Trojaner-Board - Nach iTunes Installation Probleme u. a. mit Lollipop

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Nach iTunes Installation Probleme u. a. mit Lollipop (https://www.trojaner-board.de/148069-itunes-installation-probleme-u-a-lollipop.html)

Nach iTunes Installation Probleme u. a. mit Lollipop

Hallo,
folgendes Problem. Malewarebytes hat 77 infizierte Dateien gefunden.
Entstanden ist es sehr wahrscheinlich durch installieren eines falschen iTunes aus dem Netz, denn es wurden zusätzlich dazu noch weitere Programme installiert.
Darauf hin deinstallierte ich die Programme bei denen es möglich war. Lollipop konnte nicht deinstalliert werden. Deswegen setzte ich den Rechner zurück und es schien zu funktionieren, außer das Malewarebytes nun diese 77 infizierte Dateien fand.
Was tun?
Danke für die Hilfe!

Hier der Logfile:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jennifer :: JENNIFER-THINK [Administrator]

16.01.2014 20:26:37
MBAM-log-2014-01-16 (20-39-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209187
Laufzeit: 12 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 19
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 58
C:\Users\Jennifer\Downloads\Setup.exe (PUP.Optional.Outbrowse) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Homepage.lnk (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Contact Us.lnk (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Help.lnk (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\Uninstall PriceGong.lnk (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop\lollipop_01011405.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop\lollipop.dat (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop\lollipop_01011405.dat (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop\lollipop_01011405_cfg.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Local\Lollipop\lollipop_01011405_ps.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Jennifer\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

(Ende)

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 02

Ran by Jennifer (administrator) on JENNIFER-THINK on 17-01-2014 16:40:24

Running from C:\Users\Jennifer\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

() C:\Windows\System32\DTS.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(AuthenTec, Inc.) C:\Windows\System32\ATService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)

HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)

HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)

HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKCU\...\Policies\Explorer: [DisallowCpl] 1

Lsa: [Notification Packages] scecli ACGina
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC4A11A0B1873CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default

FF user.js: detected! => C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default\user.js

FF SelectedSearchEngine: Google

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)

R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)

R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)

R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()

R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)

R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 e36gbus; C:\Windows\system32\drivers\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)

S3 e36gmgmt; C:\Windows\system32\drivers\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)

S3 e36wgps; C:\Windows\system32\drivers\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)

R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)

R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2010-12-01] (Ericsson AB)

R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)

R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)

R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)

R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)

R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-17 16:40 - 2014-01-17 16:40 - 00013293 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-17 16:38 - 2014-01-17 16:38 - 00000000 ____D C:\FRST

2014-01-17 16:37 - 2014-01-17 16:37 - 02075648 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-16 20:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-16 20:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-16 20:34 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-07 18:13 - 2014-01-17 16:32 - 00000448 _____ C:\Windows\setupact.log

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2013-12-26 18:34 - 2013-12-26 18:52 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files\iTunes

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:30 - 2013-12-26 18:31 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:28 - 2013-12-26 18:29 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:18 - 2014-01-07 17:49 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2013-12-26 18:18 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX

2013-12-26 18:07 - 2014-01-07 17:49 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\newnext.me

2013-12-26 18:07 - 2014-01-07 17:49 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Lollipop

2013-12-26 18:07 - 2014-01-07 17:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Mobogenie

2013-12-26 18:07 - 2014-01-03 23:42 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\Documents\Mobogenie

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android

2013-12-26 18:06 - 2014-01-07 17:49 - 00000000 ____D C:\Program Files (x86)\Mobogenie

2013-12-26 18:05 - 2014-01-07 17:11 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Systweak

2013-12-26 18:05 - 2013-07-11 13:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe

2013-12-26 18:04 - 2013-12-26 18:05 - 00000000 ____D C:\Users\Jennifer\AppData\Local\SearchProtect

2013-12-26 18:04 - 2013-12-26 18:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect

2013-12-26 18:01 - 2013-12-26 18:01 - 00109144 _____ () C:\Users\Jennifer\Downloads\Setup.exe

2013-12-19 17:51 - 2014-01-11 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 

==================== One Month Modified Files and Folders =======
 

2014-01-17 16:40 - 2014-01-17 16:40 - 00013293 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-17 16:40 - 2012-09-27 15:55 - 01101712 _____ C:\Windows\WindowsUpdate.log

