipamA,,&q=");), Ersetzt,[e6b59e98166685b1125a0866d92c847c] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 05/11/2014 um 00:20:52
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : DieSinnnwells - SINNWELLNOTE
# Gestartet von : C:\Users\DieSinnnwells\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Updater
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\STool
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 de)
[ Datei : C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
*************************
AdwCleaner[R0].txt - [10644 octets] - [08/09/2014 11:09:45]
AdwCleaner[R1].txt - [10432 octets] - [08/09/2014 11:35:50]
AdwCleaner[R2].txt - [1158 octets] - [11/09/2014 09:09:17]
AdwCleaner[R3].txt - [2594 octets] - [05/11/2014 00:17:32]
AdwCleaner[S0].txt - [7637 octets] - [08/09/2014 11:36:37]
AdwCleaner[S1].txt - [1172 octets] - [11/09/2014 09:09:59]
AdwCleaner[S2].txt - [2289 octets] - [05/11/2014 00:20:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2349 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8.1 x64
Ran by DieSinnnwells on 05.11.2014 at 0:25:28,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Emptied folder: C:\Users\DieSinnnwells\AppData\Roaming\mozilla\firefox\profiles\tdaqq3v8.default\minidumps [18 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.11.2014 at 0:27:20,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by DieSinnnwells (administrator) on SINNWELLNOTE on 05-11-2014 00:27:58
Running from C:\Users\DieSinnnwells\Desktop
Loaded Profile: DieSinnnwells (Available profiles: UpdatusUser & DieSinnnwells & Isolde)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(1&1 Mail & Media GmbH) C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Avid Media Composer\AvidBackgroundServicesManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Thisisu) C:\Users\DieSinnnwells\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Run: [Amazon Cloud Player] => C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Run: [GMX Application {sync-000021}] => C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [792064 2014-06-04] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Background Services Manager.lnk
ShortcutTarget: Avid Background Services Manager.lnk -> C:\Windows\Installer\{0427308A-76E7-4D9C-BAA2-0156215CB191}\EditorSvcMgr.CC044E7F_6970_4832_89FC_E9116CEDE7D4.exe (Flexera Software LLC)
Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140707094833656.dll (1&1 Mail & Media GmbH)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:28257
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3818593481-3971921926-4038305356-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CD4D22C8-F6CD-46CD-9432-456CB4AA5085} URL = hxxp://url24.info/?id=4412f9766a2094&q={searchTerms}
SearchScopes: HKLM - {E3D32510-4D0D-4B4A-BE19-108A12DB42AD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E3D32510-4D0D-4B4A-BE19-108A12DB42AD} URL =
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\Extensions\abs@avira.com [2014-10-01]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-25] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)
S3 Avid DMF Service; C:\Program Files\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe [661832 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Broker; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe [662344 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Db Engine; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe [661832 2013-08-28] (Avid Technology, Inc.)
S3 Avid Editor Transcode Service; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe [662344 2013-08-28] (Avid Technology, Inc.)
R2 Avid Editor Transcode Status; C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe [297800 2013-08-28] (Avid Technology, Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-06-04] (Intel Corporation)
R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-09-01] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-04] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [100184 2013-04-09] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1064704 2013-05-31] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 00:27 - 2014-11-05 00:27 - 00000817 _____ () C:\Users\DieSinnnwells\Desktop\JRT.txt
2014-11-05 00:25 - 2014-11-05 00:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-05 00:24 - 2014-11-05 00:24 - 00002437 _____ () C:\Users\DieSinnnwells\Desktop\AdwCleaner[S2].txt
2014-11-05 00:16 - 2014-11-05 00:16 - 01706359 _____ (Thisisu) C:\Users\DieSinnnwells\Desktop\JRT.exe
2014-11-05 00:11 - 2014-11-05 00:11 - 00010428 _____ () C:\Users\DieSinnnwells\Desktop\mbam.txt
2014-11-04 23:15 - 2014-11-05 00:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 23:15 - 2014-11-04 23:15 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-04 23:15 - 2014-11-04 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-04 23:15 - 2014-11-04 23:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-04 23:15 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-04 23:15 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-04 23:15 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-04 23:14 - 2014-11-04 23:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\DieSinnnwells\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-04 16:44 - 2014-11-04 16:45 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-3f5ea8
2014-11-04 12:14 - 2014-11-04 12:17 - 576152221 _____ () C:\Users\DieSinnnwells\Downloads\BBK_storm_map_audio.zip
2014-11-04 09:20 - 2014-11-04 16:41 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-5763e6
2014-11-03 19:47 - 2014-11-03 19:57 - 1788675934 _____ () C:\Users\DieSinnnwells\Downloads\BBK_storm_causes_audio2.zip
2014-11-03 17:12 - 2014-11-03 17:12 - 541852636 _____ () C:\Users\DieSinnnwells\Downloads\BBK_storm_damage_audio.zip
2014-11-03 16:58 - 2014-11-03 16:59 - 00042266 _____ () C:\Users\DieSinnnwells\Desktop\Addition.txt
2014-11-03 16:56 - 2014-11-05 00:27 - 00024599 _____ () C:\Users\DieSinnnwells\Desktop\FRST.txt
2014-11-03 16:56 - 2014-11-05 00:27 - 00000000 ____D () C:\FRST
2014-11-03 16:55 - 2014-11-03 16:55 - 02114560 _____ (Farbar) C:\Users\DieSinnnwells\Desktop\FRST64.exe
2014-11-03 15:55 - 2014-11-03 15:56 - 138350742 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-5763e6.zip
2014-11-03 15:31 - 2014-11-03 15:31 - 12450392 _____ () C:\Users\DieSinnnwells\Desktop\Fliegendes_Dach.tif
