|
Log-Analyse und Auswertung: Win 8: RegClean Pro entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.10.2014, 16:34 | #1 |
| Win 8: RegClean Pro entfernen Hallo, Gestern abend habe ich mir den RegClean Pro eingefangen. Ich bin euren Anweisungen unter http://www.trojaner-board.de/147348-...entfernen.html gefolgt. Zunächst habe ich das Programm über die Systemsteuerung deinstalliert, was auch problemlos klappte, dann habe ich Malwarebytes Anti-Malware, AdwCleaner, Junkware Removal Tool , Shortcut Cleaner und Eset Online Cleaner drüberlaufen lassen. Jedesmal wurde was gefunden, was ich dann auch gelöscht habe. Die Funde des ESET Online Cleaner habe ich noch nicht gelöscht, weil ja dranstand, man solle erst hier posten... Nun meine Frage: Wie soll ich weiter vorgehen? Anbei noch meine Logs von eset und malwarebytes. Falls Ihr noch mehr Infos braucht, sagt einfach Bescheid Vielen Dank schon mal!! Eset: ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e15054234d057c438fedefd9695bf9eb # engine=20831 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-29 01:57:30 # local_time=2014-10-29 02:57:30 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 1048799 179011540 0 0 # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3595 16777213 100 91 14443619 177187635 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 14569282 39472343 0 0 # scanned=190533 # found=12 # cleaned=0 # scan_time=7685 sh=3D1311CED36B791F402F4D21AD2866E461CACEF9 ft=1 fh=26d539753659d1be vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1115212536-1596043669-174481391-1001\$R5J1LBZ.exe" sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Edith\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir" sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\31023375.Uninstall\uninstaller.exe" sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\31120812.Uninstall\uninstaller.exe" sh=F9C696C25F4300A7C55E017A95B16735FDAE1F69 ft=1 fh=184e2d2ecb738619 vn="a variant of Win64/BrowseFox.Z potentially unwanted application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\is1242154493\30054218_stp\webget_setup.exe" sh=49B96C173BACD6C0772CD8117953DD7895C65C14 ft=1 fh=254030edafc94031 vn="a variant of Win32/Adware.SpeedingUpMyPC.T.gen application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\is1242154493\30054346_stp\OptimizerPro_600.exe" sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\is1242154493\30054425_stp\uninstaller.exe" sh=A75689B482CE69498C64E0D03F3BA0161A1B8589 ft=1 fh=7ceab3139bdab47f vn="Win32/Systweak.D potentially unwanted application" ac=I fn="C:\Users\Edith\AppData\Local\Temp\is386526232\5FCDD45B_stp\rcpsetup_adppi15_adppi15.exe" sh=36A3E802C2D6A6A0492834A64C0EFCA8B9B2CD6A ft=1 fh=64517fd454c16203 vn="a variant of Win32/InstallCore.RA potentially unwanted application" ac=I fn="C:\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe" sh=CE4E9967E2D0F5481D8D1D1E920F7016730931C8 ft=1 fh=883f88b87bca668a vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="C:\Users\Edith\Downloads\Rainlendar Lite 32 Bit - CHIP-Installer.exe" sh=99494F1A58D941E623698D5ED4E3D3CB73D6FD88 ft=1 fh=f97cef5fd46b6798 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e15054234d057c438fedefd9695bf9eb # engine=20834 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-29 03:19:55 # local_time=2014-10-29 04:19:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 1053744 179016485 0 0 # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3595 16777213 100 91 14448564 177192580 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 14574227 39477288 0 0 # scanned=3408 # found=3 # cleaned=0 # scan_time=994 sh=3D1311CED36B791F402F4D21AD2866E461CACEF9 ft=1 fh=26d539753659d1be vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1115212536-1596043669-174481391-1001\$R5J1LBZ.exe" sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Edith\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir" Malwarebytes: Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322332 Verstrichene Zeit: 31 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 4 PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [f81e0f0b691355e170389f984eb53dc3], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1115212536-1596043669-174481391-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [95811a00e19b1422e1ecb4a83ec527d9], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1115212536-1596043669-174481391-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [c65067b30676aa8c9d751c578c78837d], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1115212536-1596043669-174481391-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [1600879367159e98dec971c627dc7d83], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1115212536-1596043669-174481391-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, In Quarantäne, [c65067b30676aa8c9d751c578c78837d] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [e1358c8ecfadf64000fe3bf4996aa55b], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
29.10.2014, 16:41 | #2 |
/// TB-Ausbilder | Win 8: RegClean Pro entfernenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Alle Logdateien von MBAM, AdwCleaner & JRT bitte posten !!! Wir starten mit FRST: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
