| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2015, 10:05
| #1 |
 |  Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Hallo, ich konnte seit einigen Tagen keine https Seiten, speziell meinen Windows Account also account.live.com mehr aufrufen. Habe dann im Bitdefender Dashboard entdeckt das die zwei infizierten Dateien gefunden wurden. Nun kann ich die Seiten immernoch nicht aufrufen. Werden die Seiten nun von der Antiviren Software blockiert und was mache ich nun mit diesen Dateien? Des Weiteren habe ich mir kürzlich die WDmyCloud gekauft. Wie kann ich nun sicher gehen das ich mir den Kram nicht auch darauf gezogen habe. Vielen Dank für eure Hilfe im Voraus! Gruß Carolin |
|
08.01.2015, 11:28
| #2 |
| /// the machine /// TB-Ausbilder    | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden hi,
__________________Logfile von BitDefender? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.01.2015, 17:02
| #3 |
| | FRST FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Carolin (administrator) on CAROLIN on 08-01-2015 16:49:39
Running from C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\9IMLER5A
Loaded Profile: Carolin (Available profiles: UpdatusUser & Carolin & Stefan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Buhl Data Service GmbH) C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\MG.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-14] (Bitdefender)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications))
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [SkyDrive] => C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002 -> {095A28A6-95D6-4177-98C1-59F03D82324D} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\4saq1g2n.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-14] (Bitdefender)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-14] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 a2injectiondriver; No ImagePath
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-14] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-14] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-14] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-14] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R4 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
R3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 16:49 - 2015-01-08 16:49 - 00000000 ____D () C:\FRST
2015-01-08 11:09 - 2015-01-08 11:09 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-01-08 09:02 - 2015-01-08 09:37 - 00000000 ____D () C:\ProgramData\Dumps
2015-01-07 18:58 - 2015-01-07 18:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{383E0617-C8B6-4649-8199-915EBE4FC5ED}
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieUserList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieSiteList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Macromedia
2015-01-07 18:57 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\OneDrive
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Synaptics
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Sony Corporation
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Bitdefender
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Atheros
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Apple Computer
2015-01-07 18:54 - 2015-01-07 18:54 - 00001418 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Adobe
2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Local\VirtualStore
2015-01-07 18:53 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Packages
2015-01-07 18:51 - 2015-01-07 18:51 - 00000020 ___SH () C:\Users\Stefan\ntuser.ini
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Vorlagen
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Startmenü
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Netzwerkumgebung
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Lokale Einstellungen
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Eigene Dateien
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Druckumgebung
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Musik
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Bilder
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Verlauf
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Anwendungsdaten
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Anwendungsdaten
2015-01-07 18:50 - 2015-01-07 18:57 - 00000000 ____D () C:\Users\Stefan
2015-01-07 18:50 - 2014-11-14 17:57 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-07 18:50 - 2014-09-21 13:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-07 18:50 - 2014-01-04 22:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Pokki
2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:57 - 2015-01-06 15:57 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-06 15:10 - 2015-01-08 11:10 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-01-05 23:46 - 2015-01-05 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-05 23:32 - 2015-01-06 14:01 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\ParetoLogic
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\DriverCure
2015-01-05 23:31 - 2015-01-05 23:31 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2015-01-05 23:01 - 2015-01-05 23:01 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Mozilla
2015-01-05 22:27 - 2015-01-05 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager [1].exe
2015-01-05 22:26 - 2015-01-05 22:26 - 00823792 _____ ( ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe
2015-01-05 21:30 - 2015-01-05 21:30 - 05317104 _____ (Piriform Ltd) C:\Users\Carolin\Downloads\ccsetup501.exe
2015-01-05 21:30 - 2015-01-05 21:30 - 00000798 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-05 21:27 - 2015-01-05 21:27 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-01-05 20:51 - 2015-01-05 20:51 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets (1).diagcab
2015-01-05 20:10 - 2015-01-05 20:51 - 00003382 _____ () C:\WINDOWS\System32\Tasks\START SKYDRIVE
2015-01-05 20:09 - 2015-01-05 20:09 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets.diagcab
2015-01-03 12:42 - 2015-01-03 12:42 - 00000000 ____D () C:\Users\Public\Documents\Gnom
2015-01-03 09:22 - 2015-01-04 22:44 - 00000000 ____D () C:\Users\Carolin\Achim
2015-01-02 18:32 - 2015-01-02 18:32 - 00001090 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-27 20:14 - 2014-12-27 20:14 - 00000000 ____D () C:\Analytics
2014-12-27 20:12 - 2014-12-27 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital
2014-12-27 20:09 - 2015-01-06 21:47 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western_Digital_Technolog
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-12-27 20:09 - 2014-12-27 20:09 - 00000000 ____D () C:\Program Files\Western Digital
2014-12-27 20:04 - 2014-12-27 20:04 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader (1).zip
2014-12-27 20:04 - 2014-12-27 20:04 - 04461527 _____ () C:\Users\Carolin\Downloads\WD_Quick_View_Setup_for_Windows.zip
2014-12-27 13:56 - 2014-12-27 13:58 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader.zip
2014-12-27 13:05 - 2014-12-27 13:05 - 65350992 _____ () C:\Users\Carolin\Downloads\WDMyCloud_win.exe
2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-12-27 13:03 - 2014-12-27 13:03 - 65350992 _____ () C:\Users\Carolin\WDMyCloud_win.exe
2014-12-27 13:00 - 2014-12-27 20:09 - 00000000 ____D () C:\ProgramData\Western Digital
2014-12-27 13:00 - 2014-12-27 13:03 - 00001173 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2014-12-27 13:00 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\com.wd.WDMyCloud
2014-12-27 13:00 - 2014-12-27 13:00 - 00000204 _____ () C:\Users\Carolin\Desktop\Lerncenter WD My Cloud.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000158 _____ () C:\Users\Carolin\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000154 _____ () C:\Users\Carolin\Desktop\WD My Cloud-Dashboard.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2014-12-27 12:49 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western Digital
2014-12-27 12:48 - 2014-12-27 12:48 - 71601392 _____ () C:\Users\Carolin\Downloads\mc_windows_setup.exe
2014-12-26 21:04 - 2014-12-26 21:04 - 00001431 _____ () C:\Users\Carolin\Desktop\CopyTrans Control Center.lnk
2014-12-26 21:04 - 2014-12-26 21:04 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-12-26 21:03 - 2014-12-26 21:04 - 05102256 _____ (WindSolutions) C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe
2014-12-26 21:00 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\WindSolutions
2014-12-26 20:59 - 2014-12-26 21:08 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-26 20:58 - 2014-12-26 20:58 - 09280316 _____ () C:\Users\Carolin\Downloads\CopyTransManagerDEv1.013.zip
