| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: pdfforge toolbar v.10.8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2015, 15:02
| #1 |
| |  pdfforge toolbar v.10.8 Hallo, ich habe bei den auf meinem PC installierten Programmen diese "pdfforge toolbar" gefunden (installiert am 25.1.2015), bin mir aber ganz sicher, dass ich in den letzten Tagen nichts in der Art installiert habe. Nun finde ich im Internet widersprüchliche Aussagen darüber, ob und wie man das "Dings" wieder los wird. Kann mir jemand sagen, ob ich diese Software einfach deinstallieren darf oder ob ich damit irgendetwas kaputt mache? Vielen Dank! |
|
06.02.2015, 15:05
| #2 |
| /// the machine /// TB-Ausbilder    | pdfforge toolbar v.10.8 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.02.2015, 15:24
| #3 |
| | pdfforge toolbar oh weh, hoffentlich mache ich das jetzt richtig...bitte nicht meckern!
__________________ |
|
06.02.2015, 16:12
| #4 |
| | pdfforge toolbar v.10.8 jetzt hab ich an der falschen stelle geantwortet - glaub ich -... sorry! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Ulrike (administrator) on ULRIKE_NB on 06-02-2015 15:13:43
Running from C:\Users\Ulrike\eigene programme\malwarescan
Loaded Profiles: UpdatusUser & Ulrike (Available profiles: UpdatusUser & admin & Ulrike & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DTUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
() C:\Program Files (x86)\Calibre2\calibre.exe
() C:\Program Files (x86)\Calibre2\calibre-parallel.exe
(Amazon.com) C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\Kindle.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-25] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1628944 2015-01-15] (Spigot, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1593596061-3498663440-827684741-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-1593596061-3498663440-827684741-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\...\Run: [SDP] => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [200784 2012-05-31] (Somoto)
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\...\MountPoints2: {07980b6e-8768-11e3-9679-f0def1ad8180} - E:\AutoRun.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1593596061-3498663440-827684741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1593596061-3498663440-827684741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1593596061-3498663440-827684741-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.lenovo.com&OSP=
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com%2Fig%2Fredirectdomain%3Fbrand%3DLENN%26bmod%3DLENN&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Die7%26q%3D%7BsearchTerms%7D%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%3F%7D%26ie%3D%7BinputEncoding%7D%26oe%3D%7BoutputEncoding%7D%26rlz%3D1I7LENN
URLSearchHook: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\10.8\pdfforgeToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\10.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10013&barid={4C4585C1-064E-11E2-A5E8-402CF46C9FC9}
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = hxxp://www.basicserve.com/?prt=BASICSERVE119&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = hxxp://www.basicserve.com/?prt=bscsrvlink1&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
SearchScopes: HKU\S-1-5-21-1593596061-3498663440-827684741-1004 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10013&barid={4C4585C1-064E-11E2-A5E8-402CF46C9FC9}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\windows\SysWow64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: pdfforge Toolbar -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> C:\Program Files (x86)\pdfforge Toolbar\IE\10.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Staging -> {C35B7206-62EB-F808-5475-18A6FDE7DD94} -> c:\Users\All Users\dl159\159.dll ()
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\10.8\pdfforgeToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\10.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 82.144.41.8 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-11-25]
Chrome:
=======
CHR Profile: C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (ShoppingChip) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\default\Extensions\edmdnggobolpgiahjcgdkjamkpjggbni [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Ulrike\AppData\Local\Wajam\Chrome\wajam.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 DefaultTabUpdate; C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [107520 2014-10-28] () [File not signed]
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 15:13 - 2015-02-06 15:13 - 00000000 ____D () C:\FRST
2015-01-23 16:16 - 2015-01-23 16:16 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2015-01-23 16:16 - 2015-01-23 16:16 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2015-01-17 13:53 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-17 13:53 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-17 13:53 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-17 13:53 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-17 13:53 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-17 13:53 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-17 13:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-17 13:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-17 13:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-17 13:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-17 13:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-17 13:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-17 13:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 15:13 - 2011-11-25 04:21 - 01924681 _____ () C:\windows\WindowsUpdate.log