29.10.2014, 17:48 | #3 |
| log-Dateien FRST Hallo Matthias,
__________________vielen Dank für Deine schnelle Antwort&Hilfe! Hier nun zunächst die FRST-logs, um die logs von MBAM, AdwCleaner & JRT kümmere ich mich gleich. FRST-Editor: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01 Ran by Edith (administrator) on EDITH-PC on 29-10-2014 17:22:58 Running from C:\Users\Edith\Desktop Loaded Profile: Edith (Available profiles: Edith) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe () C:\Program Files (x86)\Opera\25.0.1614.63\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [651672 2012-07-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1115212536-1596043669-174481391-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung) HKU\S-1-5-21-1115212536-1596043669-174481391-1001\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe --windows_startup HKU\S-1-5-21-1115212536-1596043669-174481391-1001\...\MountPoints2: {533b1eba-5027-11e2-be87-84a6c802a0cf} - "E:\WD SmartWare.exe" autoplay=true Startup: C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainlendar2.lnk ShortcutTarget: Rainlendar2.lnk -> C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl SearchScopes: HKLM - {E5025558-631F-4A96-AACB-5490A73AE742} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAFSJS SearchScopes: HKCU - {E5025558-631F-4A96-AACB-5490A73AE742} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-10-29] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-27] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-11] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-20] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed] R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [80752 2012-07-18] (FUJITSU LIMITED) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed] S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-20] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-20] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-20] () R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-27] (Symantec Corporation) R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [20848 2012-08-01] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [15696 2013-08-12] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [21200 2013-08-12] (FUJITSU LIMITED) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130222.001\IDSvia64.sys [513184 2012-12-26] (Symantec Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130225.004\ENG64.SYS [126192 2013-01-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130225.004\EX64.SYS [2087664 2013-01-16] (Symantec Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1812760 2013-08-12] (Sonix Co. Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 17:22 - 2014-10-29 17:23 - 00019628 _____ () C:\Users\Edith\Desktop\FRST.txt 2014-10-29 17:22 - 2014-10-29 17:23 - 00000000 ____D () C:\FRST 2014-10-29 17:21 - 2014-10-29 17:21 - 02113536 _____ (Farbar) C:\Users\Edith\Desktop\FRST64.exe 2014-10-29 16:29 - 2014-10-29 16:29 - 00002117 _____ () C:\Users\Edith\Desktop\malware.txt 2014-10-29 12:43 - 2014-10-29 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-29 12:42 - 2014-10-29 12:42 - 02347384 _____ (ESET) C:\Users\Edith\Downloads\esetsmartinstaller_enu.exe 2014-10-29 12:39 - 2014-10-29 12:40 - 00001746 _____ () C:\sc-cleaner.txt 2014-10-29 12:39 - 2014-10-29 12:39 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Edith\Downloads\sc-cleaner.exe 2014-10-29 01:00 - 2014-10-29 01:00 - 00000820 _____ () C:\Users\Edith\Desktop\JRT.txt 2014-10-29 00:54 - 2014-10-29 00:54 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-29 00:52 - 2014-10-29 00:52 - 01706144 _____ (Thisisu) C:\Users\Edith\Downloads\JRT.exe 2014-10-29 00:37 - 2014-10-29 00:47 - 00000000 ____D () C:\AdwCleaner 2014-10-29 00:36 - 2014-10-29 00:36 - 01998336 _____ () C:\Users\Edith\Downloads\AdwCleaner_4.002.exe 2014-10-28 23:28 - 2014-10-28 23:28 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server 2014-10-28 23:26 - 2014-10-28 23:26 - 02088658 _____ (FileZilla Project) C:\Users\Edith\Downloads\FileZilla_Server-0_9_47 [1].exe 2014-10-28 23:24 - 2014-10-28 23:24 - 00791896 _____ ( ) C:\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe 2014-10-28 23:07 - 2014-10-28 23:07 - 00003690 _____ () C:\Users\Edith\Desktop\wp-config-sample.php.txt 2014-10-28 23:07 - 2014-10-28 23:07 - 00000000 ____D () C:\Users\Edith\Downloads\wordpress-4.0-de_DE 2014-10-28 18:42 - 2014-10-28 18:42 - 07022106 _____ () C:\Users\Edith\Downloads\wordpress-4.0-de_DE.zip 2014-10-28 13:52 - 2014-10-28 13:52 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2014-10-28 13:52 - 2013-07-05 04:01 - 00290008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys 2014-10-28 13:51 - 2014-10-28 13:51 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp 2014-10-28 13:50 - 2014-10-28 13:52 - 00002446 _____ () C:\RHDSetup.log 2014-10-28 13:50 - 2012-08-27 07:04 - 04120464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2014-10-28 13:50 - 2012-08-23 10:09 - 00334357 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2014-10-28 