2014-01-17 16:38 - 2014-01-17 16:38 - 00000000 ____D C:\FRST

2014-01-17 16:37 - 2014-01-17 16:37 - 02075648 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-17 16:36 - 2012-01-12 14:50 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job

2014-01-17 16:36 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-17 16:36 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-17 16:32 - 2014-01-07 18:13 - 00000448 _____ C:\Windows\setupact.log

2014-01-17 16:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-17 16:32 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-16 22:13 - 2013-07-20 22:54 - 00000000 ____D C:\Windows\system32\MRT

2014-01-16 22:12 - 2012-01-12 14:28 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-16 22:10 - 2012-01-12 14:50 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2014-01-16 22:09 - 2012-11-26 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-16 20:37 - 2012-01-12 14:50 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher

2014-01-16 20:36 - 2012-01-12 14:50 - 00000000 ____D C:\ProgramData\PCDr

2014-01-16 20:34 - 2012-01-12 14:11 - 01623224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-16 20:34 - 2011-04-12 08:43 - 00714294 _____ C:\Windows\system32\perfh007.dat

2014-01-16 20:34 - 2011-04-12 08:43 - 00154346 _____ C:\Windows\system32\perfc007.dat

2014-01-16 20:34 - 2009-07-14 06:13 - 01623224 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-12 12:44 - 2012-11-02 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-11 16:54 - 2013-12-19 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2014-01-08 16:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:05 - 2013-10-26 19:03 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-07 18:05 - 2013-10-26 19:03 - 00000000 ____D C:\Program Files\CCleaner

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iTunes

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files (x86)\iTunes

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 18:01 - 2013-12-26 18:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2014-01-07 17:56 - 2013-11-16 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-07 17:56 - 2012-11-02 14:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Mozilla

2014-01-07 17:56 - 2012-11-02 14:32 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2014-01-07 17:51 - 2012-11-02 13:20 - 00000000 ____D C:\Users\Jennifer

2014-01-07 17:50 - 2013-11-08 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

2014-01-07 17:50 - 2013-10-26 19:05 - 00000000 ____D C:\Program Files (x86)\PriceGong

2014-01-07 17:49 - 2013-12-26 18:18 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2014-01-07 17:49 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\newnext.me

2014-01-07 17:49 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Lollipop

2014-01-07 17:49 - 2013-12-26 18:06 - 00000000 ____D C:\Program Files (x86)\Mobogenie

2014-01-07 17:49 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV

2014-01-07 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2014-01-07 17:20 - 2012-01-12 20:50 - 00000000 ____D C:\Windows\Panther

2014-01-07 17:11 - 2013-12-26 18:05 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Systweak

2014-01-07 17:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Mobogenie

2014-01-03 23:42 - 2013-12-26 18:07 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:52 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:31 - 2013-12-26 18:30 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:29 - 2013-12-26 18:28 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\Documents\Mobogenie

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android

2013-12-26 18:05 - 2013-12-26 18:04 - 00000000 ____D C:\Users\Jennifer\AppData\Local\SearchProtect

2013-12-26 18:04 - 2013-12-26 18:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect

2013-12-26 18:01 - 2013-12-26 18:01 - 00109144 _____ () C:\Users\Jennifer\Downloads\Setup.exe

2013-12-19 14:25 - 2013-12-08 15:13 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Thunderbird

2013-12-18 15:56 - 2013-05-07 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-12-18 15:56 - 2013-04-08 20:48 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-18 15:56 - 2013-04-08 20:48 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
 

Files to move or delete:

====================

C:\Users\Jennifer\AmazonMP3Downloader.exe

C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll

C:\Users\Jennifer\Uninstall.exe
 
 

Some content of TEMP:

====================

C:\Users\Default\AppData\Local\Temp\KUIU.EXE

C:\Users\Default User\AppData\Local\Temp\KUIU.EXE

C:\Users\Jennifer\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-16 21:14
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 02

Ran by Jennifer at 2014-01-17 16:41:00

Running from C:\Users\Jennifer\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)

Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)

Anzeige am Bildschirm (Version: 6.60.01 - )

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

CCleaner (Version: 4.09 - Piriform)

Conexant 20561 SmartAudio HD (Version: 4.92.12.0 - Conexant)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photo Creations (x32 Version: 1.0.0.7702 - HP)

HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)

Intel(R) Management Engine Interface (Version:  - Intel Corporation)

Intel(R) Network Connections Drivers (Version: 16.1 - Intel)

Intel® Active Management Technology (Version:  - Intel Corporation)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo Auto Scroll Utility (Version: 1.10 - )

Lenovo Fingerprint Software (Version: 3.3.2.27 - AuthenTec, Inc.)

