| |
| |||||||
Log-Analyse und Auswertung: detect meldet njrat. fehlalarm?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.01.2015, 07:45
| #1 |
 |  detect meldet njrat. fehlalarm?Code:
ATTFilter Following is what I discovered:
Njrat
This is a common trojan which is free to download from the Internet and available to just about anyone. It should be normally detected and quarantined by major AntiVirus software. Although it is impossible to guess who might be targeting you, you should seek for assistance nevertheless.
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Admin (administrator) on LENOVOT500 on 14-01-2015 23:03:06
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\ehome\ehrec.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432424 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [ACWLIcon] => C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-19] (Avira)
HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10387752 2014-12-26] (SecureMix LLC)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-19] (Avira)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {9a216f5d-3530-3b1a-8006-9a1233402fba} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {4c3d7a5e-7476-3c21-9717-0614ce209c44} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {aa0bacc8-a5df-34b0-acd8-e6739d92010e} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {0f20db5b-365d-3cc6-82eb-41207f77bb71} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: Amazon.de
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "ftp", "41.75.201.146"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "41.75.201.146"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "41.75.201.146"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "41.75.201.146"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\alle-preise---guenstigerde.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\billigerde.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\dawanda.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\thepiratebayorg.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\searchplugins\youtube-videosuche.xml
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: DuckDuckGo Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-11-10]
FF Extension: Media Hint - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\mediahint@jetpack.xpi [2013-08-13]
FF Extension: Stealthy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-16]
FF Extension: Ebay Negs! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\{265b0520-499e-11d9-9669-0800200c9a66}.xpi [2013-07-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-04]
FF Extension: IMDB Search - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-10-20]
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\juoq6e0y.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-07-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-11-13] (Box, Inc.)
R2 DiskBoss Service; C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe [114688 2014-02-27] () [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6296872 2014-12-26] (SecureMix LLC)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2014-12-25] (SecureMix LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 23:03 - 2015-01-14 23:05 - 00022048 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-14 22:53 - 2015-01-14 22:53 - 00000329 _____ () C:\Users\Admin\Desktop\detct.txt
2015-01-14 15:26 - 2015-01-14 15:26 - 00035969 _____ () C:\Users\Admin\Downloads\Antw RE Umrechnungsbitte Notenspiegel.zip
2015-01-13 23:30 - 2015-01-13 23:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LENOVOT500-Microsoft-Windows-7-Professional-(64-bit).dat
2015-01-13 23:30 - 2015-01-13 23:30 - 00000000 ____D () C:\RegBackup
2015-01-13 22:59 - 2015-01-13 22:59 - 00000982 _____ () C:\Users\Admin\Desktop\AdwCleaner[S1].txt
2015-01-13 20:33 - 2015-01-13 20:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-13 20:29 - 2015-01-13 20:32 - 00000758 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-13 20:19 - 2015-01-13 20:19 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 19:30 - 2015-01-13 20:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-13 19:28 - 2015-01-13 20:18 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-01-13 19:26 - 2015-01-13 18:53 - 01707939 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-01-13 19:26 - 2015-01-13 17:10 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Desktop\mbar-1.08.2.1001.exe
2015-01-13 19:25 - 2015-01-13 15:32 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2015-01-13 19:25 - 2015-01-13 02:29 - 02191360 _____ () C:\Users\Admin\Desktop\adwcleaner_4.107.exe
2015-01-13 19:14 - 2015-01-13 19:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-13 18:41 - 2015-01-13 18:47 - 00000000 ____D () C:\Users\Admin\Desktop\unsortiere bilder
