Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei alle Browsern bekomme ich die Meldung Plugin verlangsamt den PC (https://www.trojaner-board.de/157779-alle-browsern-bekomme-meldung-plugin-verlangsamt-pc.html)

mamabear 19.08.2014 13:05
Bei alle Browsern bekomme ich die Meldung Plugin verlangsamt den PC
 
Hallo,
ich habe folgendes Problem zum einen,
egal welchen Browser ich benutzte es kommt das der Shockwave Flash den PC verlangsamt und ich kann nur noch den Browser neu starten.
Zu anderen ist seit dem neuen Windows update auf meinem Desktop die text Datei "desktop.ini. und einige Ordner auf C sind doppelt und mit einem Schloss versehen.

M-K-D-B 19.08.2014 13:06
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mamabear 19.08.2014 14:45
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Bears (administrator) on BEARS-PC on 19-08-2014 15:42:02
Running from C:\Users\Bears\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368728 2014-05-23] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-08-01] (APN)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {E218120C-E828-4DC5-9E15-3097E139037A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A010DE714&p={SearchTerms}
SearchScopes: HKCU - {E218120C-E828-4DC5-9E15-3097E139037A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A010DE714&p={SearchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-08-19]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSuggestURL: hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Internet Speed Test) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2014-08-19]
CHR Extension: (Google Docs) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]
CHR Extension: (Google Drive) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (WOT) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-06]
CHR Extension: (Google-Suche) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-06]
CHR Extension: (FarmVille by Zynga) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchlepkjiaohpppcjacoldhlidbcfhan [2014-08-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (MonitorTab) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognampngfcbddbfemdapefohjiobgbdl [2014-08-19]
CHR Extension: (Google Mail) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-08-01] (APN LLC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-05-23] (Microsoft Corp.)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140815.001\IDSvia64.sys [525016 2014-04-14] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140818.019\ENG64.SYS [126040 2014-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140818.019\EX64.SYS [2099288 2014-08-14] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 15:42 - 2014-08-19 15:44 - 00020462 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-19 15:41 - 2014-08-19 15:42 - 00000000 ____D () C:\FRST
2014-08-19 15:40 - 2014-08-19 15:40 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:44 - 2014-08-19 13:44 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-19 13:19 - 2014-08-19 13:28 - 26745566 _____ () C:\Users\Bears\Downloads\-3asdf.zip
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-15 23:05 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 23:05 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 23:05 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 23:05 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 23:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 23:04 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 20:13 - 2014-08-19 13:48 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-15 14:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 14:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 14:23 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 14:23 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 14:23 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 14:23 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 14:23 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 14:22 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 14:22 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 14:22 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 14:22 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 14:22 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 14:22 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 14:22 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 14:22 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 14:22 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 14:22 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 14:22 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 14:22 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 14:22 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 14:22 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 14:22 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 14:22 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 14:22 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 14:22 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 14:22 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 14:22 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 14:22 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 14:22 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 14:22 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 14:22 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 14:22 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 14:22 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 14:22 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 14:22 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 14:21 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 14:21 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 14:21 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 14:21 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 14:21 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 14:21 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 14:21 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 14:21 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 14:21 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 14:21 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 14:21 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 14:21 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 14:20 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 14:20 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-15 14:19 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 14:19 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\APN
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:18 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 15:47 - 2014-08-10 14:43 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-03 08:00 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 08:00 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 08:00 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 08:00 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-03 07:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-03 07:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-03 07:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-29 06:49 - 2014-08-18 15:03 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-07-29 06:49 - 2014-07-29 06:48 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-28 06:56 - 2014-04-20 10:57 - 1469569024 _____ () C:\Users\Bears\Downloads\sabotage.xvid-wtr.avi
2014-07-28 06:54 - 2014-04-25 13:56 - 1569753894 _____ () C:\Users\Bears\Downloads\Rio 2 Dschungelfieber.avi
2014-07-28 06:52 - 2014-04-28 06:47 - 1683337216 _____ () C:\Users\Bears\Downloads\Ride.Along.2014.BDRIP.GERMAN.AC3.DUBBED.5.1.XVID-TwixX.avi
2014-07-28 06:49 - 2011-08-22 14:58 - 1540857856 _____ () C:\Users\Bears\Downloads\Red Riding Hood Extended Cut.avi
2014-07-28 06:46 - 2014-05-29 13:42 - 1881094144 _____ () C:\Users\Bears\Downloads\Non-Stop.avi
2014-07-28 06:43 - 2014-05-20 17:51 - 1219786752 _____ () C:\Users\Bears\Downloads\I Frankenstein.avi
2014-07-28 06:41 - 2014-05-07 23:04 - 1263592920 _____ () C:\Users\Bears\Downloads\Death.Zone.Toedlicher.Verrat.German.2013.AC3.BDRiP.XViD-KOC.avi
2014-07-28 06:37 - 2014-05-25 12:55 - 1447895040 _____ () C:\Users\Bears\Downloads\3 Days to Kill.avi
2014-07-28 06:35 - 2014-05-28 19:32 - 1523077120 _____ () C:\Users\Bears\Downloads\X-Men.Zukunft.ist.Vergangenheit.TS.LD.German.XviD-FiSTER.avi
2014-07-28 06:32 - 2014-02-21 10:03 - 1567993856 _____ () C:\Users\Bears\Downloads\Wolkig mit Aussicht auf Fleischfällchen 2 BDRip DL German AC3 XviD-Oxy.avi
2014-07-28 06:29 - 2014-05-23 17:15 - 2329640960 _____ () C:\Users\Bears\Downloads\Wolferine.EXT.HD.de.avi
2014-07-28 06:28 - 2013-07-07 14:28 - 840329736 _____ () C:\Users\Bears\Downloads\Tom.and.Jerry.Meet.Sherlock.Holmes.2010.German.AC3.HDRip.XviD-rahab.avi
2014-07-28 06:25 - 2014-01-05 17:44 - 1374021632 _____ () C:\Users\Bears\Downloads\Shootout-Keine Gnade.avi
2014-07-25 21:51 - 2014-08-09 14:01 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 15:44 - 2014-08-19 15:42 - 00020462 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-19 15:42 - 2014-08-19 15:41 - 00000000 ____D () C:\FRST
2014-08-19 15:40 - 2014-08-19 15:40 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-08-19 15:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 15:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 15:27 - 2012-02-20 09:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-19 15:27 - 2012-02-20 09:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-19 15:27 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-19 15:26 - 2012-02-20 17:59 - 01924898 _____ () C:\windows\WindowsUpdate.log
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 15:24 - 2014-06-20 10:06 - 00372402 _____ () C:\FaceProv.log
2014-08-19 15:23 - 2012-02-20 19:10 - 00152579 _____ () C:\windows\system32\fastboot.set
2014-08-19 15:22 - 2014-02-28 14:06 - 00025085 _____ () C:\windows\setupact.log
2014-08-19 15:22 - 2012-02-20 19:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 15:22 - 2012-02-20 18:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-08-19 15:22 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:58 - 2013-07-23 21:39 - 00000000 ____D () C:\Users\Bears
2014-08-19 13:48 - 2014-08-15 20:13 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 13:46 - 2012-02-20 19:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 13:44 - 2014-08-19 13:44 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-19 13:42 - 2014-07-06 07:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 13:28 - 2014-08-19 13:19 - 26745566 _____ () C:\Users\Bears\Downloads\-3asdf.zip
2014-08-19 12:24 - 2009-07-14 06:45 - 00283104 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-19 08:09 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-18 19:55 - 2013-11-29 14:00 - 02258336 _____ () C:\windows\system32\PsBoot.log
2014-08-18 19:55 - 2013-11-29 14:00 - 00273468 _____ () C:\windows\system32\defragLog.log
2014-08-18 19:45 - 2013-11-26 21:56 - 00007607 _____ () C:\Users\Bears\AppData\Local\Resmon.ResmonCfg
2014-08-18 19:33 - 2014-04-27 10:49 - 00000000 ____D () C:\Users\Bears\Desktop\Bilder
2014-08-18 15:03 - 2014-07-29 06:49 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-08-18 15:03 - 2014-04-28 15:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:41 - 2014-02-28 14:06 - 00381866 _____ () C:\windows\PFRO.log
2014-08-18 14:36 - 2014-03-14 20:29 - 00000000 ____D () C:\AdwCleaner
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:04 - 2013-07-23 21:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-16 07:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 23:34 - 2013-08-11 09:46 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 23:20 - 2013-08-02 12:18 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 23:03 - 2014-05-07 12:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 19:47 - 2012-02-20 19:08 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\APN
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:43 - 2014-08-10 15:47 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 20:12 - 2013-10-10 10:52 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-08-09 14:01 - 2014-07-25 21:51 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-08-07 04:06 - 2014-08-15 14:19 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 14:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-04 09:28 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-01 01:41 - 2014-08-15 14:22 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 14:22 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-29 06:49 - 2013-08-30 09:35 - 00000000 ____D () C:\Users\Bears\AppData\Local\Opera Software
2014-07-29 06:49 - 2013-08-30 09:34 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\Opera Software
2014-07-29 06:48 - 2014-07-29 06:49 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-26 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4
2014-07-25 20:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-25 16:52 - 2014-08-15 14:21 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 14:22 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 14:22 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 14:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-15 14:21 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-15 14:22 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 14:21 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 14:22 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 14:22 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 14:22 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 15:00 - 2014-08-15 14:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 14:59 - 2014-08-15 14:21 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 14:21 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 14:22 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 14:22 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-15 14:21 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-15 14:22 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 14:21 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 14:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 14:22 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-15 14:21 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-15 14:22 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 14:22 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 14:22 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 14:22 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 14:22 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 14:22 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 14:22 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 14:21 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 14:22 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 14:22 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 14:22 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 14:22 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 13:13 - 2014-08-15 14:22 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 14:22 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 14:22 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 14:22 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 14:21 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 14:22 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 14:21 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 14:22 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 14:22 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 14:22 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 22:20 - 2013-08-11 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-24 18:16