2014-12-17 16:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 16:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 01:50 - 2014-12-13 01:50 - 00829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2014-12-13 01:50 - 2014-12-13 01:50 - 00608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2014-12-12 23:22 - 2014-12-12 23:22 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2014-12-12 23:22 - 2014-12-12 23:22 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2014-12-10 09:59 - 2014-12-10 09:59 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 09:44 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 09:44 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 09:44 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 09:44 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 09:39 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 09:39 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 09:39 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 09:39 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 09:39 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 09:39 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 09:39 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 09:39 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 09:39 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 09:39 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 09:39 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 09:39 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 09:39 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 09:39 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 09:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 09:39 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 09:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 09:39 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 09:39 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 09:39 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 09:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 09:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 09:39 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 09:39 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 09:39 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 09:39 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 09:39 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 09:39 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 09:39 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 09:39 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 09:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 09:39 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 09:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 09:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 09:39 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 09:39 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 09:39 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 09:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 09:39 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 09:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 09:39 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 09:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 09:39 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 09:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 09:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 09:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 09:39 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 09:39 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 09:39 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 09:39 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 09:39 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 09:39 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 09:39 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 09:39 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 18:53 - 2014-12-09 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 16:48 - 2014-01-04 14:27 - 00000000 ____D () C:\Users\Carolin\Documents\WISO Mein Geld
2015-01-08 16:46 - 2014-01-04 11:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293654675-2556177190-2138456915-1002
2015-01-08 16:45 - 2014-09-30 15:58 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan
2015-01-08 16:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-08 16:43 - 2014-04-08 16:33 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin
2015-01-08 16:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-08 09:43 - 2014-01-04 22:43 - 01613993 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-08 09:21 - 2014-02-26 09:52 - 00000000 ____D () C:\ProgramData\BDLogging
2015-01-08 08:52 - 2014-01-21 20:39 - 01679872 ___SH () C:\Users\Carolin\Desktop\Thumbs.db
2015-01-08 08:11 - 2014-01-04 22:47 - 00000000 ____D () C:\Users\Carolin
2015-01-08 08:07 - 2014-01-04 12:01 - 00000000 ___DO () C:\Users\Carolin\SkyDrive
2015-01-07 18:55 - 2014-01-04 11:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-01-07 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-07 16:55 - 2014-01-04 23:30 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D47BDD1F-9221-4378-922D-20DF3289565D}
2015-01-06 17:44 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-06 17:42 - 2014-06-16 17:26 - 00000000 ____D () C:\schrankplaner
2015-01-06 17:42 - 2013-08-22 15:44 - 00446440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-06 14:12 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\VirtualStore
2015-01-06 13:56 - 2014-01-04 23:12 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Deployment
2015-01-06 12:11 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Nitro PDF
2015-01-05 23:01 - 2014-01-07 18:01 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Mozilla
2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Google
2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-05 21:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-05 21:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-05 21:11 - 2014-04-27 21:00 - 00000000 ____D () C:\Users\Carolin\AppData\Temp
2015-01-05 21:11 - 2014-02-02 17:23 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\vlc
2015-01-05 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-03 16:23 - 2014-01-26 17:43 - 02090496 ___SH () C:\Users\Carolin\Downloads\Thumbs.db
2015-01-03 16:10 - 2014-01-05 17:52 - 00000000 ___RD () C:\Users\Carolin\Dropbox
2015-01-03 16:10 - 2014-01-05 17:49 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Dropbox
2015-01-03 09:22 - 2014-04-27 20:43 - 00378880 ___SH () C:\Users\Carolin\Thumbs.db
2015-01-02 17:07 - 2014-08-13 19:08 - 00012795 _____ () C:\Users\Carolin\Documents\Übersicht Planung MM.xlsx
2015-01-02 13:01 - 2014-01-04 15:14 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Apple Computer
2014-12-26 22:02 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Packages
2014-12-23 12:16 - 2014-01-04 11:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 07:19 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-22 07:19 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-22 07:19 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-20 20:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 17:59 - 2014-01-05 17:51 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 19:43 - 2014-01-04 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-16 19:40 - 2014-01-04 17:09 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 10:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 09:59 - 2014-07-09 15:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 09:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
Files to move or delete:
====================
C:\Users\Carolin\WDMyCloud_win.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-08 08:19
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Carolin at 2015-01-08 16:50:31
Running from C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\9IMLER5A
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.4.1 (HKLM\...\Kochbuch_is1) (Version: 2.4.1 - Flo & Seb Engineering)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
