Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Schädling in Firefox / Flash

Schädling in Firefox / Flash


Log-Analyse und Auswertung: Schädling in Firefox / Flash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.01.2015, 03:38   #1
Danny902
 
Schädling in Firefox / Flash - Standard

Schädling in Firefox / Flash


Hallo,
unglücklicherweise habe ich sonst gar keine logs ... von Malwarebytes konnte ich nur das hier finden:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, 
Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, 
Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, 
Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, 
Update, 15.01.2015 23:44:51, SYSTEM, LENOVO-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 15.01.2015 23:44:51, SYSTEM, LENOVO-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.15.15, 
Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Refresh, Starting, 
Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 15.01.2015 23:45:19, SYSTEM, LENOVO-PC, Protection, Refresh, Success, 
Protection, 15.01.2015 23:45:19, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, 
Protection, 15.01.2015 23:45:20, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, 

(end)


Hier kommt Farbar


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by lenovo (administrator) on LENOVO-PC on 25-01-2015 03:10:33
Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWEGQBEU
Loaded Profiles: lenovo (Available profiles: lenovo & Simone)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
() D:\1&1 Surf-Stick\AssistantServices.exe
() C:\QuickStartUtil\VAWinService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(LPHotkey) C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
() C:\QuickStartUtil\VAWinAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2011-11-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-11-16] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2841896 2011-10-28] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-10-28] (Synaptics)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [554832 2011-07-25] (Vimicro)
HKLM-x32\...\Run: [LPHotkey] => C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe [84480 2011-12-23] (LPHotkey)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45448 2012-04-13] ()
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-30] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [UIExec] => D:\\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\MountPoints2: {1e7591cb-7320-11e3-8a71-e611572e6f9a} - E:\smoney.exe
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
SearchScopes: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HQ-Video-Pro-1.5c - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\BUEOFMG63663698@KOF20424187.com [2015-01-15]
FF Extension: YouTube Unblocker - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-18]
FF Extension: browser service - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{314095e2-14d2-447f-a39f-f56dcb3b88a5}.xpi [2015-01-18]
FF Extension: {ba37e407-ead4-41e2-bf06-e2050f70a71f} - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{ba37e407-ead4-41e2-bf06-e2050f70a71f}.xpi [2015-01-08]
FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-15]
FF HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-11-16] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-11-16] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-01-18] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-01-18] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-01-18] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-01-18] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-18] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-28] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-01-18] (G Data Software AG)
S3 cpuz134; \??\C:\Users\Simone\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 03:10 - 2015-01-25 03:10 - 00000000 ____D () C:\FRST
2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setupact.log
2015-01-24 20:42 - 2015-01-24 20:42 - 00075288 _____ () C:\Users\lenovo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 20:35 - 2015-01-24 20:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 20:35 - 2015-01-24 20:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:34 - 2015-01-24 20:34 - 00243728 _____ () C:\Users\lenovo\Downloads\Firefox Setup Stub 35.0.exe
2015-01-24 20:33 - 2015-01-24 20:33 - 00017766 _____ () C:\Users\lenovo\Documents\cc_20150124_203311.reg
2015-01-24 10:34 - 2015-01-24 10:43 - 00000000 ____D () C:\AVZ
2015-01-24 10:33 - 2015-01-24 10:35 - 00000000 ____D () C:\Users\lenovo\Downloads\avz4
2015-01-19 18:45 - 2015-01-19 18:46 - 09370136 _____ () C:\Users\lenovo\Downloads\avz4.zip
2015-01-18 22:02 - 2015-01-18 22:02 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 21:58 - 2015-01-18 21:58 - 05317104 _____ (Piriform Ltd) C:\Users\lenovo\Downloads\ccsetup501.exe
2015-01-18 21:57 - 2015-01-25 02:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job
2015-01-18 21:57 - 2015-01-24 21:57 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job
2015-01-18 21:57 - 2015-01-18 21:57 - 00003590 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b
2015-01-18 21:57 - 2015-01-18 21:57 - 00003516 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122
2015-01-18 21:55 - 2015-01-18 21:55 - 20774168 _____ (SUPERAntiSpyware) C:\Users\lenovo\Downloads\SUPERAntiSpyware.exe
2015-01-18 21:45 - 2015-01-18 21:45 - 00290816 _____ (SUPERAntiSpyware.com) C:\Users\lenovo\Downloads\SASUNINST64.EXE
2015-01-18 19:42 - 2015-01-18 19:42 - 00001989 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-01-18 18:46 - 2015-01-18 18:53 - 00000000 ____D () C:\AdwCleaner
2015-01-18 18:46 - 2015-01-18 18:46 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 18:41 - 2015-01-18 18:45 - 01707939 _____ (Thisisu) C:\Users\lenovo\Downloads\JRT.exe
2015-01-18 18:40 - 2015-01-18 18:41 - 02186752 _____ () C:\Users\lenovo\Downloads\AdwCleaner_4.108.exe
2015-01-15 23:44 - 2015-01-24 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-15 23:44 - 2015-01-15 23:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-15 23:43 - 2015-01-16 00:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-15 23:43 - 2015-01-15 23:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 23:41 - 2015-01-15 23:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lenovo\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 23:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 23:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 23:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-15 23:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-15 23:38 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 23:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 23:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 23:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 23:37 - 2015-01-15 23:37 - 00000000 __SHD () C:\Users\lenovo\AppData\Local\EmieBrowserModeList
2015-01-15 23:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 23:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 23:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 23:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 23:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 23:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 23:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 22:28 - 2015-01-15 22:28 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-08 02:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-08 02:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-08 01:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-08 01:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-08 01:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-08 01:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-08 01:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-08 01:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-08 01:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-08 01:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-08 01:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-08 01:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-08 01:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-08 01:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-08 01:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-08 01:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-08 01:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-08 01:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-08 01:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-08 01:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-08 01:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-08 01:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-08 01:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-08 01:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-08 01:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-08 01:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-08 01:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-08 01:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-08 01:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-08 01:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-08 01:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-08 01:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-08 01:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-08 01:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-08 01:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-08 01:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-08 01:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-08 01:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-08 01:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-08 01:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-08 01:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-08 01:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-08 01:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-08 01:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-08 01:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-08 01:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-08 01:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-08 01:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-08 01:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-08 01:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-08 01:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-08 01:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-08 01:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-08 01:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-08 01:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-08 01:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-08 01:28 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-08 01:28 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-08 01:28 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-08 01:28 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-08 01:28 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-08 01:28 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-08 01:28 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-08 01:28 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-08 01:28 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-08 01:28 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-08 01:28 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-08 01:28 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-08 01:28 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-08 01:28 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-08 01:28 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-08 01:28 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-08 01:28 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-08 01:28 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-08 01:26 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-08 01:26 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 03:00 - 2012-07-30 11:51 - 02053761 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 21:00 - 2013-09-06 08:51 - 00000000 ____D () C:\Users\lenovo\AppData\Local\VirtualStore
2015-01-24 20:47 - 2013-09-06 08:51 - 01648255 _____ () C:\FaceProv.log
2015-01-24 20:42 - 2014-06-06 09:32 - 00000000 ____D () C:\Files
2015-01-24 20:31 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:31 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:26 - 2012-07-30 12:30 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-24 20:24 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-24 20:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-18 22:49 - 2014-06-21 10:14 - 00000000 ____D () C:\Users\lenovo\AppData\Local\CrashDumps
2015-01-18 22:49 - 2014-01-19 14:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 22:02 - 2014-04-19 13:23 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 19:53 - 2014-01-02 15:18 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-01-18 19:42 - 2014-04-13 18:40 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2015-01-18 19:42 - 2013-10-03 13:30 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-01-18 19:42 - 2013-10-03 13:30 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-01-18 19:42 - 2013-10-03 13:30 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-01-18 19:42 - 2013-10-03 13:30 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-01-18 19:42 - 2013-10-03 13:30 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-01-15 22:31 - 2013-10-04 20:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-15 22:28 - 2014-05-18 19:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-07-18 00:15 - 2014-07-18 00:15 - 0007602 _____ () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg
2014-06-25 20:14 - 2014-06-25 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-15 23:25 - 2014-06-15 23:40 - 0001292 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:44