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Bears at 2014-08-19 15:45:15
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.466.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.125 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version:  - )
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C0F05}) (Version: 12.15.5.30 - APN, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-03-11 12:13 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {471DFFCA-586F-4AD5-AEC8-C3C124082EAD} - System32\Tasks\Opera scheduled Autoupdate 1406609335 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: {6351D691-F198-4313-842E-EE625CA19197} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
Task: {898D92C9-DE22-43F9-B058-6F9854B7CCC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {9B8585EE-A5A9-40DC-BA11-0B85B5C526A5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D038744C-F6D6-4811-BBD8-C8DC7C9945C3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 07:59 - 2011-08-10 07:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2008-12-20 05:20 - 2012-02-20 19:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2012-02-20 19:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-08-10 07:59 - 2011-08-10 07:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 16:21 - 2011-03-14 16:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 08:02 - 2011-08-10 08:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-08-15 19:47 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 19:47 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 19:47 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 19:47 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 19:47 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 03:24:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 00:25:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 07:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 10:25:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4e425677
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x698
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (08/18/2014 10:24:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 36.0.1985.143 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1050

Startzeit: 01cfbb18f722a010

Endzeit: 11410

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 844a2359-2715-11e4-a78b-dc0ea183af74

Error: (08/18/2014 09:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:56:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:32:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6d4

Startzeit: 01cfbb0904b541fa

Endzeit: 0

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: 8ba83dc0-26fd-11e4-808f-dc0ea183af74

Error: (08/18/2014 07:23:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 03:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 02:11:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/19/2014 00:28:34 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (08/19/2014 00:28:34 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================
Error: (08/19/2014 03:24:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 00:25:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 07:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 10:25:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.04e425677ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e469801cfbb17732db335C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\windows\SYSTEM32\ntdll.dlld9bdbdb7-2715-11e4-a78b-dc0ea183af74

Error: (08/18/2014 10:24:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.143105001cfbb18f722a01011410C:\Program Files (x86)\Google\Chrome\Application\chrome.exe844a2359-2715-11e4-a78b-dc0ea183af74

Error: (08/18/2014 09:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:56:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 07:32:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175676d401cfbb0904b541fa0C:\windows\Explorer.EXE8ba83dc0-26fd-11e4-808f-dc0ea183af74

Error: (08/18/2014 07:23:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-11 11:03:52.685
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.295
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 75%
Total physical RAM: 1642.9 MB
Available physical RAM: 396.14 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1386.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:157.98 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FD22277B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================