MergeModule_x64 (Version: 9.0.01 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.01 - Sony Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32c - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32c - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Photo Collage 3.0 (HKLM-x32\...\{8D42CBBC-2089-44AB-8021-369DDB962816}) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-01-2015 20:55:44 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {32DD49E9-F389-4E91-8ABF-8546D1C8A93C} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {6B7DDCCB-393E-42C7-A338-0912726B1BEA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {81549110-6F1B-434E-8949-65C3F87537E1} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-11-14] (Bitdefender)
Task: {89098DFA-1AF8-4278-ABD8-9DE3D201B9DB} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-08-16] (Microsoft Corporation)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {90FA9D9F-99B5-4AAB-B09B-B44065352E8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {93DA4D11-A582-426E-84A2-F5F452DEFA63} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {93ED6C4B-3FDA-4525-B173-4939799E8824} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-16] (Microsoft Corporation)
Task: {A94EBFDB-8ADB-497F-A272-26C68D1DFCF0} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E67671C1-2FC7-47FA-A5D0-A7A7D7F6B946} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4293654675-2556177190-2138456915-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {E74F1321-91CB-4D6B-AAF4-8050A540DD42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AD76AD-5039-4D0A-A97D-963EC5FD610F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-11-14 09:02 - 2014-11-14 09:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-02-26 09:52 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 08:57 - 2014-07-24 08:57 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpbr.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpdsp.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpph.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttprbl.mdl
2014-08-04 08:33 - 2014-08-04 08:33 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2014-03-28 06:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-24 23:09 - 2013-01-24 23:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-24 23:05 - 2013-01-24 23:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-24 23:12 - 2013-01-24 23:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-02-26 09:52 - 2014-11-14 09:00 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-03-31 23:10 - 2014-11-14 09:00 - 00468496 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00203264 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-05 13:29 - 2013-02-05 13:29 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-10-23 03:02 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-16 08:57 - 2014-11-16 08:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2008-05-06 09:35 - 2008-05-06 09:35 - 00028456 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\On4u3\bdrmf.dll
2013-10-17 09:26 - 2014-12-02 16:15 - 00382792 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeAdapter.dll
2013-10-17 09:26 - 2014-12-02 16:15 - 00021320 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeDB.dll
2013-10-17 09:26 - 2014-12-02 16:15 - 00046408 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\EPaymentAdapter.dll
2013-10-17 09:26 - 2014-12-02 16:16 - 00356168 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ExternalAPIAdapter.dll
2013-10-17 09:26 - 2014-12-02 16:15 - 00275272 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ServerAdapter.XmlSerializers.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
2014-11-16 08:57 - 2014-11-16 08:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Carolin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\adwcleaner_3.2.0.7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup413_slim.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup501.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ElsterFormular-15.0.20140212p.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\epson378345eu.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Fotowall_0.9_WinXP_Vista_7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mc_windows_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\picasa39-setup_3.9.137.118.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PictureCollageMakerPro_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PMHOME_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\schrankplaner_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\scribus-1.4.3-windows.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ShapeCollage-3.1-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Update_HDRAS100VV200.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\WDMyCloud_win.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\XMediaRecode3193_setup.exe:BDU
AlternateDataStreams: C:\Users\Stefan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Anwendungs-Agent"
========================= Accounts: ==========================
Administrator (S-1-5-21-4293654675-2556177190-2138456915-500 - Administrator - Disabled)
Carolin (S-1-5-21-4293654675-2556177190-2138456915-1002 - Administrator - Enabled) => C:\Users\Carolin
Gast (S-1-5-21-4293654675-2556177190-2138456915-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4293654675-2556177190-2138456915-1007 - Limited - Enabled)
Stefan (S-1-5-21-4293654675-2556177190-2138456915-1008 - Limited - Enabled) => C:\Users\Stefan
UpdatusUser (S-1-5-21-4293654675-2556177190-2138456915-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2015 11:04:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 10:59:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/08/2015 10:46:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (01/08/2015 10:45:57 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
System errors:
=============
Error: (01/07/2015 06:58:58 PM) (Source: DCOM) (EventID: 10010) (User: Carolin)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/06/2015 05:46:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/06/2015 05:46:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/06/2015 05:43:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/06/2015 05:42:42 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/06/2015 05:41:23 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (01/05/2015 11:29:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/05/2015 11:29:11 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/05/2015 11:26:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/05/2015 11:25:37 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Microsoft Office Sessions:
=========================
Error: (01/08/2015 11:04:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/08/2015 11:04:00 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/08/2015 10:59:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/08/2015 10:59:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/08/2015 10:46:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
Error: (01/08/2015 10:45:57 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
CodeIntegrity Errors:
===================================
Date: 2014-12-25 13:46:42.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro\Reader 3\NitroPDFThumbnailHelper.exe that did not meet the Microsoft signing level requirements.
Date: 2014-04-27 21:44:39.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:44:39.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:06:58.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8072.27 MB
Available physical RAM: 4844.53 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 6349.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:304.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4583D9D7)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
08.01.2015, 18:53
| #4 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Logfile von Bitdefender mit den Funden? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 19:24
| #5 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Kannst du mir bitte noch sagen wie ich daran komme? Code:
ATTFilter BitDefender Log File
Product : Bitdefender Internet Security
Scanning task : Auto-Scan
Log date : Dienstag, 6. Januar 2015 13:00:31
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\33f55599-2612-44f6-8d62-f6be64216004\1420541765_1_02.xml
Scan Paths:
Path : C:\Windows
Path : C:\Users
Path : C:\Program Files
Path : C:\Program Files (x86)
Path : C:\ProgramData
[-]Scan Results
[-]Resolved issues:
Object Path Threat Name Final Status