2015-01-13 16:55 - 2015-01-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-13 16:55 - 2015-01-13 16:55 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-13 16:55 - 2015-01-13 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-13 16:46 - 2015-01-13 16:46 - 00093944 _____ () C:\Users\Admin\Documents\cc_20150113_164634.reg
2015-01-13 15:36 - 2015-01-13 15:36 - 00112430 _____ () C:\Users\Admin\Desktop\otl.txt
2015-01-13 14:24 - 2015-01-13 14:24 - 00001056 _____ () C:\Users\Admin\Desktop\mabm.txt
2015-01-13 13:51 - 2015-01-13 19:30 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 13:50 - 2015-01-13 19:28 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 13:50 - 2015-01-13 13:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-13 13:50 - 2015-01-13 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-13 13:50 - 2015-01-13 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 13:50 - 2015-01-13 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-13 13:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 13:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 13:49 - 2015-01-13 13:49 - 00001685 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-13 13:31 - 2015-01-13 22:55 - 00000000 ____D () C:\AdwCleaner
2015-01-13 13:29 - 2015-01-13 13:29 - 09434846 _____ () C:\Users\Admin\Desktop\AVSCAN-20150113-012006-75647876.LOG
2015-01-13 01:12 - 2015-01-14 23:03 - 00000000 ____D () C:\FRST
2015-01-13 01:12 - 2015-01-13 00:59 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-09 17:38 - 2015-01-09 17:38 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-01-09 17:38 - 2015-01-09 17:38 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-09 17:38 - 2015-01-09 17:38 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-05 17:36 - 2015-01-05 17:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamViewer
2015-01-05 17:02 - 2015-01-05 17:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-05 16:50 - 2015-01-13 15:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-05 16:50 - 2015-01-05 16:50 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-05 16:49 - 2015-01-05 16:49 - 07718224 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup_de.exe
2015-01-05 16:22 - 2015-01-05 16:22 - 00001905 _____ () C:\Users\Admin\Desktop\GlassWire.lnk
2015-01-05 16:22 - 2015-01-05 16:22 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2015-01-05 16:22 - 2015-01-05 16:22 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2015-01-05 16:22 - 2014-12-26 09:42 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2015-01-05 16:22 - 2014-12-25 12:28 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2015-01-05 16:20 - 2015-01-05 16:20 - 16644584 _____ (SecureMix LLC) C:\Users\Admin\Downloads\GlassWireSetup(1).exe
2015-01-04 10:42 - 2015-01-05 11:33 - 01054912 _____ (Adobe) C:\Users\Admin\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
2014-12-31 00:55 - 2014-12-31 00:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 14:38 - 2014-12-27 14:38 - 00002195 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-27 14:38 - 2014-12-27 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinZip
2014-12-27 14:38 - 2014-12-27 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-27 14:36 - 2014-12-27 14:38 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-27 14:36 - 2014-12-27 14:37 - 00000000 ____D () C:\Program Files\WinZip
2014-12-27 14:34 - 2014-12-27 14:35 - 62967296 _____ () C:\Users\Admin\Downloads\wz190gev-64.msi
2014-12-18 12:49 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 12:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 23:05 - 2009-07-14 05:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:05 - 2009-07-14 05:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:03 - 2010-11-21 07:50 - 00685480 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 23:03 - 2010-11-21 07:50 - 00145280 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 23:03 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 22:58 - 2014-12-01 04:34 - 00021333 _____ () C:\Windows\setupact.log
2015-01-14 22:58 - 2013-12-01 20:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 22:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 22:55 - 2013-06-08 19:36 - 02054956 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 22:54 - 2014-03-06 00:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-14 22:54 - 2013-11-17 03:36 - 00000000 ____D () C:\Users\Admin\Documents\Calibre-Bibliothek
2015-01-14 22:52 - 2014-11-20 09:41 - 00084996 _____ () C:\Users\Admin\Downloads\detekt.log
2015-01-14 22:50 - 2013-12-01 20:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 22:09 - 2014-03-21 09:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 00:02 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-14 00:01 - 2013-11-12 10:59 - 00437430 _____ () C:\Windows\PFRO.log
2015-01-14 00:01 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\CSC