13:50 - 2012-08-23 09:58 - 06161408 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2014-10-28 13:50 - 2012-08-23 06:51 - 03643024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll 2014-10-28 13:50 - 2012-08-21 07:51 - 00881808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2014-10-28 13:50 - 2012-08-20 11:25 - 02743440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2014-10-28 13:50 - 2012-08-16 04:27 - 00109712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2014-10-28 13:50 - 2012-08-13 11:06 - 01561744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2014-10-28 13:50 - 2012-08-10 12:31 - 00770688 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2014-10-28 13:50 - 2012-08-10 08:57 - 01264272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2014-10-28 13:48 - 2014-10-28 13:48 - 00000000 ____D () C:\Users\Edith\Intel 2014-10-22 15:26 - 2014-10-22 15:28 - 00021720 _____ () C:\Users\Edith\Desktop\Soßen.odt 2014-10-21 16:49 - 2014-10-21 16:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-10-21 16:49 - 2014-10-21 16:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-10-21 16:49 - 2014-10-21 16:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-10-21 16:49 - 2014-10-21 16:49 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-10-21 16:49 - 2014-10-21 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-21 16:49 - 2014-10-21 16:49 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-20 18:04 - 2014-10-20 18:04 - 00028309 _____ () C:\Users\Edith\Downloads\Anschreiben hospitanz robert bosch.odt 2014-10-17 11:40 - 2014-09-29 23:45 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-10-17 11:40 - 2014-09-29 23:45 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 10:57 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-10-16 10:57 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-10-16 10:57 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-10-16 10:57 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-10-16 10:56 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-10-16 10:56 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-10-16 10:55 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-10-16 10:55 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-10-16 10:55 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-10-16 10:55 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-10-16 10:55 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-10-16 10:55 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-10-16 10:55 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-10-16 10:55 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-10-16 10:55 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-10-16 10:55 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-10-16 10:55 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-10-16 10:55 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-10-16 10:55 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-10-16 10:55 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-10-16 10:55 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-10-16 10:55 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-10-16 10:55 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-10-16 10:55 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-10-16 10:55 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-10-16 10:55 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-10-16 10:55 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-10-16 10:55 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-10-16 10:55 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-10-16 10:55 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-10-16 10:55 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-10-16 10:55 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-10-16 10:55 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-10-16 10:55 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-10-16 10:54 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-10-16 10:54 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-10-16 10:54 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-10-16 10:54 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-10-16 10:54 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-10-16 10:54 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-10-16 10:54 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-10-16 10:54 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-10-16 10:54 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-10-16 10:54 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-10-16 10:54 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-10-16 10:54 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-10-16 10:54 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-10-16 10:54 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-10-16 10:53 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2014-10-16 10:53 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2014-10-16 10:53 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-10-16 10:53 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-10-16 10:53 