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\CE7OSYOW.txt Cookie.Adtech Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\ON88HXNE.txt Cookie.Advertising Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\IVIMPHQB.txt Cookie.FastClick Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\CU2T8WHZ.txt Cookie.SmartAdServer Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\PLCJ69P6.txt Cookie.Ru4 Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\HEXTQ0N6.txt Cookie.DoubleClick Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\IBW5FUOQ.txt Cookie.Casalemedia Deleted
Cookie: C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCookies\Low\WU7ORU6B.txt Cookie.Mediaplex Deleted
[+]Objects that were not scanned:
[-]Detailed Scan Summary
[-]Basic
Scanned items : 597990
Infected items : 8
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 8
Unresolved items : 0 (no issues remained unresolved)
[-]Advanced
Scan time : 0: 50: 45
Files per second : 196
Skipped items : 181511
Password-protected items : 3
Overcompressed items : 0
Scanned archives : 236
Input-output errors : 3337
Scanned boot sectors : 28
Scanned processes : 5091
Infected processes : 0
Scanned registry keys : 1969
Infected registry keys : 0
Scanned cookies : 157
Infected cookies : 8
[-]Scan Options
[-]Target Threat Types:
Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Scan for keyloggers : Yes
[-]Target Selection Options:
Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions : none configured
Excluded extensions : none configured
[-]Target Processing:
Default primary action for infected objects : Disinfect
Default secondary action for infected objects : Move to Quarantine
Default primary action for suspicious objects : Move to Quarantine
Default secondary action for suspicious objects : None
Default action for hidden objects : Disinfect
Default action for password-protected objects : Log as not scanned
[-]Scan engines summary
Number of virus signatures : 6392610
|
|
08.01.2015, 20:38
| #6 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden |
|
08.01.2015, 21:25
| #7 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.01.2015 Suchlauf-Zeit: 20:42:47 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2014.11.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Carolin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 430958 Verstrichene Zeit: 10 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 08/01/2015 um 21:06:02
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Carolin - CAROLIN
# Gestartet von : C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\ZK5LPZRK\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Users\Carolin\AppData\Local\Software
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\ParetoLogic
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [1874 octets] - [26/02/2014 14:51:42]
AdwCleaner[R1].txt - [4998 octets] - [29/04/2014 21:30:19]
AdwCleaner[R2].txt - [1406 octets] - [08/05/2014 20:04:53]
AdwCleaner[R3].txt - [1680 octets] - [08/01/2015 20:57:50]
AdwCleaner[S0].txt - [1895 octets] - [26/02/2014 14:54:07]
AdwCleaner[S1].txt - [4708 octets] - [29/04/2014 21:31:29]
AdwCleaner[S2].txt - [1346 octets] - [08/05/2014 20:08:39]
AdwCleaner[S3].txt - [1501 octets] - [08/01/2015 21:06:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1561 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Carolin on 08.01.2015 at 21:15:48,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.01.2015 at 21:18:49,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by Carolin (administrator) on CAROLIN on 08-01-2015 21:22:44 Running from C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\ZK5LPZRK Loaded Profile: Carolin (Available profiles: UpdatusUser & Carolin & Stefan) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-14] (Bitdefender) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications)) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [SkyDrive] => C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002 -> {095A28A6-95D6-4177-98C1-59F03D82324D} URL = BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\4saq1g2n.default FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-26] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-26] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-14] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software) R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-14] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-14] (Bitdefender) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-14] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-14] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-14] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-14] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 21:18 - 2015-01-08 21:18 - 00000807 _____ () C:\Users\Carolin\Desktop\JRT.txt 2015-01-08 21:15 - 2015-01-08 21:15 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-08 21:07 - 2015-01-08 21:07 - 00004584 _____ () C:\WINDOWS\PFRO.log 2015-01-08 20:56 - 2015-01-08 20:56 - 00001190 _____ () C:\Users\Carolin\Desktop\mbam.txt 2015-01-08 20:41 - 2015-01-08 21:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 20:41 - 2015-01-08 20:41 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-08 19:18 - 2015-01-08 09:22 - 00376768 _____ () C:\Users\Carolin\Desktop\1420701576_1_01.xml 2015-01-08 19:18 - 2015-01-06 13:00 - 00373964 _____ () C:\Users\Carolin\Desktop\1420541765_1_02.xml 2015-01-08 16:49 - 2015-01-08 21:22 - 00000000 ____D () C:\FRST 2015-01-08 09:02 - 2015-01-08 09:37 - 00000000 ____D () C:\ProgramData\Dumps 2015-01-07 18:58 - 2015-01-07 18:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{383E0617-C8B6-4649-8199-915EBE4FC5ED} 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieUserList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieSiteList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Macromedia 2015-01-07 18:57 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\OneDrive 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Synaptics 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Sony Corporation 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Bitdefender 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Atheros 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Apple Computer 2015-01-07 18:54 - 2015-01-07 18:54 - 00001418 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Adobe 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Local\VirtualStore 2015-01-07 18:53 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Packages 2015-01-07 18:51 - 2015-01-07 18:51 - 00000020 ___SH () C:\Users\Stefan\ntuser.ini 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Vorlagen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Startmenü 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Netzwerkumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Lokale Einstellungen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Eigene Dateien 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Druckumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Musik 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Bilder 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Verlauf 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Anwendungsdaten 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Anwendungsdaten 2015-01-07 18:50 - 2015-01-07 18:57 - 00000000 ____D () C:\Users\Stefan 2015-01-07 18:50 - 2014-11-14 17:57 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-07 18:50 - 2014-09-21 13:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-07 18:50 - 2014-01-04 22:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Pokki 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-06 15:57 - 2015-01-06 15:57 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-06 14:15 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2015-01-05 23:46 - 2015-01-05 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-01-05 23:31 - 2015-01-05 23:31 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe 2015-01-05 23:01 - 2015-01-05 23:01 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Mozilla 2015-01-05 22:27 - 2015-01-05 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager [1].exe 2015-01-05 22:26 - 2015-01-05 22:26 - 00823792 _____ ( ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe 2015-01-05 21:30 - 2015-01-05 21:30 - 05317104 _____ (Piriform Ltd) C:\Users\Carolin\Downloads\ccsetup501.exe 2015-01-05 21:30 - 2015-01-05 21:30 - 00000798 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-05 21:27 - 2015-01-05 21:27 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe 2015-01-05 20:51 - 2015-01-05 20:51 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets (1).diagcab 2015-01-05 20:10 - 2015-01-05 20:51 - 00003382 _____ () C:\WINDOWS\System32\Tasks\START SKYDRIVE 2015-01-05 20:09 - 2015-01-05 20:09 