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by lenovo at 2015-01-25 03:12:39
Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWEGQBEU
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
8600_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8600_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7F1DFA4D-90E8-D120-FA5A-3592A17D49A8}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.140 - Atheros Communications)
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.0 - Conexant)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{E9E06C3D-C5EB-40FF-B7A3-03610079C3F9}) (Version: 3.5.36.0 - Fresco Logic Inc.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro K8600 (HKLM\...\{5FA67C2B-DAAB-4F7B-AE09-CA97FE73EA59}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
K8600 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Kindle Converter (HKLM-x32\...\kindleConverter) (Version: 1.2.1 - eBook Converter)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0927.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
LPHotkey (HKLM-x32\...\{3E4A591C-891D-4567-B330-528F471A6768}) (Version: 1.00.0000 - Lenovo)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPM (HKLM-x32\...\{BAB0F8F5-282A-45F1-B31A-EB894827456B}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
QuickStart (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.36.238 - VideACE Co.)
QuickStart (x32 Version: 3.0.36.238 - VideACE Co.) Hidden
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
StarMoney (x32 Version: 4.0.1.51 - StarFinanz) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.31.1 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0906 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {083CF582-A853-4900-B46D-E944D76889C0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {0C71EDA6-E17A-4125-A519-6BCA4A6F9E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2ECA1482-7A79-4019-B2D9-A726A63B597F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {66759173-C8E0-4F0E-BF78-ABD5FF131289} - System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6BB27783-8B6A-44A1-9C0E-A5AD7114ADD5} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {BEBF544F-19A5-489D-87FF-1065527A434F} - System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {EACC9082-B0FB-46A4-8634-85C599DF9A01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 17:41 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-05-06 19:20 - 2010-09-30 13:00 - 00253264 _____ () D:\1&1 Surf-Stick\AssistantServices.exe
2011-03-25 16:55 - 2011-03-25 16:55 - 00091464 _____ () C:\QuickStartUtil\VAWinService.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2012-07-30 12:30 - 2012-07-30 12:29 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-30 12:30 - 2012-07-30 12:29 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 15:22 - 2012-07-30 12:34 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2012-07-30 12:34 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-04-13 14:41 - 2012-04-13 14:41 - 00045448 _____ () C:\QuickStartUtil\VAWinAgent.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-03-26 06:04 - 2012-03-26 06:04 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-02 16:34 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00157000 _____ () C:\QuickStartUtil\libexpat.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00061768 _____ () C:\QuickStartUtil\netProfileDatabase.DLL
2012-07-30 12:29 - 2012-07-30 12:29 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2971336435-624878665-679844752-500 - Administrator - Disabled)
Gast (S-1-5-21-2971336435-624878665-679844752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2971336435-624878665-679844752-1007 - Limited - Enabled)
lenovo (S-1-5-21-2971336435-624878665-679844752-1000 - Administrator - Enabled) => C:\Users\lenovo
Patrik (S-1-5-21-2971336435-624878665-679844752-1001 - Limited - Enabled)
Simone (S-1-5-21-2971336435-624878665-679844752-1002 - Administrator - Enabled) => C:\Users\Simone