M-K-D-B 19.08.2014 15:28
Servus,



  • Klicke auf Start > Computer.
  • Wähle links oben Organisieren > Ordner- und Suchoptionen.
  • Klicke auf den Tab Ansicht.
  • Setze (falls nicht vorhanden) vor folgende Punkte ein Häkchen
    • Geschützte Systemdateien ausblenden (empfohlen)
    • Ausgeblendete Dateien, Ordner und Laufwerke nicht anzeigen
  • Klicke auf Übernehmen und bestätige mit Ok.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mamabear 19.08.2014 17:21
Code:
ComboFix 14-08-19.01 - Bears 19.08.2014  17:54:31.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1643.785 [GMT 2:00]
ausgeführt von:: c:\users\Bears\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-07-19 bis 2014-08-19  ))))))))))))))))))))))))))))))
.
.
2014-08-19 16:11 . 2014-08-19 16:11        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-08-19 16:11 . 2014-08-19 16:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-08-19 13:41 . 2014-08-19 13:47        --------        d-----w-        C:\FRST
2014-08-18 12:01 . 2014-08-18 12:01        --------        d-----w-        c:\windows\jumpshot.com
2014-08-15 21:05 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-15 21:05 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-15 21:05 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-15 21:05 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-15 21:05 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-15 21:05 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-15 21:04 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 21:04 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-15 18:13 . 2014-08-15 18:13        699568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-15 18:13 . 2014-08-15 18:13        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 12:36 . 2014-08-15 12:36        --------        d-----w-        c:\windows\SysWow64\Adobe
2014-08-15 12:24 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-08-15 12:24 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-08-15 12:24 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-08-15 12:24 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-08-15 12:24 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-08-15 12:24 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-08-15 12:24 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-08-15 12:22 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 12:21 . 2014-07-25 12:17        85504        ----a-w-        c:\windows\system32\mshtmled.dll
2014-08-15 12:20 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-15 12:20 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-08-15 12:19 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll
2014-08-15 12:19 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-10 14:19 . 2014-08-10 14:19        --------        d-----w-        c:\users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 14:19 . 2014-08-10 14:19        --------        d-----w-        c:\programdata\AskPartnerNetwork
2014-08-10 14:19 . 2014-08-10 14:19        --------        d-----w-        c:\program files (x86)\AskPartnerNetwork
2014-08-10 14:19 . 2014-08-10 14:19        --------        d-----w-        c:\programdata\APN
2014-08-10 14:18 . 2014-08-10 14:19        --------        d-----w-        c:\programdata\Oracle
2014-08-10 14:16 . 2014-08-10 14:16        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-08-10 12:45 . 2014-08-10 12:43        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-10 12:43 . 2014-08-10 12:43        --------        d-----w-        c:\program files (x86)\Java
2014-08-09 18:12 . 2014-08-09 18:13        --------        d-----w-        c:\windows\system32\drivers\NISx64\1505000.013
2014-08-05 17:20 . 2014-08-05 17:20        227728        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-03 06:00 . 2014-05-14 16:23        44512        ----a-w-        c:\windows\system32\wups2.dll
2014-08-03 06:00 . 2014-05-14 16:23        58336        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-03 06:00 . 2014-05-14 16:21        2620928        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-03 06:00 . 2014-05-14 16:23        2477536        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-03 05:59 . 2014-05-14 16:23        38880        ----a-w-        c:\windows\system32\wups.dll
2014-08-03 05:59 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll
2014-08-03 05:59 . 2014-05-14 16:23        700384        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-03 05:59 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-08-03 05:59 . 2014-05-14 16:20        97792        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-03 05:59 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-08-03 05:57 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-08-03 05:57 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-08-03 05:57 . 2014-05-14 07:23        198600        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-03 05:57 . 2014-05-14 07:20        36864        ----a-w-        c:\windows\system32\wuapp.exe
2014-07-28 05:16 . 2014-07-28 05:16        --------        d-sh--w-        c:\users\Bears\AppData\Local\EmieUserList
2014-07-28 05:16 . 2014-07-28 05:16        --------        d-sh--w-        c:\users\Bears\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 11:42 . 2014-07-06 05:24        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 21:20 . 2013-08-02 10:18        99218768        ----a-w-        c:\windows\system32\MRT.exe
2014-07-14 02:12 . 2014-07-19 06:16        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{49EE1690-D025-44D5-B702-D4BA51D1D068}\mpengine.dll
2014-06-18 02:18 . 2014-07-09 05:58        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 05:58        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 05:58        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 05:58        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 05:57        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 05:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 05:57        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 05:58        210944        ----a-w-        c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 05:58        86528        ----a-w-        c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 05:58        340992        ----a-w-        c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 05:58        314880        ----a-w-        c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 05:58        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 05:58        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 05:58        22016        ----a-w-        c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 05:58        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 05:58        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 05:58        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 05:58        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 05:58        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 05:58        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 05:58        17408        ----a-w-        c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 05:58        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-20 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-05-23 2368728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-07-31 1957784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140818.003\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140818.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1504000.00D\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 17:36        1104200        ----a-w-        c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 18:13]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-20 16:57        1508192        ----a-w-        c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-20 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-20 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-20 5908928]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13;c:\program files (x86)\Norton Internet Security\Engine64\21.4.0.13"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-19  18:18:02
ComboFix-quarantined-files.txt  2014-08-19 16:18
.
Vor Suchlauf: 13 Verzeichnis(se), 168.870.100.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 168.979.066.880 Bytes frei
.
- - End Of File - - 4F164B55184119B7CCBECB3E44385A90
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 20.08.2014 08:26
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

mamabear 20.08.2014 15:52
Code:
# AdwCleaner v3.307 - Bericht erstellt am 20/08/2014 um 15:22:02
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bears - BEARS-PC
# Gestartet von : C:\Users\Bears\Desktop\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [807 octets] - [14/03/2014 23:29:34]
AdwCleaner[R10].txt - [1878 octets] - [28/04/2014 18:25:12]
AdwCleaner[R11].txt - [1948 octets] - [02/05/2014 21:35:36]
AdwCleaner[R12].txt - [2009 octets] - [09/05/2014 23:43:08]
AdwCleaner[R13].txt - [2242 octets] - [10/05/2014 13:04:48]
AdwCleaner[R14].txt - [2182 octets] - [11/05/2014 10:57:48]
AdwCleaner[R15].txt - [2250 octets] - [23/05/2014 10:35:23]
AdwCleaner[R16].txt - [2494 octets] - [19/06/2014 08:35:54]
AdwCleaner[R17].txt - [2489 octets] - [04/07/2014 14:38:32]
AdwCleaner[R18].txt - [3794 octets] - [09/07/2014 14:19:47]
AdwCleaner[R19].txt - [2676 octets] - [25/07/2014 21:53:40]
AdwCleaner[R1].txt - [866 octets] - [16/03/2014 08:10:41]
AdwCleaner[R20].txt - [2830 octets] - [30/07/2014 07:24:33]
AdwCleaner[R21].txt - [2886 octets] - [02/08/2014 15:17:03]
AdwCleaner[R22].txt - [2947 octets] - [04/08/2014 19:42:14]
AdwCleaner[R23].txt - [3135 octets] - [14/08/2014 06:13:05]
AdwCleaner[R24].txt - [3130 octets] - [15/08/2014 14:39:05]
AdwCleaner[R25].txt - [3534 octets] - [18/08/2014 14:32:05]
AdwCleaner[R26].txt - [3311 octets] - [20/08/2014 15:19:13]
AdwCleaner[R2].txt - [1241 octets] - [17/03/2014 22:45:57]
AdwCleaner[R3].txt - [1238 octets] - [20/03/2014 16:19:19]
AdwCleaner[R4].txt - [1350 octets] - [03/04/2014 16:42:44]
AdwCleaner[R5].txt - [6294 octets] - [10/04/2014 10:57:19]
AdwCleaner[R6].txt - [2394 octets] - [10/04/2014 13:59:50]
AdwCleaner[R7].txt - [1586 octets] - [14/04/2014 18:31:31]
AdwCleaner[R8].txt - [1706 octets] - [22/04/2014 19:24:14]
AdwCleaner[R9].txt - [2488 octets] - [26/04/2014 08:05:43]
AdwCleaner[S0].txt - [926 octets] - [16/03/2014 08:27:58]
AdwCleaner[S10].txt - [2551 octets] - [04/07/2014 15:00:06]
AdwCleaner[S11].txt - [3734 octets] - [09/07/2014 14:21:19]
AdwCleaner[S12].txt - [2892 octets] - [30/07/2014 07:26:35]
AdwCleaner[S13].txt - [3197 octets] - [14/08/2014 06:22:07]
AdwCleaner[S14].txt - [3596 octets] - [18/08/2014 14:35:39]
AdwCleaner[S15].txt - [2691 octets] - [20/08/2014 15:22:02]
AdwCleaner[S1].txt - [1302 octets] - [17/03/2014 22:48:00]
AdwCleaner[S2].txt - [1300 octets] - [20/03/2014 16:21:48]
AdwCleaner[S3].txt - [1411 octets] - [03/04/2014 16:44:19]
AdwCleaner[S4].txt - [4312 octets] - [10/04/2014 11:03:20]
AdwCleaner[S5].txt - [2349 octets] - [10/04/2014 14:01:47]
AdwCleaner[S6].txt - [1647 octets] - [14/04/2014 18:35:33]
AdwCleaner[S7].txt - [2496 octets] - [26/04/2014 08:08:18]
AdwCleaner[S8].txt - [2302 octets] - [10/05/2014 14:25:55]
AdwCleaner[S9].txt - [2554 octets] - [19/06/2014 08:40:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [3292 octets] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.08.2014
Suchlauf-Zeit: 15:28:57
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.20.03
Rootkit Datenbank: v2014.08.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Bears