2015-01-14 00:01 - 2009-07-14 05:45 - 04958544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-13 23:58 - 2013-06-08 19:43 - 00064424 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 23:56 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2015-01-13 23:22 - 2014-04-19 22:13 - 00000000 ____D () C:\Users\Admin\Documents\Wessling, Kathrin - Drüberleben - Depressionen sind doch kein Grund traurig zu sein
2015-01-13 23:02 - 2011-10-24 13:35 - 00000000 ____D () C:\Users\Admin\Desktop\Tweaking.com - Windows Repair
2015-01-13 18:41 - 2014-11-30 17:51 - 00000000 ____D () C:\Users\Admin\Desktop\bitcoin
2015-01-13 16:42 - 2014-03-16 08:32 - 00000000 ____D () C:\Users\Admin\Tracing
2015-01-13 16:42 - 2013-11-11 00:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-13 16:22 - 2013-06-08 20:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 16:18 - 2013-07-08 09:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nitro PDF
2015-01-13 15:49 - 2013-10-30 16:59 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-13 15:38 - 2013-07-08 06:51 - 00000000 ____D () C:\Program Files (x86)\R-Studio
2015-01-13 14:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-13 14:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-13 13:44 - 2013-06-08 19:41 - 00000000 ____D () C:\Users\Admin
2015-01-12 11:14 - 2014-11-28 17:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Box Sync
2015-01-11 08:25 - 2014-08-13 19:56 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-09 04:55 - 2014-11-28 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-12-23 19:43 - 2013-12-08 22:18 - 00000000 ____D () C:\Users\Admin\Documents\Einzelheiten zum eBay-Kauf-Dateien
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 02:59
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Admin at 2015-01-14 23:06:06
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop 7.0.1 (HKLM-x32\...\Adobe Photoshop 7.0.1) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\Bitcoin Core (64-bit)) (Version: 0.9.3 - Bitcoin Core project)
Box Sync (HKLM\...\{D755A205-DD3A-414E-9037-CD476673FCB0}) (Version: 4.0.5955.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.5693.0 - Box Inc.) Hidden
calibre 64bit (HKLM\...\{7DAFBA8E-9BBB-4411-80EF-3AF43C80B017}) (Version: 1.11.0 - Kovid Goyal)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.0.0 - Nikon)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DiskBoss 4.3.18 (HKLM-x32\...\DiskBoss) (Version: 4.3.18 - Flexense Computing Systems Ltd.)
Dropbox (HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\Dropbox) (Version: 2.10.51 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.35 - SecureMix LLC)
GoGet 1.1.0 (HKLM-x32\...\GoGet) (Version: 1.1.0 - Sound Doctrine Ministries)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 11 Essentials CDPack (HKLM-x32\...\{BD0516DD-705C-441F-A30D-1CC289895309}) (Version: 11.0.00200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nitro Reader 3 (HKLM\...\{F6478CC2-B1B3-497E-9BEA-94C1676637DF}) (Version: 3.5.5.2 - Nitro)
O&O DiskRecovery (HKLM\...\{E1EC311E-EB1A-461E-A0BE-FA796852436D}) (Version: 7.1.183 - O&O Software GmbH)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.0 - Nikon)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Zattoo Live TV (HKU\S-1-5-21-3899542576-3065808786-2114398330-1000\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3899542576-3065808786-2114398330-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-13 23:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0ED24211-4A89-4CDD-8A81-52F8128488C2} - System32\Tasks\{8F63ACD8-AA1E-4AE1-8232-651C778325E9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=502
Task: {1B57820C-B5FB-4D3E-811C-7BFF2496A270} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {1BAFB76D-2B97-414B-813E-082C55D386C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {38C50108-6AEF-4E7E-9E34-28AA56990E2C} - System32\Tasks\{9825C987-ACC2-4137-9E34-1FC89E22AA6F} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Task: {3BDE7EAB-67BB-4F2D-B0B0-8AD69C840117} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {3BF21FF8-C064-4D6C-8525-F8D0711E23C2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {4F8D5981-44B7-40E0-A187-3981EE6A0BB1} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {6F255CB8-B7D0-4C5D-8904-2F1A39F6B503} - System32\Tasks\{B740E12A-3822-4035-B764-9E23FEBA09E7} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=502
Task: {74BE5CA3-7BDF-49AF-B8BC-FD2B0BB6E2CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {74FC90F5-29C2-4333-986A-190929198EEE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {8AF2E676-F1C1-421F-B7B1-1C59E7C4547A} - System32\Tasks\{2B8E2C3E-3969-455D-BB4F-63AB522ED860} => D:\Autoplay.exe
Task: {8DE0C9C7-B3EB-4A82-8217-C414D79BCBB7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {92E6D1DF-985A-4551-A130-5E50CA59093E} - System32\Tasks\{F125F12C-3B41-445C-ADCB-25B8A97CF9DF} => C:\Program Files (x86)\Zattoo4\Zattoo.exe