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2014-10-16 10:53 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-10-16 10:53 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-10-16 10:53 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-10-16 10:53 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-10-16 10:53 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-10-16 10:53 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-10-16 10:53 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-10-16 10:53 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-10-16 10:53 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-10-16 10:53 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-10-16 10:53 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-10-16 10:53 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-10-16 10:53 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2014-10-16 10:53 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-10-16 10:53 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2014-10-16 10:53 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll 2014-10-16 10:53 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-10-16 10:53 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2014-10-16 10:53 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2014-10-16 10:53 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2014-10-16 10:53 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll 2014-10-16 10:53 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-10-16 10:53 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-10-16 10:53 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-10-16 10:53 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-10-16 10:53 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-10-16 10:53 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-10-16 10:53 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-10-16 10:53 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-10-16 10:53 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-10-16 10:53 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-10-16 10:53 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-10-16 10:53 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-10-16 10:53 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-10-16 10:52 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-16 10:52 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-16 10:52 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-10-16 10:51 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-10-16 10:51 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-10-16 10:51 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-10-16 10:51 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-10-16 10:51 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-10-11 18:49 - 2014-10-11 18:49 - 00335675 _____ () C:\Users\Edith\AppData\Local\recently-used.xbel 2014-10-07 20:29 - 2014-10-28 23:40 - 00001214 _____ () C:\WINDOWS\setupact.log 2014-10-07 20:29 - 2014-10-07 20:29 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-10-01 13:07 - 2014-10-01 23:34 - 00012864 _____ () C:\Users\Edith\Desktop\Textbausteine.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-10-29 16:37 - 2014-03-27 20:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-29 16:25 - 2014-06-29 21:02 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 13:56 - 2014-05-05 00:52 - 01300874 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-29 12:40 - 2014-05-05 10:28 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A37EC953-6B92-4A72-87C1-C6B8109DA225} 2014-10-29 12:37 - 2014-07-27 17:38 - 00000000 ____D () C:\Users\Edith\.rainlendar2 2014-10-29 12:37 - 2012-12-27 12:12 - 00000000 ____D () C:\Users\Edith\Documents\Youcam 2014-10-29 01:04 - 2012-12-27 12:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1115212536-1596043669-174481391-1001 2014-10-29 00:50 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-29 00:50 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-10-29 00:50 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-10-29 00:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-29 00:44 - 2014-06-29 21:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 00:44 - 2014-03-18 02:50 - 00025138 _____ () C:\WINDOWS\PFRO.log 2014-10-29 00:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-10-28 23:48 - 2014-03-23 20:25 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-28 23:40 - 2012-08-28 13:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Fujitsu 2014-10-28 23:40 - 2012-08-28 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-28 15:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-10-28 14:56 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-10-28 13:52 - 2012-11-06 13:29 - 00000000 ___HD () C:\Program Files (x86)\Temp 2014-10-28 13:52 - 2012-08-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-10-28 13:51 - 2014-05-05 00:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-10-28 13:49 - 2012-08-28 13:12 - 00000000 ____D () C:\ProgramData\Intel 2014-10-28 13:49 - 2012-08-28 13:12 - 00000000 ____D () C:\Program Files\Intel 2014-10-28 