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326402
Verstrichene Zeit: 31 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bears on 20.08.2014 at 16:06:07,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.08.2014 at 16:24:09,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Bears (administrator) on BEARS-PC on 20-08-2014 16:44:19
Running from C:\Users\Bears\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368728 2014-05-23] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {E218120C-E828-4DC5-9E15-3097E139037A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A010DE714&p={SearchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-08-20]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSuggestURL: hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Internet Speed Test) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2014-08-19]
CHR Extension: (Google Docs) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]
CHR Extension: (Google Drive) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (WOT) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-06]
CHR Extension: (Google-Suche) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-06]
CHR Extension: (FarmVille by Zynga) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchlepkjiaohpppcjacoldhlidbcfhan [2014-08-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (MonitorTab) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognampngfcbddbfemdapefohjiobgbdl [2014-08-19]
CHR Extension: (Google Mail) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-08-01] (APN LLC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-05-23] (Microsoft Corp.)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140819.001\IDSvia64.sys [525016 2014-04-14] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-20] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140819.033\ENG64.SYS [126040 2014-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140819.033\EX64.SYS [2099288 2014-08-14] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 16:26 - 2014-08-20 16:26 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\frst64.exe
2014-08-20 16:24 - 2014-08-20 16:24 - 00000797 _____ () C:\Users\Bears\Desktop\JRT.txt
2014-08-20 16:03 - 2014-08-20 16:03 - 01356107 _____ () C:\Users\Bears\Downloads\adwcleaner_3.305.exe
2014-08-20 15:26 - 2014-08-20 15:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 15:13 - 2014-08-20 15:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bears\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 15:13 - 2014-08-20 15:14 - 01016261 _____ (Thisisu) C:\Users\Bears\Desktop\JRT.exe
2014-08-20 15:13 - 2014-08-20 15:13 - 01361671 _____ () C:\Users\Bears\Desktop\adwcleaner_3.307.exe
2014-08-20 06:42 - 2014-08-20 06:42 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-08-19 18:18 - 2014-08-19 18:18 - 00020795 _____ () C:\ComboFix.txt
2014-08-19 17:49 - 2014-08-19 18:18 - 00000000 ____D () C:\Qoobox
2014-08-19 17:49 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-19 17:49 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-19 17:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-19 17:46 - 2014-08-19 17:47 - 05572251 ____R (Swearware) C:\Users\Bears\Desktop\ComboFix.exe
2014-08-19 17:46 - 2014-08-19 17:46 - 00698207 _____ (Swearware) C:\Users\Bears\Desktop\63d8.tmp
2014-08-19 15:45 - 2014-08-19 15:47 - 00030099 _____ () C:\Users\Bears\Desktop\Addition.txt
2014-08-19 15:42 - 2014-08-20 16:44 - 00019760 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-19 15:41 - 2014-08-20 16:44 - 00000000 ____D () C:\FRST
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:44 - 2014-08-19 13:44 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-15 23:05 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 23:05 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 23:05 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 23:05 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 23:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 23:04 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 20:13 - 2014-08-20 15:48 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-15 14:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 14:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 14:23 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 14:23 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 14:23 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 14:23 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 14:23 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 14:22 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 14:22 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 14:22 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 14:22 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 14:22 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 14:22 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 14:22 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 14:22 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 14:22 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 14:22 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 14:22 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 14:22 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 14:22 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 14:22 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 14:22 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 14:22 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 14:22 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 14:22 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 14:22 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 14:22 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 14:22 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 14:22 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 14:22 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 14:22 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 14:22 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 14:22 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 14:22 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 14:22 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 14:21 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 14:21 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 14:21 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 14:21 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 14:21 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 14:21 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 14:21 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 14:21 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 14:21 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 14:21 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 14:21 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 14:21 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 14:20 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 14:20 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-15 14:19 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 14:19 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:18 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 15:47 - 2014-08-10 14:43 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-03 08:00 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 08:00 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 08:00 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 08:00 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-03 07:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-03 07:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-03 07:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-29 06:49 - 2014-08-19 17:50 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-07-29 06:49 - 2014-07-29 06:48 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-28 06:56 - 2014-04-20 10:57 - 1469569024 _____ () C:\Users\Bears\Downloads\sabotage.xvid-wtr.avi
2014-07-28 06:54 - 2014-04-25 13:56 - 1569753894 _____ () C:\Users\Bears\Downloads\Rio 2 Dschungelfieber.avi
2014-07-28 06:52 - 2014-04-28 06:47 - 1683337216 _____ () C:\Users\Bears\Downloads\Ride.Along.2014.BDRIP.GERMAN.AC3.DUBBED.5.1.XVID-TwixX.avi
2014-07-28 06:49 - 2011-08-22 14:58 - 1540857856 _____ () C:\Users\Bears\Downloads\Red Riding Hood Extended Cut.avi
2014-07-28 06:46 - 2014-05-29 13:42 - 1881094144 _____ () C:\Users\Bears\Downloads\Non-Stop.avi
2014-07-28 06:43 - 2014-05-20 17:51 - 1219786752 _____ () C:\Users\Bears\Downloads\I Frankenstein.avi
2014-07-28 06:41 - 2014-05-07 23:04 - 1263592920 _____ () C:\Users\Bears\Downloads\Death.Zone.Toedlicher.Verrat.German.2013.AC3.BDRiP.XViD-KOC.avi
2014-07-28 06:37 - 2014-05-25 12:55 - 1447895040 _____ () C:\Users\Bears\Downloads\3 Days to Kill.avi
2014-07-28 06:35 - 2014-05-28 19:32 - 1523077120 _____ () C:\Users\Bears\Downloads\X-Men.Zukunft.ist.Vergangenheit.TS.LD.German.XviD-FiSTER.avi
2014-07-28 06:32 - 2014-02-21 10:03 - 1567993856 _____ () C:\Users\Bears\Downloads\Wolkig mit Aussicht auf Fleischfällchen 2 BDRip DL German AC3 XviD-Oxy.avi
2014-07-28 06:29 - 2014-05-23 17:15 - 2329640960 _____ () C:\Users\Bears\Downloads\Wolferine.EXT.HD.de.avi
2014-07-28 06:28 - 2013-07-07 14:28 - 840329736 _____ () C:\Users\Bears\Downloads\Tom.and.Jerry.Meet.Sherlock.Holmes.2010.German.AC3.HDRip.XviD-rahab.avi
2014-07-28 06:25 - 2014-01-05 17:44 - 1374021632 _____ () C:\Users\Bears\Downloads\Shootout-Keine Gnade.avi
2014-07-25 21:51 - 2014-08-20 06:46 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 16:44 - 2014-08-19 15:42 - 00019760 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-20 16:44 - 2014-08-19 15:41 - 00000000 ____D () C:\FRST
2014-08-20 16:31 - 2012-02-20 17:59 - 01976626 _____ () C:\windows\WindowsUpdate.log
2014-08-20 16:26 - 2014-08-20 16:26 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\frst64.exe
2014-08-20 16:24 - 2014-08-20 16:24 - 00000797 _____ () C:\Users\Bears\Desktop\JRT.txt