Task: {A22A35DD-E30B-4922-AD01-72DE43911778} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {A472BB1C-824A-4F8D-B36E-AC71756BA266} - System32\Tasks\{37A1F0EC-8525-420B-896A-BFD398AA0219} => C:\Program Files (x86)\Zattoo4\Zattoo.exe
Task: {ACD9F49A-6690-4A7B-BB4E-127D8411101C} - System32\Tasks\Admin => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18] (Nero AG)
Task: {B7D8C91F-3C09-4B67-8D55-D2DC1E013EEF} - System32\Tasks\{FF896C6B-CC22-4A1E-ACCE-6484D5957278} => C:\Program Files (x86)\Zattoo4\Zattoo.exe
Task: {BED2C05C-40A7-4C3D-B7C1-643A319AD5DF} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-19] (Avira)
Task: {BF633798-696B-4D4A-A3EC-30CE11845CB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {C4FAE52B-5CD7-43DF-A207-4EB94A7774FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DCA46843-79D1-4F21-B4D2-DB93989023CC} - System32\Tasks\{221D8DD5-4F07-4662-BA14-F36BB888979B} => C:\Program Files (x86)\Zattoo4\Zattoo.exe
Task: {DDFFF8C4-3293-49D0-83FE-0D7E7231435D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E27B9481-BF77-49EB-B4D9-EF0DBF6AFE73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {E7B28417-994C-4A24-A872-6BACFA4DB6D0} - System32\Tasks\{7D5F82AA-49E4-4CB2-8301-9F3ABFA0B3F2} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=502
Task: {F12592FE-4E9D-4937-9F22-9099361A7501} - System32\Tasks\{8DEA707D-33A9-4FC6-B37A-169A63448B16} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=502
Task: {F5E51EFA-5D95-4217-B7AE-165FA92C1042} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {F7527116-B41B-496D-BE95-8BDB9CEAEF82} - System32\Tasks\{066231E1-926A-44E6-B53A-2DBA7B9694EE} => C:\Program Files (x86)\Zattoo4\Zattoo.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-08 20:10 - 2013-04-23 05:54 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-02-27 10:30 - 2014-02-27 10:30 - 00114688 _____ () C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe
2013-12-06 01:24 - 2013-12-06 01:24 - 00084952 _____ () C:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll
2014-02-27 10:23 - 2014-02-27 10:23 - 02306048 _____ () C:\Program Files (x86)\DiskBoss\bin\libdbs.dll
2014-02-27 10:20 - 2014-02-27 10:20 - 00700416 _____ () C:\Program Files (x86)\DiskBoss\bin\libpal.dll
2013-07-04 19:47 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-04 19:47 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-04 19:47 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-04 19:47 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-04 19:47 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-12-26 09:51 - 2014-12-26 09:51 - 00893224 _____ () C:\Program Files (x86)\GlassWire\platforms\qwindows.dll
2014-12-26 09:51 - 2014-12-26 09:51 - 00030504 _____ () C:\Program Files (x86)\GlassWire\imageformats\qico.dll
2014-12-26 09:51 - 2014-12-26 09:51 - 00248104 _____ () C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll
2014-12-09 14:00 - 2014-12-09 14:01 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Admin\Desktop\00000.MTS:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
========================= Accounts: ==========================
Admin (S-1-5-21-3899542576-3065808786-2114398330-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3899542576-3065808786-2114398330-500 - Administrator - Disabled)
Gast (S-1-5-21-3899542576-3065808786-2114398330-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3899542576-3065808786-2114398330-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 05:59:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/14/2015 05:21:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/14/2015 01:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TinyWall.exe, Version: 2.1.4.0, Zeitstempel: 0x51e2dfe8
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x1398
Startzeit der fehlerhaften Anwendung: 0xTinyWall.exe0
Pfad der fehlerhaften Anwendung: TinyWall.exe1
Pfad des fehlerhaften Moduls: TinyWall.exe2
Berichtskennung: TinyWall.exe3
Error: (01/14/2015 01:22:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: TinyWall.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
bei System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (01/14/2015 03:06:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (01/14/2015 01:09:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 00:06:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 00:05:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (01/14/2015 00:05:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (01/13/2015 11:59:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/14/2015 11:03:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (01/14/2015 11:00:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (01/14/2015 11:00:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/14/2015 11:00:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/14/2015 11:00:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.