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets.diagcab 2015-01-03 12:42 - 2015-01-03 12:42 - 00000000 ____D () C:\Users\Public\Documents\Gnom 2015-01-03 09:22 - 2015-01-04 22:44 - 00000000 ____D () C:\Users\Carolin\Achim 2015-01-02 18:32 - 2015-01-02 18:32 - 00001090 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-27 20:14 - 2014-12-27 20:14 - 00000000 ____D () C:\Analytics 2014-12-27 20:12 - 2014-12-27 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital 2014-12-27 20:09 - 2015-01-08 21:09 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western_Digital_Technolog 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-12-27 20:09 - 2014-12-27 20:09 - 00000000 ____D () C:\Program Files\Western Digital 2014-12-27 20:04 - 2014-12-27 20:04 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader (1).zip 2014-12-27 20:04 - 2014-12-27 20:04 - 04461527 _____ () C:\Users\Carolin\Downloads\WD_Quick_View_Setup_for_Windows.zip 2014-12-27 13:56 - 2014-12-27 13:58 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader.zip 2014-12-27 13:05 - 2014-12-27 13:05 - 65350992 _____ () C:\Users\Carolin\Downloads\WDMyCloud_win.exe 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-12-27 13:03 - 2014-12-27 13:03 - 65350992 _____ () C:\Users\Carolin\WDMyCloud_win.exe 2014-12-27 13:00 - 2014-12-27 20:09 - 00000000 ____D () C:\ProgramData\Western Digital 2014-12-27 13:00 - 2014-12-27 13:03 - 00001173 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk 2014-12-27 13:00 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\com.wd.WDMyCloud 2014-12-27 13:00 - 2014-12-27 13:00 - 00000204 _____ () C:\Users\Carolin\Desktop\Lerncenter WD My Cloud.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000158 _____ () C:\Users\Carolin\Desktop\WD My Cloud – Öffentliche Freigabe.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000154 _____ () C:\Users\Carolin\Desktop\WD My Cloud-Dashboard.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-12-27 12:49 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western Digital 2014-12-27 12:48 - 2014-12-27 12:48 - 71601392 _____ () C:\Users\Carolin\Downloads\mc_windows_setup.exe 2014-12-26 21:04 - 2014-12-26 21:04 - 00001431 _____ () C:\Users\Carolin\Desktop\CopyTrans Control Center.lnk 2014-12-26 21:04 - 2014-12-26 21:04 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center 2014-12-26 21:03 - 2014-12-26 21:04 - 05102256 _____ (WindSolutions) C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe 2014-12-26 21:00 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\WindSolutions 2014-12-26 20:59 - 2014-12-26 21:08 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-26 20:58 - 2014-12-26 20:58 - 09280316 _____ () C:\Users\Carolin\Downloads\CopyTransManagerDEv1.013.zip 2014-12-17 16:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-17 16:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 01:50 - 2014-12-13 01:50 - 00829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll 2014-12-13 01:50 - 2014-12-13 01:50 - 00608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll 2014-12-12 23:22 - 2014-12-12 23:22 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll 2014-12-12 23:22 - 2014-12-12 23:22 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll 2014-12-10 09:59 - 2014-12-10 09:59 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-10 09:44 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 09:44 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 09:44 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 09:44 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 09:39 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-10 09:39 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-10 09:39 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 09:39 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 09:39 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 09:39 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 09:39 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 09:39 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 09:39 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 09:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 09:39 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 09:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 09:39 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 09:39 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 09:39 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 09:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 09:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 09:39 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 09:39 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 09:39 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 09:39 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 09:39 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 09:39 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 09:39 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 09:39 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 09:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 09:39 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 09:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 09:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 09:39 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 09:39 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 09:39 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 09:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 09:39 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 09:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 09:39 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 09:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 09:39 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 09:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 09:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 09:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-10 09:39 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 09:39 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 09:39 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-10 09:39 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-10 09:39 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-09 18:53 - 2014-12-09 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 21:20 - 2014-04-08 16:33 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin 2015-01-08 21:15 - 2014-01-04 22:43 - 01767934 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-08 21:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-08 21:14 - 2014-01-04 23:30 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D47BDD1F-9221-4378-922D-20DF3289565D} 2015-01-08 21:09 - 2014-01-04 12:01 - 00000000 ___DO () C:\Users\Carolin\SkyDrive 2015-01-08 21:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-08 21:06 - 2014-02-26 14:51 - 00000000 ____D () C:\AdwCleaner 2015-01-08 21:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-08 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-08 20:50 - 2014-01-04 11:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293654675-2556177190-2138456915-1002 2015-01-08 18:04 - 2014-01-04 14:27 - 00000000 ____D () C:\Users\Carolin\Documents\WISO Mein Geld 2015-01-08 09:21 - 2014-02-26 09:52 - 00000000 ____D () C:\ProgramData\BDLogging 2015-01-08 08:52 - 2014-01-21 20:39 - 01679872 ___SH () C:\Users\Carolin\Desktop\Thumbs.db 2015-01-08 08:11 - 2014-01-04 22:47 - 00000000 ____D () C:\Users\Carolin 2015-01-07 18:55 - 2014-01-04 11:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-01-07 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-06 17:42 - 2014-06-16 17:26 - 00000000 ____D () C:\schrankplaner 2015-01-06 17:42 - 2013-08-22 15:44 - 00446440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-06 14:12 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\VirtualStore 2015-01-06 13:56 - 2014-01-04 23:12 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Deployment 2015-01-06 12:11 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Nitro PDF 2015-01-05 23:01 - 2014-01-07 18:01 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Mozilla 2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Google 2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-05 21:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-05 21:11 - 2014-04-27 21:00 - 00000000 ____D () C:\Users\Carolin\AppData\Temp 2015-01-05 21:11 - 2014-02-02 17:23 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\vlc 2015-01-05 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-03 