2014-11-03 13:48 - 2014-11-03 13:48 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-25fc31
2014-11-03 12:02 - 2014-11-03 12:02 - 00024691 _____ () C:\Users\DieSinnnwells\Desktop\CO_elefant.avb
2014-11-03 00:13 - 2014-11-03 00:13 - 19960546 _____ () C:\Users\DieSinnnwells\Downloads\0111_Stuerme.wav
2014-11-03 00:12 - 2014-11-03 00:13 - 159978268 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-25fc31.zip
2014-11-02 16:28 - 2014-11-02 23:53 - 00000000 ____D () C:\Users\DieSinnnwells\Desktop\Franzi
2014-10-31 14:13 - 2014-10-31 15:18 - 2278835888 _____ () C:\Users\DieSinnnwells\Downloads\Sturmbilder_ANC-NEWS_mpeg.mpg
2014-10-31 14:12 - 2014-10-31 14:12 - 00022307 _____ () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\www.htm
2014-10-31 14:12 - 2014-10-31 14:12 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\www-Dateien
2014-10-31 09:50 - 2014-11-05 00:20 - 00001106 _____ () C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-30 05:24 - 2014-10-30 05:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 09:23 - 2014-10-28 09:25 - 363041990 _____ () C:\Users\DieSinnnwells\Downloads\wetransfer-3f5ea8.zip
2014-10-21 09:35 - 2014-10-21 09:35 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 09:35 - 2014-10-21 09:35 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 09:35 - 2014-10-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 09:35 - 2014-10-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 08:52 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 08:51 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 08:51 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 08:51 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 08:51 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 08:51 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 08:51 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 08:51 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 08:51 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 08:51 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 08:51 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 08:51 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 08:51 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 08:51 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 08:51 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 08:51 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 08:51 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 08:51 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-17 08:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 08:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 08:50 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 08:50 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 08:50 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-17 08:50 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-17 08:50 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-17 08:49 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 08:49 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 08:49 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 08:49 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 08:49 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 08:49 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 08:49 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 08:49 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 08:49 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 08:49 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 08:49 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 08:49 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 08:49 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 08:49 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 08:49 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 08:49 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 08:49 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 08:49 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 08:49 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 08:49 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 08:49 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 08:49 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 08:49 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 08:49 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 08:49 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 08:49 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 08:49 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 08:49 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 08:49 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 08:49 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 08:49 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 08:49 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 08:49 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-17 08:49 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-17 08:49 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-17 08:49 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-17 08:49 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-17 08:49 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-17 08:49 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-17 08:49 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-17 08:49 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-17 08:49 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-17 08:49 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-17 08:49 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-17 08:49 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-17 08:49 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-17 08:49 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-17 08:49 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-17 08:49 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-17 08:49 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-17 08:49 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-17 08:49 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:49 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-17 08:49 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-17 08:49 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-17 08:49 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 08:49 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-17 08:49 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-17 08:49 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-17 08:49 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-17 08:49 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-17 08:49 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-17 08:49 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 08:49 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-17 08:49 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-16 09:35 - 2014-10-16 09:35 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\Intel_Corporation