2014-08-20 16:03 - 2014-08-20 16:03 - 01356107 _____ () C:\Users\Bears\Downloads\adwcleaner_3.305.exe
2014-08-20 15:48 - 2014-08-15 20:13 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 15:46 - 2012-02-20 19:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 15:32 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:32 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:31 - 2012-02-20 09:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-20 15:31 - 2012-02-20 09:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-20 15:31 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-20 15:27 - 2014-07-06 07:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 15:26 - 2014-08-20 15:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 15:26 - 2014-07-06 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 15:26 - 2014-07-06 07:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 15:25 - 2014-06-20 10:06 - 00384500 _____ () C:\FaceProv.log
2014-08-20 15:25 - 2012-02-20 19:10 - 00166219 _____ () C:\windows\system32\fastboot.set
2014-08-20 15:25 - 2012-02-20 19:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 15:25 - 2012-02-20 18:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-08-20 15:24 - 2014-02-28 14:06 - 00383512 _____ () C:\windows\PFRO.log
2014-08-20 15:24 - 2014-02-28 14:06 - 00025365 _____ () C:\windows\setupact.log
2014-08-20 15:24 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-20 15:24 - 2009-07-14 06:45 - 00283104 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-20 15:22 - 2014-03-14 20:29 - 00000000 ____D () C:\AdwCleaner
2014-08-20 15:14 - 2014-08-20 15:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bears\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 15:14 - 2014-08-20 15:13 - 01016261 _____ (Thisisu) C:\Users\Bears\Desktop\JRT.exe
2014-08-20 15:13 - 2014-08-20 15:13 - 01361671 _____ () C:\Users\Bears\Desktop\adwcleaner_3.307.exe
2014-08-20 15:11 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-20 06:46 - 2014-07-25 21:51 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-08-20 06:42 - 2014-08-20 06:42 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-08-19 18:18 - 2014-08-19 18:18 - 00020795 _____ () C:\ComboFix.txt
2014-08-19 18:18 - 2014-08-19 17:49 - 00000000 ____D () C:\Qoobox
2014-08-19 18:18 - 2014-04-23 07:03 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-19 18:11 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-08-19 18:01 - 2012-02-20 18:51 - 00000000 ____D () C:\ProgramData\Temp
2014-08-19 17:50 - 2014-07-29 06:49 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-08-19 17:50 - 2014-04-28 15:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-19 17:47 - 2014-08-19 17:46 - 05572251 ____R (Swearware) C:\Users\Bears\Desktop\ComboFix.exe
2014-08-19 17:46 - 2014-08-19 17:46 - 00698207 _____ (Swearware) C:\Users\Bears\Desktop\63d8.tmp
2014-08-19 15:47 - 2014-08-19 15:45 - 00030099 _____ () C:\Users\Bears\Desktop\Addition.txt
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:58 - 2013-07-23 21:39 - 00000000 ____D () C:\Users\Bears
2014-08-19 13:44 - 2014-08-19 13:44 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-18 19:55 - 2013-11-29 14:00 - 02258336 _____ () C:\windows\system32\PsBoot.log
2014-08-18 19:55 - 2013-11-29 14:00 - 00273468 _____ () C:\windows\system32\defragLog.log
2014-08-18 19:45 - 2013-11-26 21:56 - 00007607 _____ () C:\Users\Bears\AppData\Local\Resmon.ResmonCfg
2014-08-18 19:33 - 2014-04-27 10:49 - 00000000 ____D () C:\Users\Bears\Desktop\Bilder
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:04 - 2013-07-23 21:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-16 07:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 23:34 - 2013-08-11 09:46 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 23:20 - 2013-08-02 12:18 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 23:03 - 2014-05-07 12:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 19:47 - 2012-02-20 19:08 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:43 - 2014-08-10 15:47 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 20:12 - 2013-10-10 10:52 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-08-07 04:06 - 2014-08-15 14:19 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 14:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-04 09:28 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-01 01:41 - 2014-08-15 14:22 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 14:22 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-29 06:49 - 2013-08-30 09:35 - 00000000 ____D () C:\Users\Bears\AppData\Local\Opera Software
2014-07-29 06:49 - 2013-08-30 09:34 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\Opera Software
2014-07-29 06:48 - 2014-07-29 06:49 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-26 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4
2014-07-25 20:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-25 16:52 - 2014-08-15 14:21 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 14:22 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 14:22 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 14:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-15 14:21 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-15 14:22 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 14:21 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 14:22 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 14:22 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 14:22 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 15:00 - 2014-08-15 14:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 14:59 - 2014-08-15 14:21 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 14:21 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 14:22 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 14:22 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-15 14:21 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-15 14:22 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 14:21 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 14:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 14:22 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-15 14:21 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-15 14:22 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 14:22 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 14:22 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 14:22 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 14:22 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 14:22 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 14:22 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 14:21 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 14:22 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 14:22 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 14:22 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 14:22 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 13:13 - 2014-08-15 14:22 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 14:22 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 14:22 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 14:22 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 14:21 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 14:22 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 14:21 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 14:22 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 14:22 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 14:22 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 22:20 - 2013-08-11 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Bears\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-24 18:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Bears at 2014-08-20 16:45:33
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.466.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.125 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version:  - )
Opera Stable 23.0.1522.77 (HKLM-x32\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C0F05}) (Version: 12.15.5.30 - APN, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 15:50:10 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-19 18:11 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {6351D691-F198-4313-842E-EE625CA19197} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {72FD8E7D-36DB-41F1-B427-133AB9934E06} - System32\Tasks\Opera scheduled Autoupdate 1406609335 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-14] (Opera Software)
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
Task: {898D92C9-DE22-43F9-B058-6F9854B7CCC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {9B8585EE-A5A9-40DC-BA11-0B85B5C526A5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D038744C-F6D6-4811-BBD8-C8DC7C9945C3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 07:59 - 2011-08-10 07:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 05:20 - 2012-02-20 19:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-08-10 07:59 - 2011-08-10 07:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 16:21 - 2011-03-14 16:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 08:02 - 2011-08-10 08:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-19 18:10:00.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:59.828
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:59.344
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:58.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.685
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.295
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 63%
Total physical RAM: 1642.9 MB
Available physical RAM: 595.75 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1848.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:156.77 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FD22277B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================