16:23 - 2014-01-26 17:43 - 02090496 ___SH () C:\Users\Carolin\Downloads\Thumbs.db 2015-01-03 16:10 - 2014-01-05 17:52 - 00000000 ___RD () C:\Users\Carolin\Dropbox 2015-01-03 16:10 - 2014-01-05 17:49 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Dropbox 2015-01-03 09:22 - 2014-04-27 20:43 - 00378880 ___SH () C:\Users\Carolin\Thumbs.db 2015-01-02 17:07 - 2014-08-13 19:08 - 00012795 _____ () C:\Users\Carolin\Documents\Übersicht Planung MM.xlsx 2015-01-02 13:01 - 2014-01-04 15:14 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Apple Computer 2014-12-26 22:02 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Packages 2014-12-23 12:16 - 2014-01-04 11:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 07:19 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-22 07:19 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-22 07:19 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-20 20:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-19 17:59 - 2014-01-05 17:51 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-16 19:43 - 2014-01-04 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-16 19:40 - 2014-01-04 17:09 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-10 10:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-10 09:59 - 2014-07-09 15:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-10 09:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS Files to move or delete: ==================== C:\Users\Carolin\WDMyCloud_win.exe Some content of TEMP: ==================== C:\Users\Carolin\AppData\Local\Temp\Quarantine.exe C:\Users\Carolin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 08:19 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Carolin at 2015-01-08 21:23:22
Running from C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\ZK5LPZRK
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.4.1 (HKLM\...\Kochbuch_is1) (Version: 2.4.1 - Flo & Seb Engineering)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 9.0.01 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.01 - Sony Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32c - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32c - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Photo Collage 3.0 (HKLM-x32\...\{8D42CBBC-2089-44AB-8021-369DDB962816}) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-01-2015 20:55:44 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {32DD49E9-F389-4E91-8ABF-8546D1C8A93C} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {6B7DDCCB-393E-42C7-A338-0912726B1BEA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {89098DFA-1AF8-4278-ABD8-9DE3D201B9DB} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-08-16] (Microsoft Corporation)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {90FA9D9F-99B5-4AAB-B09B-B44065352E8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {93DA4D11-A582-426E-84A2-F5F452DEFA63} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {A94EBFDB-8ADB-497F-A272-26C68D1DFCF0} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {D0EBD57C-F495-4B2D-8F92-68A86D09AA62} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-16] (Microsoft Corporation)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E67671C1-2FC7-47FA-A5D0-A7A7D7F6B946} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4293654675-2556177190-2138456915-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {E74F1321-91CB-4D6B-AAF4-8050A540DD42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AD76AD-5039-4D0A-A97D-963EC5FD610F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-02-26 09:52 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 08:57 - 2014-07-24 08:57 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpbr.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpdsp.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpph.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttprbl.mdl
2014-08-04 08:33 - 2014-08-04 08:33 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2014-03-28 06:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-24 23:09 - 2013-01-24 23:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-24 23:05 - 2013-01-24 23:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-24 23:12 - 2013-01-24 23:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-05 13:29 - 2013-02-05 13:29 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-11-16 08:57 - 2014-11-16 08:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-16 08:58 - 2014-11-16 08:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-10-23 03:02 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Carolin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\adwcleaner_3.2.0.7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup413_slim.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup501.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ElsterFormular-15.0.20140212p.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\epson378345eu.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Fotowall_0.9_WinXP_Vista_7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mc_windows_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\picasa39-setup_3.9.137.118.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PictureCollageMakerPro_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PMHOME_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\schrankplaner_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\scribus-1.4.3-windows.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ShapeCollage-3.1-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Update_HDRAS100VV200.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\WDMyCloud_win.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\XMediaRecode3193_setup.exe:BDU
AlternateDataStreams: C:\Users\Stefan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Anwendungs-Agent"
========================= Accounts: ==========================
Administrator (S-1-5-21-4293654675-2556177190-2138456915-500 - Administrator - Disabled)
Carolin (S-1-5-21-4293654675-2556177190-2138456915-1002 - Administrator - Enabled) => C:\Users\Carolin
Gast (S-1-5-21-4293654675-2556177190-2138456915-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4293654675-2556177190-2138456915-1007 - Limited - Enabled)
Stefan (S-1-5-21-4293654675-2556177190-2138456915-1008 - Limited - Enabled) => C:\Users\Stefan
UpdatusUser (S-1-5-21-4293654675-2556177190-2138456915-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-25 13:46:42.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro\Reader 3\NitroPDFThumbnailHelper.exe that did not meet the Microsoft signing level requirements.
Date: 2014-04-27 21:44:39.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:44:39.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:06:58.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8072.27 MB
Available physical RAM: 5741.71 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 6871.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:303.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4583D9D7)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
08.01.2015, 22:53
| #8 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 06:16
| #9 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3ef30028c409864197a17c6920ce8963
# engine=21875
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 04:14:27
# local_time=2015-01-09 05:14:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 23311 99485827 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4796213 29103188 0 0
# scanned=268431
# found=8
# cleaned=0
# scan_time=19219
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=D6AE522FF8806F7589D0FD0CC5D70B65B0B5E390 ft=1 fh=1211e94886f9a591 vn="Variante von Win32/Hao123.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-saudi-forf.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=9EDDE1481E729D6C42206EA1E2443EFB3FC00750 ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carolin\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe"
sh=6D259E8B7FC2A5CA3A960E76EC15A39B242F94F0 ft=1 fh=4a984638c41edfed vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carolin\Downloads\FFSetup3.2.1.0.exe"
sh=D5C4CA5E56112B524FA0C8584299A551E1BCC809 ft=1 fh=de54c131cec3a137 vn="Variante von Win32/InstallCore.UR evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe"
sh=E453FCC016C6FA4EFE788C00B10DE0D631A09FCF ft=1 fh=03d13bad4b5856a3 vn="Variante von Win32/InstallCore.PZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carolin\Downloads\PictureCollageMakerPro_CB-DL-Manager.exe"
Code:
ATTFilter unsupported operating system! Aborted!