Lenovo Patch Utility (x32 Version: 1.00.0000 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (Version: 1.20.0001 - Lenovo Group Limited)

Lenovo Power Management Driver (Version: 1.67.04.04 - )

Lenovo System Interface Driver (Version: 1.05 - )

Lenovo System Update (x32 Version: 5.02.0011 - Lenovo)

Lenovo ThinkVantage Toolbox (Version: 6.0.5802.24 - PC-Doctor, Inc.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mobile Broadband drivers (Version: 6.1.10.5 - Ericsson AB)

Mobile Broadband Drivers (x32 Version: 6.3.3.6 - Ericsson AB)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

MyPhoneExplorer (x32 Version: 1.8.5 - F.J. Wechselberger)

PriceGong 2.6.12 (x32 Version: 2.6.12 - PriceGong) <==== ATTENTION

RICOH R5U8xx Media Driver ver.3.64.02 (x32 Version: 3.64.02 - RICOH)

SopCast 3.8.2 (x32 Version: 3.8.2 - www.sopcast.com)

System Migration Assistant (x32 Version: 6.00.0009 - Lenovo Group Limited.)

ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.3100 - Broadcom Corporation)

ThinkPad Energie-Manager (x32 Version: 3.64 - )

ThinkPad FullScreen Magnifier (Version: 2.40 - )

ThinkPad Modem Adapter (Version: 7.80.5.0 - Conexant Systems)

ThinkPad UltraNav Driver (Version: 16.2.19.7 - )

ThinkPad UltraNav Utility (x32 Version: 2.13.0 - Lenovo)

ThinkVantage Access Connections (x32 Version: 5.85 - Lenovo)

ThinkVantage Active Protection System (Version: 1.75 - Lenovo)

ThinkVantage Communications Utility (Version: 1.42 - Lenovo)

ThinkVantage GPS (x32 Version: 2.73 - Lenovo)

Welt der Zahl 2 (x32 Version:  - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (01/14/2010 8.6.0.13) (Version: 01/14/2010 8.6.0.13 - AuthenTec Inc.)
 

==================== Restore Points  =========================
 

21-12-2013 12:04:22 Windows Update

26-12-2013 17:00:34 Windows Update

26-12-2013 17:32:13 Installed iTunes

27-12-2013 20:11:56 Windows Update

01-01-2014 14:08:30 Windows Update

07-01-2014 15:26:12 Windows Update

07-01-2014 16:03:14 Removed Bonjour

07-01-2014 16:47:47 Wiederherstellungsvorgang

07-01-2014 16:56:08 Windows Update

07-01-2014 17:01:57 Installed iTunes

16-01-2014 19:27:05 Windows Update

16-01-2014 21:11:31 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {2199DA02-6B0F-44BF-840F-D43E4F47B36E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)

Task: {50D9C6DC-C456-401D-B6C9-7C73F87FB245} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)

Task: {5D09EBD9-E635-4D9A-9921-183394967C91} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()

Task: {70F58D04-CD16-48E3-AE53-F20089CB3754} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)

Task: {80531EE2-8A9E-4D20-8DAD-E81A20127609} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)

Task: {A8779D20-6057-4200-B76F-F74C0FC6060D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)

Task: {D613FAFF-F5EA-4849-A000-04C6BD585AE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-10-04] (Lenovo Group Limited)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll

2012-01-12 12:53 - 2011-10-04 03:04 - 00055808 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

2012-11-02 14:28 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-03-25 21:08 - 2009-03-25 21:08 - 00058880 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll

2013-12-19 17:51 - 2013-12-19 17:51 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2013-12-19 17:51 - 2013-12-19 17:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2013-12-19 17:51 - 2013-12-19 17:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2013-11-16 16:23 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/17/2014 04:33:48 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/16/2014 08:38:02 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:38:02:4160)(3800) ASAPI-Global - Fatal -- 262 Engine has shut down!
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9370)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor) (User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 
 