M-K-D-B 20.08.2014 17:01
Servus,


kommt immer noch die Meldung bezüglich des Plugins?

Wenn ja, wie lautet die Meldung genau?

mamabear 21.08.2014 05:56
Hallo,

ja die Meldung kommt immer noch.
"Das Plug-in "Shockwave Flash" verlangsamt Ihren Computer. Sie können warten, bis er wieder korrekt arbeitet, oder es jetzt anhalten."
Das ist die Meldung die ich immer bekomme.

M-K-D-B 21.08.2014 09:09
Servus,


installiere dir die aktuellste Version von Shockwave von hier.
Dazu mit jedem Browser diese Seite besuchen und den Installtionsanweisungen folgen.


Starte den Rechner im Abschluss neu auf.




Kommen danach die Meldungen immer noch?


Kontrolle mit FRST bitte:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

mamabear 22.08.2014 08:09
Hallo,
bei Crome kommt die Meldung immer noch, bei den anderen Browser nicht mehr.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Bears (administrator) on BEARS-PC on 21-08-2014 19:37:14
Running from C:\Users\Bears\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368728 2014-05-23] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {E218120C-E828-4DC5-9E15-3097E139037A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A010DE714&p={SearchTerms}
SearchScopes: HKCU - {E218120C-E828-4DC5-9E15-3097E139037A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A010DE714&p={SearchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-08-21]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSuggestURL: hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Internet Speed Test) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2014-08-19]
CHR Extension: (Google Docs) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]
CHR Extension: (Google Drive) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (WOT) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-06]
CHR Extension: (Google-Suche) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-06]
CHR Extension: (FarmVille by Zynga) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchlepkjiaohpppcjacoldhlidbcfhan [2014-08-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (MonitorTab) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognampngfcbddbfemdapefohjiobgbdl [2014-08-19]
CHR Extension: (Google Mail) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-08-01] (APN LLC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-05-23] (Microsoft Corp.)
S2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140820.001\IDSvia64.sys [525016 2014-04-14] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140820.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140820.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:26 - 2014-08-21 19:26 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Bears\Downloads\Shockwave_Installer_Slim.exe
2014-08-21 19:21 - 2014-08-21 19:22 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Bears\Desktop\Shockwave_Installer_Slim.exe
2014-08-20 16:26 - 2014-08-20 16:26 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\frst64.exe
2014-08-20 16:24 - 2014-08-20 16:24 - 00000797 _____ () C:\Users\Bears\Desktop\JRT.txt
2014-08-20 16:03 - 2014-08-20 16:03 - 01356107 _____ () C:\Users\Bears\Downloads\adwcleaner_3.305.exe
2014-08-20 15:26 - 2014-08-20 15:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 15:13 - 2014-08-20 15:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bears\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 15:13 - 2014-08-20 15:14 - 01016261 _____ (Thisisu) C:\Users\Bears\Desktop\JRT.exe
2014-08-20 15:13 - 2014-08-20 15:13 - 01361671 _____ () C:\Users\Bears\Desktop\adwcleaner_3.307.exe
2014-08-20 06:42 - 2014-08-20 06:42 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-08-19 18:18 - 2014-08-19 18:18 - 00020795 _____ () C:\ComboFix.txt
2014-08-19 17:49 - 2014-08-19 18:18 - 00000000 ____D () C:\Qoobox
2014-08-19 17:49 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-19 17:49 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-19 17:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-19 17:49 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-19 17:46 - 2014-08-19 17:47 - 05572251 ____R (Swearware) C:\Users\Bears\Desktop\ComboFix.exe
2014-08-19 17:46 - 2014-08-19 17:46 - 00698207 _____ (Swearware) C:\Users\Bears\Desktop\63d8.tmp
2014-08-19 15:45 - 2014-08-20 16:46 - 00023709 _____ () C:\Users\Bears\Desktop\Addition.txt
2014-08-19 15:42 - 2014-08-21 19:38 - 00019423 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-19 15:41 - 2014-08-21 19:37 - 00000000 ____D () C:\FRST
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:44 - 2014-08-20 16:54 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-15 23:05 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 23:05 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 23:05 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 23:05 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 23:05 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 23:04 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 23:04 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 20:13 - 2014-08-21 07:50 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-15 14:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 14:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 14:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 14:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 14:23 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 14:23 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 14:23 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 14:23 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 14:23 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 14:23 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 14:23 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 14:22 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 14:22 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 14:22 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 14:22 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 14:22 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 14:22 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 14:22 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 14:22 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 14:22 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 14:22 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 14:22 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 14:22 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 14:22 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 14:22 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 14:22 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 14:22 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 14:22 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 14:22 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 14:22 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 14:22 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 14:22 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 14:22 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 14:22 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 14:22 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 14:22 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 14:22 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 14:22 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 14:22 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 14:22 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 14:22 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 14:22 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 14:22 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 14:22 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 14:22 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 14:22 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 14:22 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 14:22 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 14:22 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 14:21 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 14:21 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 14:21 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 14:21 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 14:21 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 14:21 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 14:21 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 14:21 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 14:21 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 14:21 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 14:21 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 14:21 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 14:20 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 14:20 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-15 14:19 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 14:19 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:18 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 15:47 - 2014-08-10 14:43 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:45 - 2014-08-10 14:43 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-03 08:00 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 08:00 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 08:00 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 08:00 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-03 07:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-03 07:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-03 07:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-03 07:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-03 07:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-29 06:49 - 2014-08-19 17:50 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-07-29 06:49 - 2014-07-29 06:48 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-28 06:56 - 2014-04-20 10:57 - 1469569024 _____ () C:\Users\Bears\Downloads\sabotage.xvid-wtr.avi
2014-07-28 06:54 - 2014-04-25 13:56 - 1569753894 _____ () C:\Users\Bears\Downloads\Rio 2 Dschungelfieber.avi
2014-07-28 06:52 - 2014-04-28 06:47 - 1683337216 _____ () C:\Users\Bears\Downloads\Ride.Along.2014.BDRIP.GERMAN.AC3.DUBBED.5.1.XVID-TwixX.avi
2014-07-28 06:49 - 2011-08-22 14:58 - 1540857856 _____ () C:\Users\Bears\Downloads\Red Riding Hood Extended Cut.avi
2014-07-28 06:46 - 2014-05-29 13:42 - 1881094144 _____ () C:\Users\Bears\Downloads\Non-Stop.avi
2014-07-28 06:43 - 2014-05-20 17:51 - 1219786752 _____ () C:\Users\Bears\Downloads\I Frankenstein.avi
2014-07-28 06:41 - 2014-05-07 23:04 - 1263592920 _____ () C:\Users\Bears\Downloads\Death.Zone.Toedlicher.Verrat.German.2013.AC3.BDRiP.XViD-KOC.avi
2014-07-28 06:37 - 2014-05-25 12:55 - 1447895040 _____ () C:\Users\Bears\Downloads\3 Days to Kill.avi
2014-07-28 06:35 - 2014-05-28 19:32 - 1523077120 _____ () C:\Users\Bears\Downloads\X-Men.Zukunft.ist.Vergangenheit.TS.LD.German.XviD-FiSTER.avi
2014-07-28 06:32 - 2014-02-21 10:03 - 1567993856 _____ () C:\Users\Bears\Downloads\Wolkig mit Aussicht auf Fleischfällchen 2 BDRip DL German AC3 XviD-Oxy.avi
2014-07-28 06:29 - 2014-05-23 17:15 - 2329640960 _____ () C:\Users\Bears\Downloads\Wolferine.EXT.HD.de.avi
2014-07-28 06:28 - 2013-07-07 14:28 - 840329736 _____ () C:\Users\Bears\Downloads\Tom.and.Jerry.Meet.Sherlock.Holmes.2010.German.AC3.HDRip.XviD-rahab.avi
2014-07-28 06:25 - 2014-01-05 17:44 - 1374021632 _____ () C:\Users\Bears\Downloads\Shootout-Keine Gnade.avi
2014-07-25 21:51 - 2014-08-20 06:46 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:38 - 2014-08-19 15:42 - 00019423 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-08-21 19:37 - 2014-08-19 15:41 - 00000000 ____D () C:\FRST
2014-08-21 19:37 - 2012-02-20 19:10 - 00175567 _____ () C:\windows\system32\fastboot.set