|
|
09.01.2015, 09:25
| #10 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 17:47
| #11 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Hi schrauber, hier kommt der rest :-) die Windows seiten kann ich leider bis jetzt noch nicht aufrufen LG Carolin FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by Carolin (administrator) on CAROLIN on 09-01-2015 17:45:29 Running from C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\9IMLER5A Loaded Profile: Carolin (Available profiles: UpdatusUser & Carolin & Stefan) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-14] (Bitdefender) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications)) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [SkyDrive] => C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002 -> {095A28A6-95D6-4177-98C1-59F03D82324D} URL = BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\4saq1g2n.default FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-26] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-26] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-14] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software) R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-14] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-14] (Bitdefender) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-14] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-14] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-14] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-14] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 06:17 - 2015-01-09 06:17 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan 2015-01-08 21:18 - 2015-01-08 21:18 - 00000807 _____ () C:\Users\Carolin\Desktop\JRT.txt 2015-01-08 21:15 - 2015-01-08 21:15 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-08 21:07 - 2015-01-08 21:07 - 00004584 _____ () C:\WINDOWS\PFRO.log 2015-01-08 20:56 - 2015-01-08 20:56 - 00001190 _____ () C:\Users\Carolin\Desktop\mbam.txt 2015-01-08 20:41 - 2015-01-09 17:44 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 20:41 - 2015-01-08 20:41 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-08 19:18 - 2015-01-08 09:22 - 00376768 _____ () C:\Users\Carolin\Desktop\1420701576_1_01.xml 2015-01-08 19:18 - 2015-01-06 13:00 - 00373964 _____ () C:\Users\Carolin\Desktop\1420541765_1_02.xml 2015-01-08 16:49 - 2015-01-09 17:45 - 00000000 ____D () C:\FRST 2015-01-08 09:02 - 2015-01-08 09:37 - 00000000 ____D () C:\ProgramData\Dumps 2015-01-07 18:58 - 2015-01-07 18:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{383E0617-C8B6-4649-8199-915EBE4FC5ED} 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieUserList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieSiteList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Macromedia 2015-01-07 18:57 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\OneDrive 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Synaptics 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Sony Corporation 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Bitdefender 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Atheros 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Apple Computer 2015-01-07 18:54 - 2015-01-07 18:54 - 00001418 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Adobe 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Local\VirtualStore 2015-01-07 18:53 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Packages 2015-01-07 18:51 - 2015-01-07 18:51 - 00000020 ___SH () C:\Users\Stefan\ntuser.ini 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Vorlagen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Startmenü 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Netzwerkumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Lokale Einstellungen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Eigene Dateien 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Druckumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Musik 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Bilder 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Verlauf 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Anwendungsdaten 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Anwendungsdaten 2015-01-07 18:50 - 2015-01-07 18:57 - 00000000 ____D () C:\Users\Stefan 2015-01-07 18:50 - 2014-11-14 17:57 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-07 18:50 - 2014-09-21 13:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-07 18:50 - 2014-01-04 22:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Pokki 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-06 15:57 - 2015-01-06 15:57 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-06 14:15 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2015-01-05 23:46 - 2015-01-05 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-01-05 23:31 - 2015-01-05 23:31 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe 2015-01-05 23:01 - 2015-01-05 23:01 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Mozilla 2015-01-05 22:27 - 2015-01-05 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager [1].exe 2015-01-05 22:26 - 2015-01-05 22:26 - 00823792 _____ ( ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe 2015-01-05 21:30 - 2015-01-05 21:30 - 05317104 _____ (Piriform Ltd) C:\Users\Carolin\Downloads\ccsetup501.exe 2015-01-05 21:30 - 2015-01-05 21:30 - 00000798 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-05 21:27 - 2015-01-05 21:27 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe 2015-01-05 20:51 - 2015-01-05 20:51 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets (1).diagcab 2015-01-05 20:10 - 2015-01-05 20:51 - 00003382 _____ () C:\WINDOWS\System32\Tasks\START SKYDRIVE 2015-01-05 20:09 - 2015-01-05 20:09 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets.diagcab 2015-01-03 12:42 - 2015-01-03 12:42 - 00000000 ____D () C:\Users\Public\Documents\Gnom 2015-01-03 09:22 - 2015-01-04 22:44 - 00000000 ____D () C:\Users\Carolin\Achim 2015-01-02 18:32 - 2015-01-02 18:32 - 00001090 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-27 20:14 - 2014-12-27 20:14 - 00000000 ____D () C:\Analytics 2014-12-27 20:12 - 2014-12-27 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital 2014-12-27 20:09 - 2015-01-08 21:09 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western_Digital_Technolog 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-12-27 20:09 - 2014-12-27 20:09 - 00000000 ____D () C:\Program Files\Western Digital 2014-12-27 20:04 - 2014-12-27 20:04 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader (1).zip 2014-12-27 20:04 - 2014-12-27 20:04 - 04461527 _____ () C:\Users\Carolin\Downloads\WD_Quick_View_Setup_for_Windows.zip 2014-12-27 13:56 - 2014-12-27 13:58 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader.zip 2014-12-27 13:05 - 2014-12-27 13:05 - 65350992 _____ () C:\Users\Carolin\Downloads\WDMyCloud_win.exe 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-12-27 13:03 - 2014-12-27 13:03 - 65350992 _____ () C:\Users\Carolin\WDMyCloud_win.exe 2014-12-27 13:00 - 2014-12-27 20:09 - 00000000 ____D () C:\ProgramData\Western Digital 2014-12-27 13:00 - 2014-12-27 13:03 - 00001173 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk 2014-12-27 13:00 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\com.wd.WDMyCloud 2014-12-27 13:00 - 2014-12-27 13:00 - 00000204 _____ () C:\Users\Carolin\Desktop\Lerncenter WD My Cloud.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000158 _____ () C:\Users\Carolin\Desktop\WD My Cloud – Öffentliche Freigabe.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000154 _____ () C:\Users\Carolin\Desktop\WD My Cloud-Dashboard.