System errors:

=============

Error: (01/17/2014 04:31:08 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/16/2014 10:13:40 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/16/2014 08:38:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.165.1783.0)
 

Error: (01/13/2014 10:04:10 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/13/2014 10:04:09 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (01/13/2014 10:04:09 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1352
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
 

Error: (01/13/2014 02:38:22 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/11/2014 05:08:42 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/11/2014 00:42:14 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 

Error: (01/10/2014 10:57:17 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
 
 

Microsoft Office Sessions:

=========================

Error: (01/17/2014 04:33:48 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/16/2014 08:38:02 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:38:02:4160)(3800) ASAPI-Global - Fatal -- 262 Engine has shut down!
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9520)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9370)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 

Error: (01/16/2014 08:37:24 PM) (Source: PC-Doctor)(User: )

Description: (3800) Asapi: (20:37:24:9060)(3800) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 50%

Total physical RAM: 3990.02 MB

Available physical RAM: 1969.55 MB

Total Pagefile: 7978.23 MB

Available Pagefile: 5672.06 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:142.58 GB) (Free:74.85 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 5E16F322)

Partition 1: (Active) - (Size=6 GB) - (Type=27)

Partition 2: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

MBAM nochmal, diesmal die Funde löschen lassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Adware (SO)

Code:

# AdwCleaner v3.017 - Bericht erstellt am 18/01/2014 um 13:01:14

# Aktualisiert 12/01/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Jennifer - JENNIFER-THINK

# Gestartet von : C:\Users\Jennifer\Downloads\adwcleaner.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml

Datei Gefunden : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default\user.js

Datei Gefunden : C:\Users\Jennifer\Uninstall.exe

Datei Gefunden : C:\Windows\System32\roboot64.exe

Ordner Gefunden C:\Program Files (x86)\Mobogenie

Ordner Gefunden C:\Program Files (x86)\PriceGong

Ordner Gefunden C:\Users\Jennifer\AppData\Local\Mobogenie

Ordner Gefunden C:\Users\Jennifer\AppData\Local\Searchprotect

Ordner Gefunden C:\Users\Jennifer\AppData\LocalLow\ilividmoviestoolbarha

Ordner Gefunden C:\Users\Jennifer\AppData\LocalLow\PriceGong

Ordner Gefunden C:\Users\Jennifer\AppData\Roaming\Systweak

Ordner Gefunden C:\Users\Jennifer\Documents\Mobogenie
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\APN PIP

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gefunden : [x64] HKCU\Software\APN PIP

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gefunden : HKLM\Software\PIP
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16428
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [1961 octets] - [18/01/2014 13:01:14]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2021 octets] ##########

Adware (SO)

Code:

# AdwCleaner v3.017 - Bericht erstellt am 18/01/2014 um 13:31:54

# Aktualisiert 12/01/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Jennifer - JENNIFER-THINK

# Gestartet von : C:\Users\Jennifer\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Mobogenie

Ordner Gelöscht : C:\Program Files (x86)\PriceGong

Ordner Gelöscht : C:\Users\Jennifer\AppData\Local\Mobogenie

Ordner Gelöscht : C:\Users\Jennifer\AppData\Local\Searchprotect

Ordner Gelöscht : C:\Users\Jennifer\AppData\LocalLow\ilividmoviestoolbarha

Ordner Gelöscht : C:\Users\Jennifer\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\Jennifer\Documents\Mobogenie

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\Jennifer\Uninstall.exe

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml

Datei Gelöscht : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default\user.js
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Schlüssel Gelöscht : HKCU\Software\APN PIP

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKLM\Software\PIP
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16428
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [2105 octets] - [18/01/2014 13:01:14]

AdwCleaner[S0].txt - [1992 octets] - [18/01/2014 13:31:54]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2052 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by Jennifer on 18.01.2014 at 13:46:06,11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Empty Folder] C:\Users\Jennifer\appdata\local\{5AFAB9AF-C5F7-4CB9-B8F7-6A78337DD2C7}

Successfully deleted: [Empty Folder] C:\Users\Jennifer\appdata\local\{AA6923AC-FF03-4EF4-A146-8E09FC96CE58}