2015-02-06 15:10 - 2012-03-12 08:40 - 00000000 ____D () C:\Users\Ulrike\Documents\My Kindle Content
2015-02-06 15:08 - 2012-03-12 07:55 - 00000000 ____D () C:\Users\Ulrike\eigene programme
2015-02-06 15:05 - 2012-03-12 07:59 - 00000000 ____D () C:\Users\Ulrike\Documents\Calibre Bibliothek
2015-02-06 15:04 - 2012-03-12 07:59 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-02-06 15:04 - 2012-03-12 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-02-06 15:04 - 2012-03-12 07:59 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-02-06 14:57 - 2013-11-19 20:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 14:52 - 2012-07-30 17:09 - 00000000 ____D () C:\Users\Ulrike\Documents\Outlook-Dateien
2015-02-06 14:46 - 2014-01-27 16:34 - 00000000 ____D () C:\ProgramData\DatacardService
2015-02-06 14:42 - 2011-11-18 21:11 - 00699682 _____ () C:\windows\system32\perfh007.dat
2015-02-06 14:42 - 2011-11-18 21:11 - 00149790 _____ () C:\windows\system32\perfc007.dat
2015-02-06 14:42 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-06 13:50 - 2011-11-25 05:13 - 00823327 _____ () C:\windows\system32\fastboot.set
2015-02-06 13:40 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 13:40 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 13:33 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-06 13:33 - 2009-07-14 05:51 - 00101821 _____ () C:\windows\setupact.log
2015-01-31 09:45 - 2013-10-03 09:54 - 00000000 ____D () C:\Users\Ulrike\Documents\Pelle
2015-01-18 16:02 - 2013-08-17 16:20 - 00000000 ____D () C:\windows\system32\MRT
2015-01-18 15:53 - 2012-03-06 08:43 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 16:12 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-12-19 19:44 - 2014-12-19 19:44 - 0003584 _____ () C:\Users\Ulrike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-19 20:38 - 2013-11-19 20:38 - 0000000 _____ () C:\ProgramData\3d25213d243726262b_c
Some content of TEMP:
====================
C:\Users\Ulrike\AppData\Local\Temp\sdpupdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-04 17:04
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Ulrike at 2015-02-06 15:14:33
Running from C:\Users\Ulrike\eigene programme\malwarescan
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1593596061-3498663440-827684741-1004\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.6.0 - Ask.com) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audials (HKLM-x32\...\{A142A311-5A9F-4C40-996D-6201FFE932A2}) (Version: 10.1.509.900 - Audials AG)
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
calibre (HKLM-x32\...\{D47B7229-AC24-4D79-96AB-880649FFC892}) (Version: 2.19.0 - Kovid Goyal)
Converter version 0.1 (HKLM-x32\...\Converter_is1) (Version: 0.1 - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.5.0.0 - Search Results, LLC) <==== ATTENTION
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Free Audio Converter version 5.0.48.923 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.48.923 - DVDVideoSoft Ltd.)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2624 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Media Go (HKLM-x32\...\{2BF9702B-52EE-4841-83C4-B5E640B6C97A}) (Version: 2.2.223 - Sony)
Media Go Video Playback Engine 1.92.161.06140 (HKLM-x32\...\{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}) (Version: 1.92.161.06140 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster 5 Beta (HKLM-x32\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (x32 Version: 1.0.65 - Rhapsody International, Inc) Hidden
NVIDIA Grafiktreiber 267.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.53 - NVIDIA Corporation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v10.8 (HKLM-x32\...\{82713977-AFBF-4295-9199-AAA4EA9F3ADF}) (Version: 10.8 - Spigot, Inc.) <==== ATTENTION
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.9.4.14625 - Sony Computer Entertainment Inc.)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ShoppingChip (HKLM-x32\...\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}) (Version: 1.1.0.1902 - ShoppingChip) <==== ATTENTION
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
Stellarium 0.10.4 (HKLM-x32\...\Stellarium_is1) (Version: - )
SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Video Downloader (HKLM-x32\...\Video Downloader) (Version: 1.14 - hxxp://www.vgrabber.com)
VideoDownloader version 0.1 (HKLM-x32\...\VideoDownloader_is1) (Version: 0.1 - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.5.0 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
x64 Components v3.5.0 (HKLM\...\x64 Components_is1) (Version: 3.5.0 - Shark007)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-01-2015 15:18:29 Removed Nero 9 Lite 4.4.9.0
04-01-2015 15:14:00 Windows Update
04-01-2015 16:41:36 Windows Update
09-01-2015 16:43:23 Windows Update
17-01-2015 13:46:39 Windows Update
18-01-2015 15:51:25 Windows Update
23-01-2015 16:24:35 Windows Update
31-01-2015 09:59:50 Windows Update
04-02-2015 16:40:40 Windows Update
06-02-2015 15:03:23 Installed calibre
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1133FCF2-044A-4AEE-A299-B26C673388A5} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2014-11-16] () <==== ATTENTION
Task: {152A509E-48E2-44C8-BEB5-563C4FE9CD94} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2014-11-16] () <==== ATTENTION