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-12-27 12:49 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western Digital 2014-12-27 12:48 - 2014-12-27 12:48 - 71601392 _____ () C:\Users\Carolin\Downloads\mc_windows_setup.exe 2014-12-26 21:04 - 2014-12-26 21:04 - 00001431 _____ () C:\Users\Carolin\Desktop\CopyTrans Control Center.lnk 2014-12-26 21:04 - 2014-12-26 21:04 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center 2014-12-26 21:03 - 2014-12-26 21:04 - 05102256 _____ (WindSolutions) C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe 2014-12-26 21:00 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\WindSolutions 2014-12-26 20:59 - 2014-12-26 21:08 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-26 20:58 - 2014-12-26 20:58 - 09280316 _____ () C:\Users\Carolin\Downloads\CopyTransManagerDEv1.013.zip 2014-12-17 16:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-17 16:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 01:50 - 2014-12-13 01:50 - 00829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll 2014-12-13 01:50 - 2014-12-13 01:50 - 00608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll 2014-12-12 23:22 - 2014-12-12 23:22 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll 2014-12-12 23:22 - 2014-12-12 23:22 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll 2014-12-10 09:59 - 2014-12-10 09:59 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-10 09:44 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 09:44 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 09:44 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 09:44 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 09:39 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-10 09:39 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-10 09:39 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-10 09:39 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 09:39 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 09:39 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 09:39 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 09:39 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 09:39 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 09:39 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 09:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 09:39 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 09:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 09:39 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 09:39 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 09:39 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 09:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 09:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 09:39 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 09:39 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 09:39 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 09:39 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 09:39 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 09:39 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 09:39 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 09:39 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 09:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 09:39 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 09:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 09:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 09:39 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 09:39 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 09:39 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 09:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 09:39 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 09:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 09:39 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 09:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 09:39 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 09:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 09:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 09:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-10 09:39 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 09:39 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 09:39 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-10 09:39 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-10 09:39 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 09:39 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 17:44 - 2014-04-08 16:33 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin 2015-01-09 17:42 - 2014-01-04 12:01 - 00000000 __RDO () C:\Users\Carolin\SkyDrive 2015-01-09 17:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-09 03:42 - 2014-01-04 23:30 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D47BDD1F-9221-4378-922D-20DF3289565D} 2015-01-08 23:01 - 2014-01-04 22:43 - 01846237 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-08 21:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-08 21:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-08 21:06 - 2014-02-26 14:51 - 00000000 ____D () C:\AdwCleaner 2015-01-08 21:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-08 20:50 - 2014-01-04 11:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293654675-2556177190-2138456915-1002 2015-01-08 18:04 - 2014-01-04 14:27 - 00000000 ____D () C:\Users\Carolin\Documents\WISO Mein Geld 2015-01-08 09:21 - 2014-02-26 09:52 - 00000000 ____D () C:\ProgramData\BDLogging 2015-01-08 08:52 - 2014-01-21 20:39 - 01679872 ___SH () C:\Users\Carolin\Desktop\Thumbs.db 2015-01-08 08:11 - 2014-01-04 22:47 - 00000000 ____D () C:\Users\Carolin 2015-01-07 18:55 - 2014-01-04 11:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-01-07 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-06 17:42 - 2014-06-16 17:26 - 00000000 ____D () C:\schrankplaner 2015-01-06 17:42 - 2013-08-22 15:44 - 00446440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-06 14:12 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\VirtualStore 2015-01-06 13:56 - 2014-01-04 23:12 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Deployment 2015-01-06 12:11 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Nitro PDF 2015-01-05 23:01 - 2014-01-07 18:01 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Mozilla 2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Google 2015-01-05 22:56 - 2014-01-13 20:40 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-05 21:30 - 2014-05-08 19:49 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-05 21:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-05 21:11 - 2014-04-27 21:00 - 00000000 ____D () C:\Users\Carolin\AppData\Temp 2015-01-05 21:11 - 2014-02-02 17:23 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\vlc 2015-01-05 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-03 16:23 - 2014-01-26 17:43 - 02090496 ___SH () C:\Users\Carolin\Downloads\Thumbs.db 2015-01-03 16:10 - 2014-01-05 17:52 - 00000000 ___RD () C:\Users\Carolin\Dropbox 2015-01-03 16:10 - 2014-01-05 17:49 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Dropbox 2015-01-03 09:22 - 2014-04-27 20:43 - 00378880 ___SH () C:\Users\Carolin\Thumbs.db 2015-01-02 17:07 - 2014-08-13 19:08 - 00012795 _____ () C:\Users\Carolin\Documents\Übersicht Planung MM.xlsx 2015-01-02 13:01 - 2014-01-04 15:14 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Apple Computer 2014-12-26 22:02 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Packages 2014-12-23 12:16 - 2014-01-04 11:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 07:19 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-22 07:19 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-22 07:19 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-20 20:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-19 17:59 - 2014-01-05 17:51 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-16 19:43 - 2014-01-04 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-16 19:40 - 2014-01-04 17:09 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-10 10:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-10 09:59 - 2014-07-09 15:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-10 09:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-10 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS Files to move or delete: ==================== C:\Users\Carolin\WDMyCloud_win.exe Some content of TEMP: ==================== C:\Users\Carolin\AppData\Local\Temp\Quarantine.exe C:\Users\Carolin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 08:19 ==================== End Of Log ============================ |
|
09.01.2015, 19:46
| #12 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\FreeTime
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 20:27
| #13 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden No fixlist.txt found. The fixlist.txt should be in the same Folder/Directory the tool is located. Was mache ich falsch? |
|
09.01.2015, 20:57
| #14 | |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenZitat:
.FRST downloaden, auf dem Desktop speichern, fixlist auf dem Desktop speichern, und schon fluppt das
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 21:16
| #15 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden sorry aber ich habe alles nochmal ausgeführt und FRST auf dem Desktop abgespeichert. Dann den fixlist.txt gespeichert. Es kommt aber leider immernoch die Meldung.  |
|
| Themen zu Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden |
| account, antiviren, aufrufe, bitdefender, blockiert, dateien, defender, entdeck, entdeckt, gefunde, hilfe, https, immernoch, infizierte, infizierten, konnte, seite, seiten, software, speziell, tagen, troja, trojan.generic., trojaner.gerneric, weiteren, windows |
Linear-Darstellung