Successfully deleted: [Empty Folder] C:\Users\Jennifer\appdata\local\{FF83188C-1584-415E-9704-C04B2B5968CD}
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\xobksn7b.default\minidumps [1 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18.01.2014 at 13:52:31,19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03

Ran by Jennifer (administrator) on JENNIFER-THINK on 18-01-2014 13:54:13

Running from C:\Users\Jennifer\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

() C:\Windows\System32\DTS.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(AuthenTec, Inc.) C:\Windows\System32\ATService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)

HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)

HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)

HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKCU\...\Policies\Explorer: [DisallowCpl] 1

Lsa: [Notification Packages] scecli ACGina
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC4A11A0B1873CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default

FF SelectedSearchEngine: Google

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)

R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)

R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)

R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()

R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)

R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 e36gbus; C:\Windows\system32\drivers\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)

S3 e36gmgmt; C:\Windows\system32\drivers\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)

S3 e36wgps; C:\Windows\system32\drivers\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)

R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)

R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2010-12-01] (Ericsson AB)

R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)

R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)

R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)

R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)

R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-18 13:54 - 2014-01-18 13:54 - 00000000 ____D C:\Users\Jennifer\Desktop\FRST-OlderVersion

2014-01-18 13:52 - 2014-01-18 13:53 - 00001091 _____ C:\Users\Jennifer\Desktop\JRT.txt

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Windows\ERUNT

2014-01-18 13:40 - 2014-01-18 13:40 - 01037068 _____ (Thisisu) C:\Users\Jennifer\Downloads\JRT.exe

2014-01-18 13:39 - 2014-01-18 13:39 - 00002132 _____ C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt

2014-01-18 13:00 - 2014-01-18 13:31 - 00000000 ____D C:\AdwCleaner

2014-01-18 12:55 - 2014-01-18 12:55 - 00020996 _____ C:\Windows\PFRO.log

2014-01-18 10:12 - 2014-01-18 10:12 - 01236282 _____ C:\Users\Jennifer\Downloads\adwcleaner.exe

2014-01-17 16:41 - 2014-01-17 16:41 - 00020298 _____ C:\Users\Jennifer\Desktop\Addition.txt

2014-01-17 16:40 - 2014-01-18 13:54 - 00013071 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-17 16:38 - 2014-01-18 13:54 - 00000000 ____D C:\FRST

2014-01-17 16:37 - 2014-01-18 13:54 - 02076160 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-16 20:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-16 20:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-16 20:34 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-07 18:13 - 2014-01-18 13:33 - 00000616 _____ C:\Windows\setupact.log

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2013-12-26 18:34 - 2013-12-26 18:52 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files\iTunes

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:30 - 2013-12-26 18:31 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:28 - 2013-12-26 18:29 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:18 - 2014-01-07 17:49 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2013-12-26 18:18 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX

2013-12-26 18:07 - 2014-01-03 23:42 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android

2013-12-19 17:51 - 2014-01-11 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 

==================== One Month Modified Files and Folders =======
 

2014-01-18 13:55 - 2014-01-17 16:40 - 00013071 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-18 13:54 - 2014-01-18 13:54 - 00000000 ____D C:\Users\Jennifer\Desktop\FRST-OlderVersion

2014-01-18 13:54 - 2014-01-17 16:38 - 00000000 ____D C:\FRST

2014-01-18 13:54 - 2014-01-17 16:37 - 02076160 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-18 13:53 - 2014-01-18 13:52 - 00001091 _____ C:\Users\Jennifer\Desktop\JRT.txt

2014-01-18 13:47 - 2012-01-12 14:50 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Windows\ERUNT

2014-01-18 13:46 - 2012-01-12 14:50 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2014-01-18 13:40 - 2014-01-18 13:40 - 01037068 _____ (Thisisu) C:\Users\Jennifer\Downloads\JRT.exe

2014-01-18 13:40 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-18 13:40 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-18 13:39 - 2014-01-18 13:39 - 00002132 _____ C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt

2014-01-18 13:33 - 2014-01-07 18:13 - 00000616 _____ C:\Windows\setupact.log

2014-01-18 13:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-18 13:32 - 2012-09-27 15:55 - 01123237 _____ C:\Windows\WindowsUpdate.log