2014-08-21 19:36 - 2014-06-20 10:06 - 00391659 _____ () C:\FaceProv.log
2014-08-21 19:36 - 2014-02-28 14:06 - 00025533 _____ () C:\windows\setupact.log
2014-08-21 19:36 - 2012-02-20 19:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 19:36 - 2012-02-20 18:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-08-21 19:36 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-21 19:34 - 2012-02-20 17:59 - 02003892 _____ () C:\windows\WindowsUpdate.log
2014-08-21 19:29 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:29 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:26 - 2014-08-21 19:26 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Bears\Downloads\Shockwave_Installer_Slim.exe
2014-08-21 19:25 - 2012-02-20 09:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-21 19:25 - 2012-02-20 09:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-21 19:25 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-21 19:22 - 2014-08-21 19:21 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Bears\Desktop\Shockwave_Installer_Slim.exe
2014-08-21 19:21 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-21 19:18 - 2009-07-14 06:45 - 00283104 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-21 07:58 - 2012-02-20 19:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 07:50 - 2014-08-15 20:13 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 16:54 - 2014-08-19 13:44 - 00001164 _____ () C:\Malwarebytes.txt
2014-08-20 16:46 - 2014-08-19 15:45 - 00023709 _____ () C:\Users\Bears\Desktop\Addition.txt
2014-08-20 16:26 - 2014-08-20 16:26 - 02101760 _____ (Farbar) C:\Users\Bears\Desktop\frst64.exe
2014-08-20 16:24 - 2014-08-20 16:24 - 00000797 _____ () C:\Users\Bears\Desktop\JRT.txt
2014-08-20 16:03 - 2014-08-20 16:03 - 01356107 _____ () C:\Users\Bears\Downloads\adwcleaner_3.305.exe
2014-08-20 15:27 - 2014-07-06 07:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 15:26 - 2014-08-20 15:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 15:26 - 2014-07-06 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 15:26 - 2014-07-06 07:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 15:24 - 2014-02-28 14:06 - 00383512 _____ () C:\windows\PFRO.log
2014-08-20 15:22 - 2014-03-14 20:29 - 00000000 ____D () C:\AdwCleaner
2014-08-20 15:14 - 2014-08-20 15:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bears\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 15:14 - 2014-08-20 15:13 - 01016261 _____ (Thisisu) C:\Users\Bears\Desktop\JRT.exe
2014-08-20 15:13 - 2014-08-20 15:13 - 01361671 _____ () C:\Users\Bears\Desktop\adwcleaner_3.307.exe
2014-08-20 06:46 - 2014-07-25 21:51 - 00000000 ____D () C:\Users\Bears\Downloads\coupons
2014-08-20 06:42 - 2014-08-20 06:42 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-08-19 18:18 - 2014-08-19 18:18 - 00020795 _____ () C:\ComboFix.txt
2014-08-19 18:18 - 2014-08-19 17:49 - 00000000 ____D () C:\Qoobox
2014-08-19 18:18 - 2014-04-23 07:03 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-19 18:11 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-08-19 18:01 - 2012-02-20 18:51 - 00000000 ____D () C:\ProgramData\Temp
2014-08-19 17:50 - 2014-07-29 06:49 - 00003850 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1406609335
2014-08-19 17:50 - 2014-04-28 15:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-19 17:47 - 2014-08-19 17:46 - 05572251 ____R (Swearware) C:\Users\Bears\Desktop\ComboFix.exe
2014-08-19 17:46 - 2014-08-19 17:46 - 00698207 _____ (Swearware) C:\Users\Bears\Desktop\63d8.tmp
2014-08-19 15:25 - 2014-08-19 15:25 - 00003084 _____ () C:\windows\System32\Tasks\{3924345F-1B91-40EC-A50F-CABE4173EEBC}
2014-08-19 13:58 - 2014-08-19 13:58 - 00000000 _____ () C:\Users\Bears\defogger_reenable
2014-08-19 13:58 - 2013-07-23 21:39 - 00000000 ____D () C:\Users\Bears
2014-08-18 19:55 - 2013-11-29 14:00 - 02258336 _____ () C:\windows\system32\PsBoot.log
2014-08-18 19:55 - 2013-11-29 14:00 - 00273468 _____ () C:\windows\system32\defragLog.log
2014-08-18 19:45 - 2013-11-26 21:56 - 00007607 _____ () C:\Users\Bears\AppData\Local\Resmon.ResmonCfg
2014-08-18 19:33 - 2014-04-27 10:49 - 00000000 ____D () C:\Users\Bears\Desktop\Bilder
2014-08-18 14:43 - 2014-08-18 14:43 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-08-18 14:31 - 2014-08-18 14:31 - 01361671 _____ () C:\Users\Bears\Downloads\adwcleaner_3.307.exe
2014-08-18 14:04 - 2013-07-23 21:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\windows\jumpshot.com
2014-08-16 07:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 23:34 - 2013-08-11 09:46 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 23:20 - 2013-08-02 12:18 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 23:03 - 2014-05-07 12:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 20:13 - 2014-08-15 20:13 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:13 - 2014-08-15 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:13 - 2014-08-15 20:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 19:47 - 2012-02-20 19:08 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 14:36 - 2014-08-15 14:36 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Users\Bears\AppData\Local\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-10 16:19 - 2014-08-10 16:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 16:16 - 2014-08-10 16:16 - 00000000 ____D () C:\ProgramData\Sun
2014-08-10 14:45 - 2014-08-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:43 - 2014-08-10 15:47 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-10 14:43 - 2014-08-10 14:45 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 14:43 - 2014-08-10 14:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 20:12 - 2013-10-10 10:52 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-08-07 04:06 - 2014-08-15 14:19 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 14:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-04 09:28 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-01 01:41 - 2014-08-15 14:22 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 14:22 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-29 06:49 - 2013-08-30 09:35 - 00000000 ____D () C:\Users\Bears\AppData\Local\Opera Software
2014-07-29 06:49 - 2013-08-30 09:34 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\Opera Software
2014-07-29 06:48 - 2014-07-29 06:49 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieUserList
2014-07-28 07:16 - 2014-07-28 07:16 - 00000000 __SHD () C:\Users\Bears\AppData\Local\EmieSiteList
2014-07-26 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2014-07-25 21:49 - 2014-07-25 21:49 - 00000000 ____D () C:\Users\Bears\Downloads\Transformers 4
2014-07-25 20:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-25 16:52 - 2014-08-15 14:21 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 14:22 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 14:22 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 14:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-15 14:21 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-15 14:22 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 14:21 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 14:22 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 14:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 14:22 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 14:22 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 15:00 - 2014-08-15 14:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 14:59 - 2014-08-15 14:21 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 14:21 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 14:22 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 14:22 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 14:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 14:22 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-15 14:21 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-15 14:22 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 14:21 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 14:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 14:22 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-15 14:21 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-15 14:22 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 14:22 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 14:22 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 14:22 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 14:22 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 14:22 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 14:22 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 14:22 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 14:21 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 14:22 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 14:22 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 14:22 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 14:22 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:19 - 2013-08-11 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 13:13 - 2014-08-15 14:22 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 14:22 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 14:22 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 14:22 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 14:21 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 14:22 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 14:21 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 14:22 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 14:22 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 14:22 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 22:20 - 2013-08-11 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Bears\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-24 18:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Bears at 2014-08-20 16:45:33
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.466.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.125 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version:  - )
Opera Stable 23.0.1522.77 (HKLM-x32\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C0F05}) (Version: 12.15.5.30 - APN, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 15:50:10 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-19 18:11 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {6351D691-F198-4313-842E-EE625CA19197} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {72FD8E7D-36DB-41F1-B427-133AB9934E06} - System32\Tasks\Opera scheduled Autoupdate 1406609335 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-14] (Opera Software)
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
Task: {898D92C9-DE22-43F9-B058-6F9854B7CCC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {9B8585EE-A5A9-40DC-BA11-0B85B5C526A5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D038744C-F6D6-4811-BBD8-C8DC7C9945C3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 07:59 - 2011-08-10 07:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 05:20 - 2012-02-20 19:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-08-10 07:59 - 2011-08-10 07:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 16:21 - 2011-03-14 16:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 08:02 - 2011-08-10 08:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-20 18:57 - 2012-02-20 18:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-19 18:10:00.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:59.828
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:59.344
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 18:09:58.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.685
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.295
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