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 08:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 03:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 00:47:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/24/2015 10:24:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 09:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 07:58:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/24/2015 08:25:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/24/2015 08:25:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (01/24/2015 08:24:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (01/24/2015 08:24:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (01/24/2015 08:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/24/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/24/2015 05:40:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\utexnzy4.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/24/2015 05:40:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\utexnzy4.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/24/2015 03:07:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (01/24/2015 03:07:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (01/24/2015 08:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 03:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 00:47:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/24/2015 10:24:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 09:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 07:58:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3658.36 MB
Available physical RAM: 1843.36 MB
Total Pagefile: 7314.91 MB
Available Pagefile: 4429.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:269.09 GB) (Free:183.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:16.29 GB) (Free:11.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 60DDD15E)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=12)

==================== End Of Log ============================
Vielleicht hilft noch die Meldung die G-Data ausspuckt sobald ich mein Firefox öffne:

Virenprüfung von Web-Inhalten

Adresse: hxxp://downvideoplayer.com/favicon.ico
Status: Der Zugriff wurde verweigert.

Antwort

Themen zu Schädling in Firefox / Flash
antiviren, bereits, checken, einiger, firefox, flash, formatiere, formatieren, g-data, gen, guten, hoffe, kleine, logfiles, meldungen, probleme, programme, schei, schädling, schädlinge, stark, starte, superantispyware, virenmeldungen, vorhanden


« dllhost.exe poppt alle 10-20 Sekunden auf | TR/Dldr.Agent.1169920.6 »


Ähnliche Themen: Schädling in Firefox / Flash


  1. Win7_Rechner hängt/Internet langsam/ständig Meldung: Plug-in (Shockwave Flash / oder Flash Player) hängt oder reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (19)
  2. Pop ups von Flash Player Updates etc. + Flash Player funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (8)
  3. Explorer.exe, FireFox & Flash instabil - ProgDVB Setup startet Automatisch
    Log-Analyse und Auswertung - 29.06.2014 (5)
  4. Zufällige Flash-Werbung auf beliebigen Seiten (Firefox/Chrome)
    Log-Analyse und Auswertung - 23.09.2013 (9)
  5. Schädling der String Wert in Firefox about:config erstellt - was bewirkt der Eintrag?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (5)
  6. Weisses Flash-Popup in Firefox
    Log-Analyse und Auswertung - 28.07.2013 (13)
  7. Downloads wie Flash, Java oder Firefox Updates laden sehr langsam. Unbekannte Downloads laden jedoch schnell.
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (7)
  8. Fragen zu Updates Browser FireFox und Adobe Flash Player!
    Diskussionsforum - 02.10.2012 (3)
  9. Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab
    Log-Analyse und Auswertung - 26.09.2012 (41)
  10. Firefox / plugin-container.exe - Absturz/ adobe flash player --> Problem
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (8)
  11. FireFox friert beim Abspielen von Flash-Inhalten ein
    Alles rund um Windows - 24.01.2012 (3)
  12. Flash-Cookies im Griff: Adobe veröffentlicht Flash 10.3
    Nachrichten - 13.05.2011 (0)
  13. Firefox hilft Millionen Anwendern beim Schließen von Flash-Lücken
    Nachrichten - 17.09.2009 (0)
  14. Firefox 3 - Probleme mit neuster Flash Version
    Alles rund um Windows - 02.02.2009 (9)
  15. Flash Player lässt sich nicht für Firefox (nur für Opera) installieren!
    Alles rund um Windows - 06.07.2008 (1)
  16. Schädling oder nicht Schädling ?!?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schädling in Firefox / Flash - Hallo, unglücklicherweise habe ich sonst gar keine logs ... von Malwarebytes konnte ich nur das hier finden: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, - Schädling in Firefox / Flash...
Archiv
Du betrachtest: Schädling in Firefox / Flash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19