2014-01-18 13:31 - 2014-01-18 13:00 - 00000000 ____D C:\AdwCleaner

2014-01-18 13:31 - 2012-11-02 13:20 - 00000000 ____D C:\Users\Jennifer

2014-01-18 13:09 - 2012-11-26 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-18 12:55 - 2014-01-18 12:55 - 00020996 _____ C:\Windows\PFRO.log

2014-01-18 10:12 - 2014-01-18 10:12 - 01236282 _____ C:\Users\Jennifer\Downloads\adwcleaner.exe

2014-01-18 10:08 - 2011-04-12 08:43 - 00714294 _____ C:\Windows\system32\perfh007.dat

2014-01-18 10:08 - 2011-04-12 08:43 - 00154346 _____ C:\Windows\system32\perfc007.dat

2014-01-18 10:08 - 2009-07-14 06:13 - 01648944 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-17 16:41 - 2014-01-17 16:41 - 00020298 _____ C:\Users\Jennifer\Desktop\Addition.txt

2014-01-17 16:32 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-16 22:13 - 2013-07-20 22:54 - 00000000 ____D C:\Windows\system32\MRT

2014-01-16 22:12 - 2012-01-12 14:28 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-16 20:37 - 2012-01-12 14:50 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher

2014-01-16 20:36 - 2012-01-12 14:50 - 00000000 ____D C:\ProgramData\PCDr

2014-01-16 20:34 - 2012-01-12 14:11 - 01623224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-12 12:44 - 2012-11-02 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-11 16:54 - 2013-12-19 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2014-01-08 16:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:05 - 2013-10-26 19:03 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-07 18:05 - 2013-10-26 19:03 - 00000000 ____D C:\Program Files\CCleaner

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iTunes

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files (x86)\iTunes

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 18:01 - 2013-12-26 18:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2014-01-07 17:56 - 2013-11-16 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-07 17:56 - 2012-11-02 14:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Mozilla

2014-01-07 17:56 - 2012-11-02 14:32 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2014-01-07 17:50 - 2013-11-08 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

2014-01-07 17:49 - 2013-12-26 18:18 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2014-01-07 17:49 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV

2014-01-07 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2014-01-07 17:20 - 2012-01-12 20:50 - 00000000 ____D C:\Windows\Panther

2014-01-03 23:42 - 2013-12-26 18:07 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:52 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:31 - 2013-12-26 18:30 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:29 - 2013-12-26 18:28 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android

2013-12-19 14:25 - 2013-12-08 15:13 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Thunderbird
 

Files to move or delete:

====================

C:\Users\Jennifer\AmazonMP3Downloader.exe

C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll
 
 

Some content of TEMP:

====================

C:\Users\Default\AppData\Local\Temp\KUIU.EXE

C:\Users\Default User\AppData\Local\Temp\KUIU.EXE

C:\Users\Jennifer\AppData\Local\Temp\avgnt.exe

C:\Users\Jennifer\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-16 21:14
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

log von ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=5b8292902cae7442a6a396a96763a6dc

# engine=16709

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-01-19 11:54:51

# local_time=2014-01-19 12:54:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 96 5534 255552181 0 0

# compatibility_mode=5893 16776573 100 94 86336 141762341 0 0

# scanned=38441

# found=0

# cleaned=0

# scan_time=1540

checkup.txt

Code:

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Flash Player 11.9.900.170  

 Adobe Reader XI  

 Mozilla Firefox (26.0) 

 Mozilla Thunderbird (24.2.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014

Ran by Jennifer (administrator) on JENNIFER-THINK on 19-01-2014 14:25:11

Running from C:\Users\Jennifer\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

() C:\Windows\System32\DTS.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(AuthenTec, Inc.) C:\Windows\System32\ATService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)

HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)

HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)

HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKCU\...\Policies\Explorer: [DisallowCpl] 1

Lsa: [Notification Packages] scecli ACGina
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC4A11A0B1873CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\xobksn7b.default

FF SelectedSearchEngine: Google

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)

R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)

R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)

R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()

R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)

R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 e36gbus; C:\Windows\system32\drivers\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)

S3 e36gmgmt; C:\Windows\system32\drivers\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)

S3 e36wgps; C:\Windows\system32\drivers\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)

R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)

R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2010-12-01] (Ericsson AB)

R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)

R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)

R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)

R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)