M-K-D-B 22.08.2014 09:04
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Setze Google Chrome nach dieser Anleitung zurück.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

mamabear 22.08.2014 20:08
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Bears at 2014-08-22 13:17:09 Run:1
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
EmptyTemp:
end
       
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75699AB8-8715-4908-AD22-FB902EB2565F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75699AB8-8715-4908-AD22-FB902EB2565F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F}" => Key deleted successfully.
EmptyTemp: => Removed 206.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Bears at 2014-08-22 13:17:09 Run:1
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {75699AB8-8715-4908-AD22-FB902EB2565F} - \FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F} No Task File <==== ATTENTION
EmptyTemp:
end
       
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75699AB8-8715-4908-AD22-FB902EB2565F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75699AB8-8715-4908-AD22-FB902EB2565F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {548A154F-A310-4B08-9219-02CD27AD383F}" => Key deleted successfully.
EmptyTemp: => Removed 206.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
[CODEResults of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
McAfee SiteAdvisor
Secunia PSI (3.0.0.9016)
Java 7 Update 67
Adobe Flash Player 14.0.0.179
Adobe Reader XI
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
][/CODE]

M-K-D-B 23.08.2014 08:39
Servus,



du hast zweimal die Logdatei von FRST gepostet.

Bitte noch ESET nachreichen. :)

mamabear 23.08.2014 10:14
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eb4c5e7f883474899c6e81227b0869f
# engine=19793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-23 09:07:50
# local_time=2014-08-23 11:07:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 15062 171381455 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3034288 160414720 0 0
# scanned=150899
# found=7
# cleaned=0
# scan_time=9691
sh=73FF467206936BAE1953608F5B0ACE484B3DAE04 ft=1 fh=ac9b0505cd52dedb vn="Win32/VOPackage.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=86AF94712DF9DBEAE50B427B8FBE744E137621C2 ft=1 fh=3ca50e38874275da vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI68C5.tmp-\Smartbar.Personalization.Settings.PublisherSettingsManager.dll"
sh=8C409DCBDBA7A09821B9B9BBE9391F8F3C33D504 ft=1 fh=d5332291ad9241d4 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI68C5.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=98D3D3FDA5406CB3610886FF68B52A55B62DAF45 ft=1 fh=6be2cc069ea836e4 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI68C5.tmp-\Smartbar.Resources.SetBrowsersSettings.dll"
sh=934B38A3ECC7EC3FB88A15AD1707F19719F71661 ft=1 fh=c71c00111a034b54 vn="Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Bears_AppData_Local_AnyProtectScannerSetup.exe.vir"
sh=432AFF6E7E0878D361D0294B8CC7FDFC6A2C3286 ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH Trojaner" ac=I fn="D:\BEARS-PC\Backup Set 2012-05-03 161935\Backup Files 2012-05-06 193858\Backup files 4.zip"
sh=CF96035BF2CE60D60511630EC6237F2809D5EE7F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="D:\BEARS-PC\Backup Set 2012-05-03 161935\Backup Files 2012-05-13 191257\Backup files 1.zip"


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55