Task: {1A426B86-969F-4602-B444-69B9B5F3B470} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-02-04] () <==== ATTENTION
Task: {2A14B5B0-FCB7-423E-ACB6-3F56D93E7D9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2ABCB149-4005-432C-86E2-6BBF433A579C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {E3D78700-5F2F-4E42-ACF3-128A5F594B81} - System32\Tasks\Default2Check => c:\Users\All Users\dtdata\R003.exe [2014-11-30] () <==== ATTENTION
Task: {F3352C90-A597-4FC2-8567-FCA19EE39248} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2012-03-06 20:52 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2014-10-28 19:20 - 2014-10-28 19:20 - 00107520 _____ () C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
2012-03-08 09:26 - 2012-02-01 10:13 - 00053760 _____ () C:\windows\system32\ff_acm.acm
2012-03-08 09:26 - 2012-02-16 13:00 - 04207616 _____ () C:\Program Files\Shark007\filters\ffdshow.ax
2012-03-08 09:26 - 2009-08-11 17:22 - 00580096 _____ () C:\windows\system32\ac3filter.acm
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-02-15 13:26 - 2011-02-15 13:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2008-12-20 04:20 - 2011-11-25 05:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-25 05:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-15 06:28 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00171520 ____R () C:\Program Files (x86)\Calibre2\calibre.exe
2015-02-06 10:25 - 2015-02-06 10:25 - 00024576 ____R () C:\Program Files (x86)\Calibre2\calibre-parallel.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-02-06 10:23 - 2015-02-06 10:23 - 00037888 ____R () C:\Program Files (x86)\Calibre2\calibre-launcher.dll
2014-05-03 23:25 - 2014-05-03 23:25 - 00110080 ____R () C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll
2015-02-06 10:23 - 2015-02-06 10:23 - 00057344 ____R () C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd
2014-08-04 15:53 - 2014-08-04 15:53 - 00887808 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\platforms\qwindows.dll
2014-08-04 17:37 - 2014-08-04 17:37 - 00032256 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qdds.dll
2014-08-04 15:52 - 2014-08-04 15:52 - 00021504 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qgif.dll
2014-08-04 17:37 - 2014-08-04 17:37 - 00027648 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qicns.dll
2014-08-04 15:52 - 2014-08-04 15:52 - 00020992 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qico.dll
2014-08-04 17:37 - 2014-08-04 17:37 - 00382464 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qjp2.dll
2014-08-04 15:52 - 2014-08-04 15:52 - 00200704 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qjpeg.dll
2014-08-04 17:37 - 2014-08-04 17:37 - 00215040 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qmng.dll
2014-08-04 15:54 - 2014-08-04 15:54 - 00015872 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qsvg.dll
2014-08-04 17:37 - 2014-08-04 17:37 - 00015360 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qtga.dll
2014-08-04 17:38 - 2014-08-04 17:38 - 00308224 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qtiff.dll
2014-08-04 17:38 - 2014-08-04 17:38 - 00014848 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qwbmp.dll
2014-08-04 17:38 - 2014-08-04 17:38 - 00256000 ____R () C:\Program Files (x86)\Calibre2\qt_plugins\imageformats\qwebp.dll
2015-02-06 10:23 - 2015-02-06 10:23 - 00043520 ____R () C:\Program Files (x86)\Calibre2\plugins2\magick.pyd
2015-02-06 10:25 - 2015-02-06 10:25 - 01206272 ____R () C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_magick_.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00224768 ____R () C:\Program Files (x86)\Calibre2\DLLs\CORE_RL_lcms_.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00176128 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 01069568 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00064000 ____R () C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll
2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 ____R () C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll
2015-02-06 10:23 - 2015-02-06 10:23 - 00035840 ____R () C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd
2014-05-03 23:29 - 2014-05-03 23:29 - 00396800 ____R () C:\Program Files (x86)\Calibre2\DLLs\pythoncom27.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00132608 ____R () C:\Program Files (x86)\Calibre2\DLLs\IM_MOD_RL_PNG_.dll
2015-02-06 10:25 - 2015-02-06 10:25 - 00042496 ____R () C:\Program Files (x86)\Calibre2\DLLs\IM_MOD_RL_JPEG_.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 10679104 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtWebKit4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 08073536 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtGui4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 02253632 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtCore4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00957760 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtNetwork4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 01299264 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtScript4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00588608 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtSql4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00344896 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\QtXml4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00227136 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\WebCoreViewer.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00990528 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\libxml2.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 01125184 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\JavaScriptCore.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00659264 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\CFLite.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 07048000 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\LibWebCore.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00230720 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\libjpeg.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00071488 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\zlib1.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00031552 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\plugins\imageformats\qgif4.dll