13:48 - 2014-05-05 00:37 - 00000000 ____D () C:\Users\Edith 2014-10-27 18:54 - 2013-01-03 22:46 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Nitro PDF 2014-10-27 14:33 - 2014-06-20 14:11 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1395949166 2014-10-27 14:33 - 2014-03-27 20:39 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-10-27 14:33 - 2014-03-27 20:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-10-25 18:47 - 2013-06-12 18:06 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Winamp 2014-10-23 20:06 - 2012-12-27 18:11 - 00000000 ____D () C:\Users\Edith\Edith 2014-10-23 19:38 - 2013-07-19 14:53 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-23 19:32 - 2012-12-28 14:52 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-21 16:50 - 2014-03-28 19:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-21 13:43 - 2014-06-25 14:06 - 00000000 ____D () C:\Users\Edith\AppData\Local\Adobe 2014-10-21 13:41 - 2014-03-27 20:56 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-10-20 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-10-18 12:23 - 2013-08-22 15:44 - 00508280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-17 12:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-10-16 21:43 - 2014-07-11 12:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-10-16 21:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-10-16 21:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-10-16 21:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-10-16 21:42 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-10-16 21:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-10-15 20:30 - 2013-02-07 21:59 - 00000000 ____D () C:\Users\Edith\AppData\Local\CrashDumps 2014-10-14 20:45 - 2013-02-14 20:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-13 12:23 - 2014-04-22 15:41 - 00000000 ____D () C:\Users\Edith\.rssowl2 2014-10-12 19:03 - 2014-09-23 18:59 - 00000000 ___RD () C:\Users\Edith\Dropbox 2014-10-12 17:07 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Dropbox 2014-10-11 18:50 - 2014-03-23 14:46 - 00000000 ____D () C:\Users\Edith\.gimp-2.8 2014-10-11 18:44 - 2014-03-23 16:04 - 00000000 ____D () C:\Users\Edith\AppData\Local\gtk-2.0 2014-10-04 18:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-10-04 11:46 - 2012-12-31 14:30 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-10-04 11:46 - 2012-08-28 13:34 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-10-01 11:11 - 2014-06-29 21:01 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-10-01 11:11 - 2014-06-29 21:01 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-10-01 11:11 - 2014-03-23 20:24 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys Files to move or delete: ==================== C:\Users\Edith\setup.exe Some content of TEMP: ==================== C:\Users\Edith\AppData\Local\Temp\BackupSetup.exe C:\Users\Edith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq_pprr.dll C:\Users\Edith\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Edith\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Edith\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Edith\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Edith\AppData\Local\Temp\Quarantine.exe C:\Users\Edith\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Edith\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Edith\AppData\Local\Temp\SkypeSetup.exe C:\Users\Edith\AppData\Local\Temp\sqlite3.dll C:\Users\Edith\AppData\Local\Temp\tmd_34013174.exe C:\Users\Edith\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 01:04 ==================== End Of Log ============================ --- --- --- --- --- --- FRST-Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01 Ran by Edith at 2014-10-29 17:24:50 Running from C:\Users\Edith\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4410.02 - CyberLink Corp.) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2931.0 - CyberLink Corp.) DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.47 - FileZilla Project) FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1221.6 - Sonix) Free Video to MP3 Converter version 5.0.34.225 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.34.225 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) Fujitsu BIOS Driver (HKLM-x32\...\InstallShield_{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.1.0.0 - FUJITSU LIMITED) Fujitsu BIOS Driver (Version: 1.1.0.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Fujitsu MobilityCenter Extension Utility (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.5.0.0 - FUJITSU LIMITED) Fujitsu System Extension Utility (Version: 3.5.0.0 - FUJITSU LIMITED) Hidden GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1412.3) (HKLM\...\{302600C1-6BDF-4FD1-1401-148929CC1385}) (Version: 17.0.1401.0428 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.4.1000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Kochbuch 2.5 (HKLM\...\Kochbuch_is1) (Version: 2.5 - Flo & Seb Engineering) LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.0.0 - FUJITSU LIMITED) LIFEBOOK Application Panel (Version: 8.5.0.0 - FUJITSU LIMITED) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Nitro Reader 3 (HKLM\...