Error: (01/14/2015 01:08:08 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (01/14/2015 01:07:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/14/2015 01:06:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/14/2015 01:06:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (01/14/2015 01:05:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.01.2015 um 01:02:57 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/14/2015 05:59:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\Admin\AppData\Local\Temp\_MEI79842\detekt.exe.manifest
Error: (01/14/2015 05:21:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\Admin\AppData\Local\Temp\_MEI71242\detekt.exe.manifest
Error: (01/14/2015 01:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TinyWall.exe2.1.4.051e2dfe8KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d139801d02f8e40257ba0C:\Program Files (x86)\TinyWall\TinyWall.exeC:\Windows\system32\KERNELBASE.dll0aae8cfd-9be8-11e4-87de-00234df2700e
Error: (01/14/2015 01:22:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: TinyWall.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
bei System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (01/14/2015 03:06:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (01/14/2015 01:09:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
Error: (01/14/2015 00:06:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
Error: (01/14/2015 00:05:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (01/14/2015 00:05:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (01/13/2015 11:59:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-08-14 14:02:34.474
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:02:34.297
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:02:34.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:02:34.052
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-15 17:50:41.121
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-15 17:50:41.058
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-15 17:50:40.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-15 17:50:40.906
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-07 23:27:13.855
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-07 23:27:13.805
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\Downloads\testdisk-6.13.win (1)\testdisk-6.13\recup_dir.61\f2094583_SDWSCSvc.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 60%
Total physical RAM: 3992.03 MB
Available physical RAM: 1582.97 MB
Total Pagefile: 7982.23 MB
Available Pagefile: 4958.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:13.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 98652D98)
Partition 1: (Active) - (Size=103 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: N/A
Benutzerkonto: LenovoT500\Admin
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 13.01.2015 16:57:13
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0d2eaf4f.qua -> (Quarantine-8) gefunden: Gen:Variant.Kazy.140456 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\11019c0a.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\50f0e327.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\546fb842.qua -> (Quarantine-8) gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\559bf49c.qua -> (Quarantine-8) gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\655a8479.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
Gescannt 215725
Gefunden 6
Scan Ende: 13.01.2015 19:14:55
Scan Zeit: 2:17:42
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\655a8479.qua Quarantäne Gen:Variant.Adware.NewNextMe.1 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\559bf49c.qua Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\546fb842.qua Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\50f0e327.qua Quarantäne Gen:Variant.Adware.NewNextMe.1 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\11019c0a.qua Quarantäne Gen:Variant.Adware.NewNextMe.1 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0d2eaf4f.qua Quarantäne Gen:Variant.Kazy.140456 (B)
Quarantäne 6
Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 22:55:03
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin - LENOVOT500
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [1670 octets] - [13/01/2015 13:31:29]
AdwCleaner[R1].txt - [922 octets] - [13/01/2015 22:24:48]
AdwCleaner[S0].txt - [1685 octets] - [13/01/2015 13:43:59]
AdwCleaner[S1].txt - [844 octets] - [13/01/2015 22:55:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [903 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Admin on 13.01.2015 at 20:19:20,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\juoq6e0y.default\minidumps [129 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.01.2015 at 20:29:20,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14.01.2015 Scan Time: 23:14:57 Logfile: Administrator: No Version: 2.00.4.1028 Malware Database: v2015.01.14.10 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Admin Scan Type: Threat Scan Result: Completed Objects Scanned: 332629 Time Elapsed: 20 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) |
| Themen zu detect meldet njrat. fehlalarm? |
| 0x8007042, antivirus, avira, bildschirm, browser, chromium, dllhost.exe, error, feedback, fehlalarm, fehler, festplatte, firefox, flash player, helper, installation, internet, logfile, mozilla, onedrive, pwmtr64v.dll, refresh, registry, rundll, scan, security, svchost.exe, system, taskmanager, trojan, usb, windows |
Baum-Darstellung