2014-02-26 13:30 - 2014-02-26 13:30 - 00201536 _____ () C:\Users\Ulrike\AppData\Local\Amazon\Kindle\application\plugins\imageformats\qjpeg4.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1593596061-3498663440-827684741-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
==================== Accounts: =============================
admin (S-1-5-21-1593596061-3498663440-827684741-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1593596061-3498663440-827684741-500 - Administrator - Disabled)
Gast (S-1-5-21-1593596061-3498663440-827684741-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1593596061-3498663440-827684741-1003 - Limited - Enabled)
Ulrike (S-1-5-21-1593596061-3498663440-827684741-1004 - Administrator - Enabled) => C:\Users\Ulrike
UpdatusUser (S-1-5-21-1593596061-3498663440-827684741-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 01:33:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/31/2015 09:39:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PmmUpdate.exe, Version: 1.1.39.0, Zeitstempel: 0x4cd3e104
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xPmmUpdate.exe0
Pfad der fehlerhaften Anwendung: PmmUpdate.exe1
Pfad des fehlerhaften Moduls: PmmUpdate.exe2
Berichtskennung: PmmUpdate.exe3
Error: (01/26/2015 00:11:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 11:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: R003.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1490
Startzeit der fehlerhaften Anwendung: 0xR003.exe0
Pfad der fehlerhaften Anwendung: R003.exe1
Pfad des fehlerhaften Moduls: R003.exe2
Berichtskennung: R003.exe3
Error: (01/26/2015 11:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: R002.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x7a8
Startzeit der fehlerhaften Anwendung: 0xR002.exe0
Pfad der fehlerhaften Anwendung: R002.exe1
Pfad des fehlerhaften Moduls: R002.exe2
Berichtskennung: R002.exe3
Error: (01/23/2015 04:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 05:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2015 07:56:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2015 01:43:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 06:24:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/06/2015 01:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/06/2015 01:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (02/05/2015 02:44:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/26/2015 00:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/26/2015 00:10:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (01/26/2015 00:07:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/26/2015 11:35:56 AM) (Source: WMPNetworkSvc) (EventID: 14370) (User: )
Description: 0xc00d28af127.0.0.1
Error: (01/24/2015 08:43:29 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
Error: (01/24/2015 08:43:29 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
Error: (01/23/2015 04:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (02/06/2015 01:33:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/31/2015 09:39:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PmmUpdate.exe1.1.39.04cd3e104ole32.dll6.1.7601.175144ce7b96fc000000500039342c3401d03958c60ba194C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeC:\windows\syswow64\ole32.dllbb58e951-a924-11e4-a31d-f0def1ad8180
Error: (01/26/2015 00:11:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 11:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: R003.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d149001d03953e79e1e57c:\Users\All Users\dtdata\R003.exeC:\windows\syswow64\KERNELBASE.dll2ef9362c-a547-11e4-806c-f0def1ad8180
Error: (01/26/2015 11:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: R002.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d7a801d03953e79e1e57c:\Users\All Users\dtdata\R002.exeC:\windows\syswow64\KERNELBASE.dll2ef90f1c-a547-11e4-806c-f0def1ad8180
Error: (01/23/2015 04:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 05:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2015 07:56:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2015 01:43:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 06:24:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
|
|
07.02.2015, 11:01
| #5 |
| /// the machine /// TB-Ausbilder | pdfforge toolbar v.10.8 Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu pdfforge toolbar v.10.8 |
| aussagen, deinstalliere, deinstallieren, dings, einfach, entfernenwie, gefunde, installier, installierte, inter, interne, internet, irgendetwas, kaputt, nichts, pdfforge, pdfforge toolbar, programme, programmen, software, tagen, toolbar, unbekannte funde, widersprüchliche |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