\{CC0EF85F-58B7-43A8-85E7-546783663081}) (Version: 3.1.1.3 - Nitro) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Opera Stable 25.0.1614.63 (HKLM-x32\...\Opera 25.0.1614.63) (Version: 25.0.1614.63 - Opera Software ASA) PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.0.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 7.0.001 - FUJITSU LIMITED) Hidden Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.0.0.0 - FUJITSU LIMITED) Pointing Device Utility (Version: 2.0.0.0 - FUJITSU LIMITED) Hidden Power Saving Utility (HKLM-x32\...\InstallShield_{E50AF275-8A41-4FCF-847B-D6E60018F388}) (Version: 33.01.00.000 - FUJITSU LIMITED) Power Saving Utility (Version: 33.01.00.000 - FUJITSU LIMITED) Hidden Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6714 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System (06/09/2012 1.23) (HKLM\...\7D737DCFBBA92B6A4335FA93E0B846D9D2DE908E) (Version: 06/09/2012 1.23 - FUJITSU LIMITED) Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System (06/22/2012 1.30.0.0) (HKLM\...\3DCA6835C7741E181396F76FD94C05C19F4124A9) (Version: 06/22/2012 1.30.0.0 - FUJITSU LIMITED) Wireless Radio Switch Driver (HKLM-x32\...\InstallShield_{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 1.0.0.0 - FUJITSU LIMITED) Wireless Radio Switch Driver (Version: 1.0.0.0 - FUJITSU LIMITED) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Edith\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Edith\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Edith\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Edith\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Edith\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1115212536-1596043669-174481391-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Edith\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-10-2014 18:30:15 Windows Update 28-10-2014 12:45:38 DeskUpdate ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01FD7C0E-1268-4C55-9D54-2DDCF2EB3BAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation) Task: {05023E97-E8D5-43A3-8FCD-476E0FAA1D77} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {10A52E8F-FE18-496C-B45D-9321ACE9CAB7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {10BD6A48-9306-4D6E-BDB8-93C6526143F4} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {1BD680C0-6E5B-498C-994A-6665242688BA} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {1F0BF170-BBC3-4904-9036-8AA037F4FE50} - System32\Tasks\Fujitsu\PointingDeviceUtility\ToggleIPD => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2012-08-04] (FUJITSU LIMITED) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23E5389A-B08C-480C-BC93-4489FA870DD3} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {26D503B2-DE3C-420B-B22A-8A81ADFC5A86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20] (AVAST Software) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E90CB8E-75E4-46DD-B1EC-8077C40BE781} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {39079C12-5AD4-4901-8546-742C335C0E5A} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeup => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3CCB47FB-38F5-464C-A8C4-85F3CBD31D1B} - System32\Tasks\Fujitsu\ApplicationPanel\DisableBtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {41FC56FE-F6C0-475E-A09B-BF2DE7759BAE} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {421D3447-EB06-4EE4-B4E3-82A07F9356F6} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {52CDCA88-1203-4FD1-8DAA-23CE9F4EDD3B} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupNow => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {5736A260-EB1E-4F75-8C2F-3C7004DD4494} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {60B025EB-0F09-44C4-BCC8-C350123A22E1} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {61B526D4-F7FF-4338-808D-D1C547658896} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetDriverIfFuj02b1DisableOnLogon => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2012-08-04] (FUJITSU LIMITED) Task: {6335DC77-77A6-4B76-BEE5-98402FE58220} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-12-11] (Fujitsu Technology Solutions) Task: {646262C8-9A66-4CEF-B90F-1C88D7B663EF} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {6942D7BA-C728-4499-84B1-66BDF3E475F4} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6C64D8CA-5C87-4526-ADC0-290687231CBD} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndSetWakeupSetting => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {7479903A-111F-4AB4-8C0B-0FB8D4E77D59} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {933AA30D-8AD0-4ED9-A6C8-C8EFF33789C9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {939F75DB-C6A1-44B4-97CD-9A30E4114E48} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A0597405-246C-42E4-BC00-63FAB0417912} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {A9888BD8-22D2-4C57-B1CE-EBE3CB5011FB} - System32\Tasks\Opera scheduled Autoupdate 1395949166 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-23] (Opera Software) Task: {AFFEB647-529B-4479-84EA-9EDB5DBCABC6} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {BF3D9310-71E2-42C9-9494-FFE98F0EFDCE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-23] (Microsoft