2014-10-15 14:35 - 2014-10-15 14:36 - 00580949 _____ () C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS16.avb
2014-10-15 14:34 - 2014-10-15 14:35 - 00362856 _____ () C:\Users\DieSinnnwells\Desktop\__SCHNITT_TIP_017_Elef_DanieleAS17.avb
2014-10-10 21:57 - 2014-10-10 21:58 - 00000000 ____D () C:\liste
2014-10-09 22:50 - 2014-10-09 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-09 22:50 - 2014-10-09 22:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-09 22:39 - 2014-10-09 22:39 - 41273314 _____ () C:\Users\DieSinnnwells\Downloads\04_Anim_Map_Gewitter_v02.mov
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 00:25 - 2014-01-02 20:10 - 00000000 ____D () C:\BACKUP DESK D
2014-11-05 00:25 - 2014-01-02 20:07 - 00000000 ____D () C:\BACKUP DESK C
2014-11-05 00:21 - 2014-09-08 11:38 - 00033186 _____ () C:\WINDOWS\PFRO.log
2014-11-05 00:21 - 2013-09-01 12:30 - 00016896 _____ () C:\WINDOWS\system32\VfService.trf
2014-11-05 00:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-05 00:20 - 2014-09-08 11:09 - 00000000 ____D () C:\AdwCleaner
2014-11-05 00:17 - 2013-11-05 15:04 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-05 00:13 - 2013-10-23 20:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3818593481-3971921926-4038305356-1002
2014-11-05 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-11-05 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-04 21:28 - 2013-12-25 11:43 - 01592200 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-04 16:44 - 2013-10-31 22:21 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\vlc
2014-11-04 14:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-04 02:28 - 2014-07-03 11:24 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Avid Projects
2014-11-03 15:52 - 2013-10-23 20:48 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Adobe
2014-11-03 15:39 - 2013-11-18 20:42 - 01376256 ___SH () C:\Users\DieSinnnwells\Desktop\Thumbs.db
2014-11-03 14:44 - 2013-10-24 12:05 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Nitro PDF
2014-11-03 14:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-03 12:20 - 2013-11-14 08:27 - 01807578 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-03 12:20 - 2013-11-14 08:11 - 00776626 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-03 12:20 - 2013-11-14 08:11 - 00164310 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-03 00:07 - 2014-09-27 20:27 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-11-02 23:50 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 23:43 - 2013-10-31 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 23:12 - 2014-09-04 21:14 - 00006555 _____ () C:\WINDOWS\setupact.log
2014-11-02 15:49 - 2013-11-05 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-31 11:15 - 2014-02-12 15:18 - 00505344 ___SH () C:\Users\DieSinnnwells\Downloads\Thumbs.db
2014-10-31 09:53 - 2014-09-04 19:49 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction
2014-10-28 18:11 - 2014-09-28 21:24 - 00000000 ____D () C:\Users\DieSinnnwells\Downloads\wetransfer-dcca13
2014-10-26 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-21 19:10 - 2013-10-24 13:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-21 10:28 - 2013-10-24 13:17 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-21 09:35 - 2014-07-17 08:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 09:32 - 2014-06-27 14:00 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Local\Adobe
2014-10-21 09:32 - 2013-11-05 15:04 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-21 09:32 - 2013-09-01 12:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-20 20:38 - 2014-07-03 11:24 - 00000000 ____D () C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Angebote
2014-10-20 09:53 - 2014-09-13 20:43 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-20 09:53 - 2013-12-03 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-20 09:53 - 2013-09-01 12:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 09:52 - 2013-12-03 09:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-20 09:45 - 2013-08-22 15:44 - 00499368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-17 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-17 09:22 - 2013-10-24 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 09:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 08:21 - 2014-03-04 12:35 - 00000008 _____ () C:\Avid Editor Transcode
2014-10-14 14:57 - 2013-12-03 09:14 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-14 14:57 - 2013-12-03 09:14 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-14 14:57 - 2013-12-03 09:14 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-09 22:50 - 2013-10-31 22:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-08 09:29 - 2013-10-24 20:26 - 00001107 _____ () C:\Users\DieSinnnwells\Desktop\Dropbox.lnk
2014-10-08 09:29 - 2013-10-24 20:23 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-08 09:27 - 2013-10-24 20:21 - 00000000 ____D () C:\Users\DieSinnnwells\AppData\Roaming\Dropbox
Some content of TEMP:
====================
C:\Users\DieSinnnwells\AppData\Local\Temp\8B1C3E58-848C-5705-E124-93F12638266F.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\8B1C3E58-848C-5705-E124-93F12638266F.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\avgnt.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnnei4.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\post2.dll
C:\Users\DieSinnnwells\AppData\Local\Temp\post2.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\Quarantine.exe
C:\Users\DieSinnnwells\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-22 14:09
==================== End Of Log ============================
[/CODE] |
|
05.11.2014, 17:47
| #14 |
| /// the machine /// TB-Ausbilder | Diverse Viren auf Win8 Rechner - wie gehts weiter?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