R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-19 14:24 - 2014-01-19 14:24 - 00000860 _____ C:\Users\Jennifer\Desktop\checkup.txt

2014-01-19 14:19 - 2014-01-19 14:19 - 00987425 _____ C:\Users\Jennifer\Downloads\SecurityCheck.exe

2014-01-19 12:26 - 2014-01-19 12:26 - 02347384 _____ (ESET) C:\Users\Jennifer\Downloads\esetsmartinstaller_enu.exe

2014-01-18 13:54 - 2014-01-19 14:25 - 00000000 ____D C:\Users\Jennifer\Desktop\FRST-OlderVersion

2014-01-18 13:52 - 2014-01-18 13:53 - 00001091 _____ C:\Users\Jennifer\Desktop\JRT.txt

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Windows\ERUNT

2014-01-18 13:40 - 2014-01-18 13:40 - 01037068 _____ (Thisisu) C:\Users\Jennifer\Downloads\JRT.exe

2014-01-18 13:39 - 2014-01-18 13:39 - 00002132 _____ C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt

2014-01-18 13:00 - 2014-01-18 13:31 - 00000000 ____D C:\AdwCleaner

2014-01-18 12:55 - 2014-01-18 12:55 - 00020996 _____ C:\Windows\PFRO.log

2014-01-18 10:12 - 2014-01-18 10:12 - 01236282 _____ C:\Users\Jennifer\Downloads\adwcleaner.exe

2014-01-17 16:41 - 2014-01-17 16:41 - 00020298 _____ C:\Users\Jennifer\Desktop\Addition.txt

2014-01-17 16:40 - 2014-01-19 14:25 - 00013140 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-17 16:38 - 2014-01-19 14:25 - 00000000 ____D C:\FRST

2014-01-17 16:37 - 2014-01-19 14:25 - 02076672 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-16 20:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-16 20:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-16 20:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-16 20:34 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-07 18:13 - 2014-01-19 12:17 - 00000672 _____ C:\Windows\setupact.log

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2013-12-26 18:34 - 2013-12-26 18:52 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files\iTunes

2013-12-26 18:33 - 2014-01-07 18:03 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:30 - 2013-12-26 18:31 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:28 - 2013-12-26 18:29 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:18 - 2014-01-07 17:49 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2013-12-26 18:18 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX

2013-12-26 18:07 - 2014-01-03 23:42 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android
 

==================== One Month Modified Files and Folders =======
 

2014-01-19 14:26 - 2012-01-12 14:50 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job

2014-01-19 14:25 - 2014-01-18 13:54 - 00000000 ____D C:\Users\Jennifer\Desktop\FRST-OlderVersion

2014-01-19 14:25 - 2014-01-17 16:40 - 00013140 _____ C:\Users\Jennifer\Desktop\FRST.txt

2014-01-19 14:25 - 2014-01-17 16:38 - 00000000 ____D C:\FRST

2014-01-19 14:25 - 2014-01-17 16:37 - 02076672 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe

2014-01-19 14:24 - 2014-01-19 14:24 - 00000860 _____ C:\Users\Jennifer\Desktop\checkup.txt

2014-01-19 14:20 - 2012-01-12 14:50 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2014-01-19 14:19 - 2014-01-19 14:19 - 00987425 _____ C:\Users\Jennifer\Downloads\SecurityCheck.exe

2014-01-19 14:14 - 2012-09-27 15:55 - 01137878 _____ C:\Windows\WindowsUpdate.log

2014-01-19 14:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2014-01-19 14:13 - 2012-11-26 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-19 12:26 - 2014-01-19 12:26 - 02347384 _____ (ESET) C:\Users\Jennifer\Downloads\esetsmartinstaller_enu.exe

2014-01-19 12:25 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-19 12:25 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-19 12:17 - 2014-01-07 18:13 - 00000672 _____ C:\Windows\setupact.log

2014-01-19 12:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-18 13:53 - 2014-01-18 13:52 - 00001091 _____ C:\Users\Jennifer\Desktop\JRT.txt

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Windows\ERUNT

2014-01-18 13:40 - 2014-01-18 13:40 - 01037068 _____ (Thisisu) C:\Users\Jennifer\Downloads\JRT.exe

2014-01-18 13:39 - 2014-01-18 13:39 - 00002132 _____ C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt

2014-01-18 13:31 - 2014-01-18 13:00 - 00000000 ____D C:\AdwCleaner

2014-01-18 13:31 - 2012-11-02 13:20 - 00000000 ____D C:\Users\Jennifer

2014-01-18 12:55 - 2014-01-18 12:55 - 00020996 _____ C:\Windows\PFRO.log

2014-01-18 10:12 - 2014-01-18 10:12 - 01236282 _____ C:\Users\Jennifer\Downloads\adwcleaner.exe

2014-01-18 10:08 - 2011-04-12 08:43 - 00714294 _____ C:\Windows\system32\perfh007.dat

2014-01-18 10:08 - 2011-04-12 08:43 - 00154346 _____ C:\Windows\system32\perfc007.dat

2014-01-18 10:08 - 2009-07-14 06:13 - 01648944 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-17 16:41 - 2014-01-17 16:41 - 00020298 _____ C:\Users\Jennifer\Desktop\Addition.txt

2014-01-17 16:32 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-16 22:13 - 2013-07-20 22:54 - 00000000 ____D C:\Windows\system32\MRT

2014-01-16 22:12 - 2012-01-12 14:28 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-16 20:37 - 2012-01-12 14:50 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher

2014-01-16 20:36 - 2012-01-12 14:50 - 00000000 ____D C:\ProgramData\PCDr

2014-01-16 20:34 - 2012-01-12 14:11 - 01623224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-12 12:44 - 2012-11-02 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-11 16:54 - 2013-12-19 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2014-01-08 16:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 _____ C:\Windows\setuperr.log

2014-01-07 18:05 - 2013-10-26 19:03 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-07 18:05 - 2013-10-26 19:03 - 00000000 ____D C:\Program Files\CCleaner

2014-01-07 18:04 - 2014-01-07 18:04 - 04645232 _____ (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup409.exe

2014-01-07 18:03 - 2014-01-07 18:03 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iTunes

2014-01-07 18:03 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files (x86)\iTunes

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files\Bonjour

2014-01-07 18:01 - 2014-01-07 18:01 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-07 18:01 - 2013-12-26 18:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2014-01-07 17:56 - 2013-11-16 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-07 17:56 - 2012-11-02 14:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Mozilla

2014-01-07 17:56 - 2012-11-02 14:32 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-07 17:54 - 2014-01-07 17:54 - 00283096 _____ (Mozilla) C:\Users\Jennifer\Downloads\Firefox Setup Stub 26.0.exe

2014-01-07 17:50 - 2013-11-08 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

2014-01-07 17:49 - 2013-12-26 18:18 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\TFP

2014-01-07 17:49 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV

2014-01-07 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2014-01-07 17:20 - 2012-01-12 20:50 - 00000000 ____D C:\Windows\Panther

2014-01-03 23:42 - 2013-12-26 18:07 - 00002519 _____ C:\Users\Jennifer\daemonprocess.txt

2013-12-26 18:52 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer

2013-12-26 18:34 - 2013-12-26 18:34 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-26 18:33 - 2013-12-26 18:33 - 00000000 ____D C:\Program Files\iPod

2013-12-26 18:32 - 2013-12-26 18:32 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple

2013-12-26 18:31 - 2013-12-26 18:30 - 00000000 ____D C:\ProgramData\Apple

2013-12-26 18:30 - 2013-12-26 18:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-26 18:29 - 2013-12-26 18:28 - 100400976 _____ (Apple Inc.) C:\Users\Jennifer\Downloads\iTunes64Setup.exe

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\cache

2013-12-26 18:07 - 2013-12-26 18:07 - 00000000 ____D C:\Users\Jennifer\.android
 

Files to move or delete:

====================

C:\Users\Jennifer\AmazonMP3Downloader.exe

C:\Users\Jennifer\npAmazonMP3DownloaderPlugin10174.dll
 
 

Some content of TEMP:

====================

C:\Users\Default\AppData\Local\Temp\KUIU.EXE

C:\Users\Default User\AppData\Local\Temp\KUIU.EXE

C:\Users\Jennifer\AppData\Local\Temp\avgnt.exe

C:\Users\Jennifer\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-19 13:25
 

==================== End Of Log ============================

--- --- ---

Scheint alles zu funktionieren.
Herzlichen Dank!

Java updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Ist alles erledigt.
Danke!