Corporation) Task: {C958C128-50E9-49E8-9D53-3852F92EB89C} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {D7FE60D0-FFE7-4AD7-A9C4-27A886D7FB76} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartBtnHndHKB => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E0347945-47BF-4D1C-91EA-33CD98359EAE} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeupBySwitch => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2012-08-01] (FUJITSU LIMITED) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F83AA1BD-4FD1-48DC-9886-A626DC1A916B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {FDBE1F6F-287A-46C4-8BC8-B27AD2C6353C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-19 07:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-03-16 18:42 - 2014-03-16 18:42 - 02611808 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe 2014-10-27 14:33 - 2014-10-27 14:33 - 00500344 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\opera_crashreporter.exe 2014-07-20 10:57 - 2014-07-20 10:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-28 23:10 - 2014-10-28 23:10 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102801\algo.dll 2014-10-29 12:43 - 2014-10-29 12:43 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102901\algo.dll 2012-08-28 13:12 - 2012-06-25 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-05-04 19:10 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll 2012-05-16 20:01 - 2012-05-16 20:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll 2014-03-14 11:11 - 2014-03-14 11:11 - 00250368 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll 2014-03-16 18:42 - 2014-03-16 18:42 - 00060512 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll 2014-03-14 11:11 - 2014-03-14 11:11 - 00065024 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll 2012-06-17 14:22 - 2012-06-17 14:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll 2014-07-20 10:57 - 2014-07-20 10:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-10-27 14:33 - 2014-10-27 14:33 - 00156792 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\message_center_win8.dll 2014-10-27 14:33 - 2014-10-27 14:33 - 01310328 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\libglesv2.dll 2014-10-27 14:33 - 2014-10-27 14:33 - 00219256 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\libegl.dll 2014-10-27 14:33 - 2014-10-27 14:33 - 09218680 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\pdf.dll 2014-10-27 14:33 - 2014-10-27 14:33 - 00991864 _____ () C:\Program Files (x86)\Opera\25.0.1614.63\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "PDFPrint" HKCU\...\StartupApproved\Run: => "SpiderOak" ========================= Accounts: ========================== Administrator (S-1-5-21-1115212536-1596043669-174481391-500 - Administrator - Disabled) Edith (S-1-5-21-1115212536-1596043669-174481391-1001 - Administrator - Enabled) => C:\Users\Edith Gast (S-1-5-21-1115212536-1596043669-174481391-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2014 04:15:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 04:01:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 04:01:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 03:58:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 03:58:11 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 02:59:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 00:46:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073422302 Error: (10/29/2014 00:42:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/29/2014 00:42:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (10/29/2014 02:58:59 PM) (Source: DCOM) (EventID: 10010) (User: Edith-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/29/2014 02:58:29 PM) (Source: DCOM) (EventID: 10010) (User: Edith-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (10/29/2014 04:15:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (10/29/2014 04:01:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe Error: (10/29/2014 04:01:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe Error: (10/29/2014 03:58:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe Error: (10/29/2014 03:58:11 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe Error: (10/29/2014 02:59:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/29/2014 00:46:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073422302 Error: (10/29/2014 00:42:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe Error: (10/29/2014 00:42:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Edith\Downloads\esetsmartinstaller_enu.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 57% Total physical RAM: 3954.05 MB Available physical RAM: 1696.63 MB Total Pagefile: 4978.05 MB Available Pagefile: 1964.93 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:74.56 GB) (Free:8.59 GB) NTFS Drive d: (DRIVERS) (Fixed) (Total:606.51 GB) (Free:606.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 8.1 x64 Ran by Edith on 29.10.2014 at 0:54:03,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.10.2014 at 1:00:27,52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADWcleaner Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 29/10/2014 um 00:43:41 # DB v2014-10-26.6 # Aktualisiert 27/10/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Edith - EDITH-PC # Gestartet von : C:\Users\Edith\Downloads\AdwCleaner_4.002.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Edith\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Edith\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Edith\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Edith\AppData\Local\Temp\webget Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe ***** [ Tasks ] ***** Task Gelöscht : ASP ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} Schlüssel Gelöscht : HKCU\Software\Linkey Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17344 ************************* AdwCleaner[R0].txt - [4804 octets] - [29/10/2014 00:37:19] AdwCleaner[S0].txt - [4101 octets] - [29/10/2014 00:43:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4161 octets] ########## Die MBAM-log-datei finde ich irgendwie nicht, wenn es nicht das war, das ich schon im ersten Post gepostet habe. Bei mir sieht das Programm auch anders aus, als hier beschrieben: http://www.trojaner-board.de/125889-...tml#post941534 Es gibt keine Schaltfläche "Logdateien" |
30.10.2014, 20:26 | #4 | |
/// TB-Ausbilder | Win 8: RegClean Pro entfernen Mehrere Anti-Virus-Programme Code:
ATTFilter Norton Avast Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Wir entfernen die letzten Reste und kontrollieren nochmal alles. EEK und ESET können länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: SearchScopes: HKCU - {E5025558-631F-4A96-AACB-5490A73AE742} URL = Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File C:\Users\Edith\setup.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll C:\Users\Edith\Downloads\Rainlendar Lite 32 Bit - CHIP-Installer.exe C:\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade Dir bitte von hier Emsisoft Emergency Kit herunter.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
31.10.2014, 20:37 | #5 |
| Win 8: RegClean Pro entfernen Hallo hier schon mal der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01 Ran by Edith at 2014-10-31 15:25:24 Run:1 Running from C:\Users\Edith\Desktop Loaded Profile: Edith (Available profiles: Edith) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: SearchScopes: HKCU - {E5025558-631F-4A96-AACB-5490A73AE742} URL = Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File C:\Users\Edith\setup.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll C:\Users\Edith\Downloads\Rainlendar Lite 32 Bit - CHIP-Installer.exe C:\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe EmptyTemp: end ***************** Processes closed successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5025558-631F-4A96-AACB-5490A73AE742}" => Key deleted successfully. "HKCR\CLSID\{E5025558-631F-4A96-AACB-5490A73AE742}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. C:\Users\Edith\setup.exe => Moved successfully. C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully. C:\Users\Edith\Downloads\Rainlendar Lite 32 Bit - CHIP-Installer.exe => Moved successfully. C:\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe => Moved successfully. EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Danke für den Hinweis mit den Virenprogrammen, ich habe nun Norton gelöscht und nur noch Avast laufen. Soeben habe ich den EEK-Scan gemacht. Ich wollte den Bericht erstellen, aber bei mir kam nur sowas: Code:
ATTFilter ÿþE#m#s#i#s#o#f#t# #E#m#e#r#g#e#n#c#y# #K#i#t# #-# #V#e#r#s#i#o#n# #9#.#0# Liebe grüße hier nun die Logdatei von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e15054234d057c438fedefd9695bf9eb # engine=20873 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-31 06:44:01 # local_time=2014-10-31 07:44:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 1238790 179201531 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 14759273 39662334 0 0 # scanned=192360 # found=4 # cleaned=0 # scan_time=7952 sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Edith\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir" sh=36A3E802C2D6A6A0492834A64C0EFCA8B9B2CD6A ft=1 fh=64517fd454c16203 vn="Variante von Win32/InstallCore.RA evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Edith\Downloads\FileZilla_Server-0_9_47.exe.xBAD" sh=CE4E9967E2D0F5481D8D1D1E920F7016730931C8 ft=1 fh=883f88b87bca668a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Edith\Downloads\Rainlendar Lite 32 Bit - CHIP-Installer.exe.xBAD" Code:
ATTFilter Results of screen317's Security Check version 0.99.89 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.189 Adobe Reader 10.1.12 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
31.10.2014, 23:00 | #6 |
/// TB-Ausbilder | Win 8: RegClean Pro entfernen Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
02.11.2014, 19:50 | #7 |
| Win 8: RegClean Pro entfernen Hallo Matthias! Vielen lieben Dank für deine Hilfe!! Ich denke, es ist alles soweit in Ordnung, du kannst also das Thema aus deinem Abo rausnehmen |
03.11.2014, 16:56 | #8 |
/// TB-Ausbilder | Win 8: RegClean Pro entfernen Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |