Trojaner-Board - Windows 7 Trojaner eingefangen, evtl. Win64/Sathurbot.A, Win32/Kryptik.CMWL, Win64/Sathurbot.A u. a.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7 Trojaner eingefangen, evtl. Win64/Sathurbot.A, Win32/Kryptik.CMWL, Win64/Sathurbot.A u. a. (https://www.trojaner-board.de/159542-windows-7-trojaner-eingefangen-evtl-win64-sathurbot-a-win32-kryptik-cmwl-win64-sathurbot-a-u-a.html)

Windows 7 Trojaner eingefangen, evtl. Win64/Sathurbot.A, Win32/Kryptik.CMWL, Win64/Sathurbot.A u. a.

Hallo,
ich habe ein Windows 7 x64 Notebook und habe mir mehrere Trojaner eingefangen.
Ich habe AVG-Antivirus und Microsoft Security Essentials installiert und beide haben gemeldet etwas gefunden zu haben und haben mich dadurch auf mein Problem aufmerksam gemacht.
Beide sind leider nicht in der Lage mein System zu reinigen. Nach jedem Neustart kommen die Meldungen wieder.

Außerdem wird beim Surfen im Internet (ich verwende Chrome) regelmäßig anstatt des angeklickten Links eine Werbewebsite geöffnet.
Windows installiert bei mir Updates automatisch und ist auf dem aktuellen Stand.

Ich habe auch mit Eset nach Viren & Trojanern gesucht und auch Eset hat einiges gefunden.

Vielen Dank im Voraus für eure Hilfe! Was ihr hier leistet ist wirklich genial!

Anbei die Protokolle:

AVG:

Code:

Identity Protection Erkennung

"Name der Bedrohung"        "Status"        "Erkennungszeit"        "Objekttyp"        "Prozess"

"Allgemeine Verhaltenserkennung, C:\PROGRAMDATA\MICROSOFT\SECURE\ICONS\TEMP\TMP621C.EXE"        "Gesichert"        "07.10.2014, 17:57:59"        "Datei oder Verzeichnis"        ""

"Allgemeine Verhaltenserkennung, C:\PROGRAMDATA\MICROSOFT\SECURE\ICONS\TEMP\TMP98E4.EXE"        "Gesichert"        "30.09.2014, 19:16:55"        "Datei oder Verzeichnis"        ""

"Allgemeine Verhaltenserkennung, C:\PROGRAMDATA\MICROSOFT\SECURE\ICONS\TEMP\TMP975E.EXE"        "Gesichert"        "02.10.2014, 19:39:18"        "Datei oder Verzeichnis"        ""

"Allgemeine Verhaltenserkennung, C:\PROGRAMDATA\MICROSOFT\SECURE\ICONS\TEMP\TMP9EFC.EXE"        "Gesichert"        "30.09.2014, 19:10:07"        "Datei oder Verzeichnis"        ""

"IDP.Generic.4AED47CC, C:\Users\*****\AppData\Local\UVmedia\WhipFilter.dll"        "Gesichert"        "02.10.2014, 19:43:02"        "Datei oder Verzeichnis"        ""

"IDP.Generic.4AED47CC, C:\Users\*****\AppData\Local\ATworks\DWF_VShell.dll"        "Gesichert"        "28.09.2014, 13:23:14"        "Datei oder Verzeichnis"        ""

"IDP.Trojan.3A8E8BDD, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2EFB.exe"        "Gesichert"        "30.09.2014, 19:13:18"        "Datei oder Verzeichnis"        ""

"IDP.Trojan.CB452937, C:\ProgramData\Sony Corporation\PMB\Installer\PMHOME.exe"        "Gesichert"        "26.07.2014, 12:59:56"        "Datei oder Verzeichnis"        ""

"Unknown, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB17.exe"        "Infiziert"        "28.09.2014, 13:42:52"        "Datei oder Verzeichnis"        ""

"Unknown, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4441.exe"        "Gesichert"        "28.09.2014, 13:40:10"        "Datei oder Verzeichnis"        ""

"Unknown, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8BE0.exe"        "Gesichert"        "28.09.2014, 18:05:51"        "Datei oder Verzeichnis"        ""

"Unknown, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7416.exe"        "Gesichert"        "05.10.2014, 16:19:48"        "Datei oder Verzeichnis"        ""

"Unknown, C:\Users\*****\AppData\Roaming\Veusdin\nobobi.exe"        "Infiziert"        "05.10.2014, 20:21:11"        "Datei oder Verzeichnis"        ""

"Unknown, C:\Users\*****\AppData\Roaming\Veusdin\nobobi.exe"        "Gesichert"        "06.10.2014, 19:49:47"        "Datei oder Verzeichnis"        ""

"Unknown, C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\PrivateTunnel.exe"        "Gesichert"        "02.03.2014, 08:09:07"        "Prozess"        ""

Eset:

Code:

C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll        Variante von Win64/Sathurbot.A Trojaner        

C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB74.exe        Variante von Win32/Kryptik.CMWL Trojaner        

C:\FTV\apps\tr.apk        Android/Exploit.Towel.A Trojaner        gelöscht - in Quarantäne kopiert

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll        Variante von Win64/Sathurbot.A Trojaner        Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert

C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB74.exe        Variante von Win32/Kryptik.CMWL Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Users\*****\AppData\Local\ATworks\mc_dv_proHD.dll        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung        gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert

C:\Users\*****\Downloads\FTV_v0.23.zip        Android/Exploit.Towel.A Trojaner        gelöscht - in Quarantäne kopiert

C:\Users\*****\Dropbox\TitaniumBackup\Note3\de.trier.infsec.koch.droidsheep-aec222945a7c54ea909ee987b37574a1.apk.gz.vir        Android/HackTool.DroidSheep.A potenziell unsichere Anwendung        gelöscht - in Quarantäne kopiert

G:\HOMER\Backup Set 2014-07-11 195325\Backup Files 2014-07-11 195325\Backup files 17.zip        Variante von Win32/Packed.NoobyProtect.B evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert

G:\HOMER\Backup Set 2014-07-11 195325\Backup Files 2014-07-11 195325\Backup files 211.zip        Android/HackTool.DroidSheep.A potenziell unsichere Anwendung        gelöscht - in Quarantäne kopiert

G:\HOMER\Backup Set 2014-07-11 195325\Backup Files 2014-10-02 160456\Backup files 3.zip        Variante von Win64/Sathurbot.A Trojaner        gelöscht - in Quarantäne kopiert

Arbeitsspeicher        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung        Enthielt infizierte Datei(en)

FRST:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01

Ran by ***** (administrator) on HOMER on 08-10-2014 15:33:58

Running from C:\Users\*****\Downloads

Loaded Profile: ***** (Available profiles: ***** & Saal_2)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [ATworks] => regsvr32.exe C:\Users\*****\AppData\Local\ATworks\mc_dv_proHD.dll <===== ATTENTION

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\MountPoints2: {5ddbbf33-28ed-11e4-8ebc-0021cc6c4608} - F:\SetupWi-Fi.exe

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\MountPoints2: {6786310a-b685-11e3-8b4b-0021cc6c4608} - F:\MotorolaDeviceManagerSetup.exe -a

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\MountPoints2: {ab09d10e-22f0-11e4-befb-0021cc6c4608} - F:\SetupWi-Fi.exe

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\MountPoints2: {ab09d12d-22f0-11e4-befb-0021cc6c4608} - F:\SetupWi-Fi.exe

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\MountPoints2: {dd0ccfa9-2363-11e4-b94a-0021cc6c4608} - F:\SetupWi-Fi.exe

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk

ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

Startup: C:\Users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk

ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-08-20]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.de/

CHR StartupUrls: Default -> "hxxp://jw.org/"

CHR DefaultSearchKeyword: Default -> 9EBFA32934A79B33AFADFE1FE72A1DEE0235DC647285FF5BD0630C39E9CEE7A6

CHR DefaultSearchURL: Default -> DF1094A862136371041EF75098A471342A563B3CDC64F9963B331EE409C08C3B

CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]

CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]

CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]

CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]

CHR Extension: (Media Hint) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-09-28]

CHR Extension: (Excel Online) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-04-17]

CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                         )

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [105984 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [30720 2013-01-23] (Huawei Technologies Co., Ltd.) [File not signed]

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2014-08-17] (Fuzhou Rockchip Electronics Co,Ltd.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)

S1 arfbwqdh; \??\C:\Windows\system32\drivers\arfbwqdh.sys [X]

S1 camvqqvf; \??\C:\Windows\system32\drivers\camvqqvf.sys [X]

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-08 15:33 - 2014-10-08 15:34 - 00026013 _____ () C:\Users\*****\Downloads\FRST.txt

2014-10-08 15:33 - 2014-10-08 15:34 - 00000000 ____D () C:\FRST

2014-10-08 15:33 - 2014-10-08 15:33 - 02109952 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe

2014-10-08 15:32 - 2014-10-08 15:32 - 00000474 _____ () C:\Users\*****\Downloads\defogger_disable.log

2014-10-08 15:32 - 2014-10-08 15:32 - 00000000 _____ () C:\Users\*****\defogger_reenable

2014-10-08 15:31 - 2014-10-08 15:31 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe

2014-10-08 07:33 - 2014-10-08 07:33 - 00001766 _____ () C:\Users\*****\Desktop\eset.txt

2014-10-07 20:06 - 2014-10-07 20:06 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe

2014-10-07 19:21 - 2014-10-07 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-07 19:20 - 2014-10-07 19:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe

2014-10-07 19:20 - 2014-10-07 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-07 19:20 - 2014-10-07 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-07 19:20 - 2014-10-07 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-07 19:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-07 19:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-07 19:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-07 18:47 - 2014-10-07 18:47 - 00000000 ____D () C:\Windows\ERUNT

2014-10-06 20:29 - 2014-10-06 20:59 - 00000000 ____D () C:\FTV

2014-10-06 20:23 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 17:04 - 2014-10-06 19:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Veusdin

2014-09-30 20:25 - 2014-09-30 20:26 - 153796568 _____ (AVG Technologies) C:\Users\*****\Downloads\avg_free_x86_all_2015_5315a8160.exe

2014-09-28 17:51 - 2014-09-28 17:51 - 00000213 _____ () C:\Users\*****\.swfinfo

2014-09-28 13:25 - 2014-10-07 18:00 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-28 13:22 - 2014-10-07 23:49 - 00000000 ____D () C:\Users\*****\AppData\Local\ATworks

2014-09-28 13:22 - 2014-09-28 13:23 - 00000000 ____D () C:\Users\*****\AppData\Local\UVmedia

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\Program Files\MPC-HC

2014-09-24 21:11 - 2014-09-24 21:12 - 63850156 _____ () C:\Users\*****\Downloads\xbmc-13.2-Gotham.exe

2014-09-24 21:09 - 2014-09-24 21:09 - 01609767 _____ () C:\Users\*****\Downloads\plugin.video.streamzto-0.2.6.zip

2014-09-24 21:07 - 2014-09-28 20:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XBMC

2014-09-24 21:07 - 2014-09-24 21:08 - 08046503 _____ () C:\Users\*****\Downloads\script.streamztv-0.0.6alpha.zip

2014-09-24 21:07 - 2014-09-24 21:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC

2014-09-24 21:06 - 2014-09-24 21:12 - 00000000 ____D () C:\Program Files (x86)\XBMC

2014-09-24 21:05 - 2014-09-24 21:05 - 59604731 _____ () C:\Users\*****\Downloads\xbmc-12.3.exe

2014-09-20 15:08 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FormPrinter

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\Program Files\FormPrinter

2014-09-20 14:09 - 2014-09-20 14:09 - 02312498 _____ ( ) C:\Users\*****\Downloads\FormPrinter_Free_Setup.exe

2014-09-14 15:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 15:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 15:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 15:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 15:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 15:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 15:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 15:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-14 15:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 15:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 15:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 15:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-14 15:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-14 15:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 15:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 15:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-14 15:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-09-14 13:19 - 2014-09-14 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 12:52 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 12:52 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 12:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-09 20:27 - 2014-09-09 20:27 - 113694849 _____ () C:\Users\*****\Downloads\G I R L - Pharrell Williams.zip

2014-09-09 19:32 - 2014-09-09 19:33 - 00000000 ____D () C:\ProgramData\13208b219e95daaa

2014-09-09 19:32 - 2014-09-09 19:32 - 00000442 __RSH () C:\ProgramData\ntuser.pol

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\*****\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Saal_2\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-08 15:32 - 2014-03-01 16:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-08 15:32 - 2014-03-01 15:21 - 00000000 ____D () C:\Users\*****

2014-10-08 15:31 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat

2014-10-08 15:31 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat

2014-10-08 15:31 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-08 15:30 - 2014-03-01 16:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-08 15:30 - 2014-03-01 16:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-08 15:30 - 2014-03-01 15:21 - 01834863 _____ () C:\Windows\WindowsUpdate.log

2014-10-08 15:27 - 2014-03-02 20:37 - 00000000 ___RD () C:\Users\*****\Dropbox

2014-10-08 15:27 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox

2014-10-08 15:27 - 2014-03-02 20:21 - 00000000 ___RD () C:\Users\*****\Google Drive

2014-10-08 15:26 - 2014-03-01 15:43 - 00024154 _____ () C:\Windows\PFRO.log

2014-10-08 15:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-08 15:26 - 2009-07-14 06:51 - 00093095 _____ () C:\Windows\setupact.log

2014-10-08 07:35 - 2014-03-02 22:02 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass

2014-10-07 20:00 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-07 20:00 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-05 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-10-05 16:18 - 2014-03-03 21:30 - 00053028 _____ () C:\QcOSD.txt

2014-10-04 08:54 - 2014-03-07 19:47 - 00000000 ____D () C:\Users\*****\Downloads\HDDScan-3.3

2014-10-03 00:53 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2

2014-10-03 00:53 - 2014-03-01 16:40 - 00000000 ____D () C:\ProgramData\lenovo

2014-10-03 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-10-02 20:10 - 2014-03-02 21:18 - 00007609 _____ () C:\Users\*****\AppData\Local\resmon.resmoncfg

2014-09-28 13:23 - 2014-03-02 08:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\uTorrent

2014-09-28 12:12 - 2014-03-03 19:19 - 00000000 ____D () C:\Users\*****\.freemind

2014-09-23 18:32 - 2014-03-01 16:40 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-09-22 08:42 - 2014-03-01 15:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 13:30 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-19 15:26 - 2014-05-03 10:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity

2014-09-17 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-17 19:01 - 2014-03-02 16:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 16:21 - 2014-03-02 17:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-14 15:28 - 2014-03-01 15:48 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 15:27 - 2014-03-02 10:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 15:24 - 2014-03-02 10:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-14 13:30 - 2014-03-01 16:38 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HpUpdate

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-09-14 13:14 - 2014-03-29 16:28 - 00049802 _____ () C:\Windows\ZTEInstallInfo.log

2014-09-14 13:14 - 2014-03-29 16:28 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB

2014-09-14 13:14 - 2014-03-01 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-10 18:03 - 2014-03-02 19:11 - 00000000 ____D () C:\Users\*****\Documents\Jasmin

2014-09-09 20:56 - 2014-03-13 19:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag

2014-09-09 19:32 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2\AppData\Local\Google

2014-09-09 19:32 - 2014-03-01 16:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Google

2014-09-09 19:32 - 2014-03-01 16:43 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-09 19:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-09 19:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 

Some content of TEMP:

====================

C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcuzgn.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-06 20:10
 

==================== End Of Log ============================

FRST Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01

Ran by ***** at 2014-10-08 15:34:28

Running from C:\Users\*****\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)

Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Auerswald COMset 2.7.2 (HKLM-x32\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4037 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

calibre (HKLM-x32\...\{39509A2F-C63C-404E-A4DC-7E6D4FCB6D66}) (Version: 1.39.0 - Kovid Goyal)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)

Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)

Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)

Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)

Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)

Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.4 - Fiat Group Automobiles)

Fiat eco:Drive (x32 Version: 2.0.4 - Fiat Group Automobiles) Hidden

FormPrinter (HKLM\...\{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1) (Version:  - )

FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)

Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden

Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)

Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)

Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)

Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)

Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)

Intel(R) PRO/Wireless Driver (Version: 17.00.5000.1609 - Intel Corporation) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 17.0.5.0389 - Intel Corporation) Hidden

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

JRE 1.6.1 (HKLM-x32\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)

KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)

Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden

Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )

Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)

MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Multiecuscan (HKLM-x32\...\{3FF0D783-9D38-4EF3-A166-8810F8255102}) (Version: 1.9 - FES Soft Ltd.)

OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)

PDF-XChange Editor (HKLM-x32\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)

PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden

PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.0 - Tracker Software Products Ltd)

PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

revoSleep (HKLM\...\{B76E8F60-D517-44B1-BFCD-B6C153A60F1B}) (Version: 2.4.0 - Revo)

RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden

SpeedCrunch 0.11 (HKLM-x32\...\SpeedCrunch_is1) (Version:  - SpeedCrunch)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )

ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)

ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)

ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)

ToshibaEdit (remove only) (HKLM-x32\...\ToshibaEdit) (Version:  - )

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Watchtower Library 2013 - Deutsch (HKLM-x32\...\{61118DEB-78F1-4158-97ED-78A457550FE7}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.3 - Bazis)

WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{7A93FE76-D453-4192-BF66-EA4A362C8208}) (Version: 21.00.8480 - Buhl Data Service GmbH)

XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-210949329-1137805421-2219713098-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2014-10-07 18:00 - 00001397 _RASH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

212.47.195.163 www.google-analytics.com.

212.47.195.163 google-analytics.com.

212.47.195.163 connect.facebook.net.

198.37.114.178 www.google-analytics.com.

198.37.114.178 google-analytics.com.

198.37.114.178 connect.facebook.net.
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12377566-0DB0-4CD0-91B1-9E3117D720A6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {1B4EC79E-0F92-4039-908B-C1A991CAF0C8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {2F461201-E9ED-4C26-9EA6-595D92905F9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {424FE9BC-9C20-4B74-AC66-C29134A3BCB4} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)

Task: {570F0EDC-AF34-41A4-96FB-0FAF3CC8E9EB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)

Task: {6258E360-A15D-466B-8ACD-644EF7FE90DF} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)

Task: {6DF9AEE3-D169-4344-AA95-9963D7C82F0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {6FC73E08-E1E4-49AB-ABDE-120C3FF99902} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {8514C373-673D-4D84-BAC3-D7F7436A7D70} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()

Task: {859C9808-E134-4457-93CA-E90F41730786} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()

Task: {945B97C6-26A7-495D-85CC-D80F0EA9D493} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {AEE727B7-6D75-4319-98F4-6AA25CC221B5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-08-12 18:45 - 2010-08-12 18:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

2014-09-28 13:20 - 2014-09-28 13:20 - 03149312 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll

2014-10-08 15:27 - 2014-10-08 15:27 - 02500096 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

2014-03-01 16:50 - 2014-03-20 06:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL

2014-03-01 16:55 - 2010-10-26 11:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2014-03-01 16:58 - 2013-11-01 04:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2009-07-05 07:35 - 2009-07-05 07:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll

2009-07-05 07:35 - 2009-07-05 07:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd

2009-10-26 10:27 - 2009-10-26 10:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd

2009-10-26 10:25 - 2009-10-26 10:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd

2009-10-26 10:25 - 2009-10-26 10:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd

2010-03-16 14:05 - 2010-03-16 14:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd

2009-10-26 10:27 - 2009-10-26 10:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd

2009-10-26 10:25 - 2009-10-26 10:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd

2009-10-26 10:27 - 2009-10-26 10:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd

2010-05-05 14:44 - 2010-05-05 14:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd

2010-05-05 14:44 - 2010-05-05 14:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd

2010-05-05 14:44 - 2010-05-05 14:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd

2010-05-05 14:43 - 2010-05-05 14:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd

2009-07-06 05:16 - 2009-07-06 05:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd

2009-07-05 07:35 - 2009-07-05 07:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd

2014-09-05 16:33 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll

2014-09-05 16:33 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll

2014-10-08 15:27 - 2014-10-08 15:27 - 00043008 _____ () c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcuzgn.dll

2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll

2014-10-08 15:27 - 2014-10-08 15:27 - 00098816 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32api.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00110080 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\pywintypes27.dll

2014-10-08 15:27 - 2014-10-08 15:27 - 00364544 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\pythoncom27.dll

2014-10-08 15:27 - 2014-10-08 15:27 - 00045568 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_socket.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 01160704 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_ssl.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00320512 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32com.shell.shell.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00713216 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_hashlib.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 01175040 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._core_.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00805888 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._gdi_.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00811008 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._windows_.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 01062400 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._controls_.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00735232 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._misc_.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00128512 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_elementtree.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00127488 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\pyexpat.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00557056 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\pysqlite2._sqlite.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00007168 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\hashobjs_ext.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00087552 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_ctypes.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00119808 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32file.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00108544 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32security.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00018432 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32event.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00038912 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32inet.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00070656 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._html2.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00167936 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32gui.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00011264 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32crypt.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00027136 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\_multiprocessing.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00686080 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\unicodedata.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00122368 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._wizard.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00010240 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\select.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00024064 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32pipe.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00025600 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32pdh.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00525640 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\windows._lib_cacheinvalidation.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00035840 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32process.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00017408 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32profile.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00022528 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\win32ts.pyd

2014-10-08 15:27 - 2014-10-08 15:27 - 00078336 _____ () C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._animate.pyd

2014-09-05 16:33 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll

2014-09-05 16:33 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll

2014-09-05 16:33 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

2014-09-05 16:33 - 2014-08-30 04:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\*****\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=538db5d4975447d2a9a62bf56d1bf0f0-65744158e72ac1a9b4c517e74df96016fc54d066 /CMPID=0214c
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-210949329-1137805421-2219713098-500 - Administrator - Disabled)

Gast (S-1-5-21-210949329-1137805421-2219713098-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-210949329-1137805421-2219713098-1005 - Limited - Enabled)

Saal_2 (S-1-5-21-210949329-1137805421-2219713098-1006 - Limited - Enabled) => C:\Users\Saal_2

***** (S-1-5-21-210949329-1137805421-2219713098-1000 - Administrator - Enabled) => C:\Users\*****
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/08/2014 00:20:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/07/2014 08:07:31 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 

System errors:

=============

Error: (10/08/2014 03:29:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/07/2014 07:54:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-10-08 15:26:47.878

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-08 15:26:47.816

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 19:52:45.861

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 19:52:45.799

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:44:52.847

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:44:52.785

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:34:13.722

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:34:13.660

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:29:18.194

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-07 18:29:18.131

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ew_jubusenum.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz

Percentage of memory in use: 62%

Total physical RAM: 3871.21 MB

Available physical RAM: 1465.46 MB

Total Pagefile: 7740.6 MB

Available Pagefile: 4891.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:223.47 GB) (Free:146.49 GB) NTFS

Drive d: (Daten) (Fixed) (Total:298.09 GB) (Free:108.98 GB) NTFS

Drive f: () (Removable) (Total:29.1 GB) (Free:29.1 GB) FAT32

Drive g: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:462.94 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FCF63C69)

Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0DCAE01B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 29.1 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 3 (Size: 931.5 GB) (Disk ID: 61180157)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

GMER:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-10-08 15:41:56

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000076 Crucial_ rev.MU03 223,57GB

Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxldipow.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                 fffff80002fa8000 8 bytes [00, 00, 0D, 02, 4D, 6D, 43, ...]

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                                                                                                 fffff80002fa8010 29 bytes [90, 2D, DF, 04, A0, F8, FF, ...]
 

---- User code sections - GMER 2.1 ----
 

.text     C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2840] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                           0000000075931465 2 bytes [93, 75]

.text     C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2840] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                          00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2

.text     C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[5704] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                              0000000075931465 2 bytes [93, 75]

.text     C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[5704] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                             00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2

.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                              0000000075931465 2 bytes [93, 75]

.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                             00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2

.text     C:\Windows\SysWOW64\RunDll32.exe[6412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                     0000000075931465 2 bytes [93, 75]

.text     C:\Windows\SysWOW64\RunDll32.exe[6412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                    00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                               0000000075931465 2 bytes [93, 75]

.text     C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                              00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2

.text     C:\Users\*****\Downloads\Gmer-19357.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             0000000075931465 2 bytes [93, 75]

.text     C:\Users\*****\Downloads\Gmer-19357.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000759314bb 2 bytes [93, 75]

.text     ...                                                                                                                                                                                                                                * 2
 

---- Threads - GMER 2.1 ----
 

Thread    C:\Windows\SysWOW64\ntdll.dll [5644:5648]                                                                                                                                                                                          00000000015a4c42

Thread    C:\Windows\SysWOW64\ntdll.dll [5644:4408]                                                                                                                                                                                          000000005b54aea1

Thread    C:\Windows\SysWOW64\ntdll.dll [5644:2704]                                                                                                                                                                                          000000005ae2948f

Thread    C:\Windows\SysWOW64\ntdll.dll [5644:7016]                                                                                                                                                                                          000000005ae2948f

Thread    C:\Windows\SysWOW64\ntdll.dll [5644:6900]                                                                                                                                                                                          000000005ae2948f

---- Processes - GMER 2.1 ----
 

Library   C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4784] (Secure overlay library/Microsoft)(2014-09-28 11:20:57)                                                        000007feee4d0000

Library   C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4784](2014-10-08 13:27:08)                                                                                              000007feee260000

Library   C:\Users\*****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5704](2014-09-13 00:20:58)                                                            0000000003f40000

Library   c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcuzgn.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5704](2014-10-08 13:27:18)              00000000045c0000

Library   C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5704](2013-08-23 19:01:44)                                                                  0000000061990000

Library   C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5704] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                                    000000006d880000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (Python Core/Python Software Foundation)(2014-10-08 13:27:13)                      000000001e000000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                               000000001e8c0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                           000000001e7a0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                            0000000000280000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                                0000000000240000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                                   0000000010000000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                   000000001e800000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                               0000000002780000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                              0000000002f60000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:13)         0000000003090000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:14)     0000000000380000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:14)     0000000003280000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:14)      0000000003720000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                               0000000003960000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                           0000000003a30000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:14)     0000000000490000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                          0000000004560000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                              0000000004670000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                           000000001d100000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                                0000000000550000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                      0000000004340000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                           0000000000580000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                                000000001d1a0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                              000000001ea10000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                          000000001ec80000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                             000000001e9b0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                              000000001eaa0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                              00000000005a0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948] (wxWidgets for MSW/wxWidgets development team)(2014-10-08 13:27:14)  0000000003b00000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                               000000001ea40000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                             000000001e980000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                       0000000003b20000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                            00000000058c0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                             0000000005740000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                                 0000000005790000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                              000000001eb90000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:13)                                                               000000001eb60000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:11)                                                           000000001ebf0000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                           000000001ec20000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                                000000001ed40000

Library   C:\Users\*****\AppData\Local\Temp\_MEI16962\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5948](2014-10-08 13:27:12)                                                            00000000059f0000
 

---- Registry - GMER 2.1 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e58edda5                                                                                                                                                        

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e58edda5@c884470aa69b                                                                                                                                           0xAB 0x84 0x6B 0xCC ...

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e58edda5 (not active ControlSet)                                                                                                                                    

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e58edda5@c884470aa69b                                                                                                                                               0xAB 0x84 0x6B 0xCC ...
 

---- EOF - GMER 2.1 ----

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
vielen Dank für deine schnelle Antwort.
Hier der log des Combofixes:

Code:

ComboFix 14-10-04.01 - ***** 08.10.2014  17:12:26.3.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3871.2050 [GMT 2:00]

ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\*****\AppData\Local\Temp\_MEI44922\_ctypes.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\_elementtree.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\_hashlib.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\_multiprocessing.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\_socket.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\_ssl.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\hashobjs_ext.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\pyexpat.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\pysqlite2._sqlite.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\python27.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\pythoncom27.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\PyWinTypes27.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\select.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\unicodedata.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32api.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32com.shell.shell.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32crypt.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32event.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32file.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32gui.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32inet.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32pdh.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32pipe.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32process.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32profile.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32security.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\win32ts.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\windows._lib_cacheinvalidation.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._animate.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._controls_.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._core_.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._gdi_.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._html2.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._misc_.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._windows_.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wx._wizard.pyd

c:\users\*****\AppData\Local\Temp\_MEI44922\wxbase294u_net_vc90.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\wxbase294u_vc90.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\wxmsw294u_adv_vc90.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\wxmsw294u_core_vc90.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\wxmsw294u_html_vc90.dll

c:\users\*****\AppData\Local\Temp\_MEI44922\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-09-08 bis 2014-10-08  ))))))))))))))))))))))))))))))

.

.

2014-10-08 15:17 . 2014-10-08 15:17        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2608B7D4-FAB8-402E-A98F-63BB65AFD312}\offreg.dll

2014-10-08 15:16 . 2014-10-08 15:16        --------        d-----w-        c:\users\Saal_2\AppData\Local\temp

2014-10-08 15:16 . 2014-10-08 15:16        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-10-08 13:59 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2608B7D4-FAB8-402E-A98F-63BB65AFD312}\mpengine.dll

2014-10-08 13:33 . 2014-10-08 13:34        --------        d-----w-        C:\FRST

2014-10-08 13:27 . 2014-10-08 13:27        2500096        ----a-w-        c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll

2014-10-08 05:35 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-10-07 17:21 . 2014-10-07 17:53        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-07 17:20 . 2014-10-07 17:20        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-07 17:20 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-10-07 17:20 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-10-07 17:20 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-10-07 16:47 . 2014-10-07 16:47        --------        d-----w-        c:\windows\ERUNT

2014-10-06 18:29 . 2014-10-06 18:59        --------        d-----w-        C:\FTV

2014-10-06 18:23 . 2014-10-06 18:29        --------        d-----w-        c:\users\*****\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 15:04 . 2014-10-06 17:50        --------        d-----w-        c:\users\*****\AppData\Roaming\Veusdin

2014-10-02 13:30 . 2014-09-17 17:10        1188440        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9BC3BE4E-B987-4B59-8316-A19B18D39C6E}\gapaengine.dll

2014-09-28 11:22 . 2014-10-07 21:49        --------        d-----w-        c:\users\*****\AppData\Local\ATworks

2014-09-28 11:22 . 2014-09-28 11:23        --------        d-----w-        c:\users\*****\AppData\Local\UVmedia

2014-09-28 11:14 . 2014-09-28 11:14        --------        d-----w-        c:\program files\MPC-HC

2014-09-24 19:07 . 2014-09-28 18:59        --------        d-----w-        c:\users\*****\AppData\Roaming\XBMC

2014-09-24 19:06 . 2014-09-24 19:12        --------        d-----w-        c:\program files (x86)\XBMC

2014-09-20 12:12 . 2014-09-20 12:12        --------        d-----w-        c:\program files\FormPrinter

2014-09-14 13:28 . 2014-08-18 23:01        23591424        ----a-w-        c:\windows\system32\mshtml.dll

2014-09-14 11:24 . 2014-09-14 11:24        --------        d-----w-        c:\windows\Hewlett-Packard

2014-09-14 11:19 . 2014-09-14 11:19        --------        d-----w-        c:\programdata\Malwarebytes

2014-09-14 11:14 . 2014-09-14 11:14        --------        d-----w-        c:\users\*****\AppData\Roaming\Program Files (x86)

2014-09-14 10:52 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-09-14 10:52 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-09-14 10:52 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-09-14 10:52 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-09-14 10:52 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-09-12 09:43 . 2014-09-12 09:43        227728        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2014-09-09 17:32 . 2014-09-09 17:33        --------        d-----w-        c:\programdata\13208b219e95daaa

2014-09-09 17:32 . 2014-09-09 17:32        --------        d-----w-        c:\users\*****\AppData\Local\Comodo

2014-09-09 17:32 . 2014-09-09 17:32        --------        d-----w-        c:\users\Saal_2\AppData\Local\Comodo

2014-09-09 17:32 . 2014-09-09 17:32        --------        d-----w-        c:\users\HomeGroupUser$

2014-09-09 17:32 . 2014-09-09 17:32        --------        d-----w-        c:\users\Gast

2014-09-09 17:32 . 2014-09-09 17:32        --------        d-----w-        c:\users\Administrator

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-22 06:42 . 2014-03-01 13:54        278152        ------w-        c:\windows\system32\MpSigStub.exe

2014-09-17 17:10 . 2014-03-06 21:11        1188440        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-09-14 13:24 . 2014-03-02 08:39        101694776        ----a-w-        c:\windows\system32\MRT.exe

2014-08-23 02:07 . 2014-08-28 14:20        404480        ----a-w-        c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 14:20        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2014-08-23 00:59 . 2014-08-28 14:20        3163648        ----a-w-        c:\windows\system32\win32k.sys

2014-08-20 11:25 . 2014-08-20 11:25        146        ----a-w-        c:\windows\launchpw.cmd

2014-08-20 11:25 . 2014-08-20 11:25        1577        ----a-w-        c:\windows\Delfg.cmd

2014-08-17 17:41 . 2012-11-12 12:54        65688        ----a-w-        c:\windows\system32\drivers\rockusb.sys

2014-08-14 04:14 . 2014-08-14 04:14        216448        ----a-w-        c:\windows\SysWow64\drivers\FcSerial.sys

2014-08-06 08:50 . 2014-08-06 08:50        123672        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys

2014-08-04 18:57 . 2014-08-04 18:57        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll

2014-07-21 19:03 . 2014-07-21 19:03        244504        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys

2014-07-17 16:05 . 2014-07-17 16:05        269008        ----a-w-        c:\windows\system32\drivers\MpFilter.sys

2014-07-17 16:05 . 2013-09-27 08:53        125584        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys

2014-07-16 03:23 . 2014-08-13 13:55        2048        ----a-w-        c:\windows\system32\tzres.dll

2014-07-16 02:46 . 2014-08-13 13:55        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2014-07-14 02:02 . 2014-08-13 13:55        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll

2014-07-14 01:40 . 2014-08-13 13:55        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        131480        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]

"GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-30 852808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-20 6390104]

"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-17 113656]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-04-23 2548248]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]

.

c:\users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Google Chrome.lnk - c:\program files (x86)\Google\Chrome\Application\chrome.exe [2014-3-1 852808]

.

c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-5-14 1395416]

WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-5-10 1430320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

.

R1 arfbwqdh;arfbwqdh;c:\windows\system32\drivers\arfbwqdh.sys;c:\windows\SYSNATIVE\drivers\arfbwqdh.sys [x]

R1 camvqqvf;camvqqvf;c:\windows\system32\drivers\camvqqvf.sys;c:\windows\SYSNATIVE\drivers\camvqqvf.sys [x]

R1 cgiysjzx;cgiysjzx;c:\windows\system32\drivers\cgiysjzx.sys;c:\windows\SYSNATIVE\drivers\cgiysjzx.sys [x]

R1 crbklzbk;crbklzbk;c:\windows\system32\drivers\crbklzbk.sys;c:\windows\SYSNATIVE\drivers\crbklzbk.sys [x]

R1 csdgjtlz;csdgjtlz;c:\windows\system32\drivers\csdgjtlz.sys;c:\windows\SYSNATIVE\drivers\csdgjtlz.sys [x]

R1 dofgpqgb;dofgpqgb;c:\windows\system32\drivers\dofgpqgb.sys;c:\windows\SYSNATIVE\drivers\dofgpqgb.sys [x]

R1 dycnyyuq;dycnyyuq;c:\windows\system32\drivers\dycnyyuq.sys;c:\windows\SYSNATIVE\drivers\dycnyyuq.sys [x]

R1 edlsjeqg;edlsjeqg;c:\windows\system32\drivers\edlsjeqg.sys;c:\windows\SYSNATIVE\drivers\edlsjeqg.sys [x]

R1 etgqpixz;etgqpixz;c:\windows\system32\drivers\etgqpixz.sys;c:\windows\SYSNATIVE\drivers\etgqpixz.sys [x]

R1 fkfpxnhh;fkfpxnhh;c:\windows\system32\drivers\fkfpxnhh.sys;c:\windows\SYSNATIVE\drivers\fkfpxnhh.sys [x]

R1 fqyymmff;fqyymmff;c:\windows\system32\drivers\fqyymmff.sys;c:\windows\SYSNATIVE\drivers\fqyymmff.sys [x]

R1 gsdtcoeo;gsdtcoeo;c:\windows\system32\drivers\gsdtcoeo.sys;c:\windows\SYSNATIVE\drivers\gsdtcoeo.sys [x]

R1 iuqcvcgn;iuqcvcgn;c:\windows\system32\drivers\iuqcvcgn.sys;c:\windows\SYSNATIVE\drivers\iuqcvcgn.sys [x]

R1 jwgfusfq;jwgfusfq;c:\windows\system32\drivers\jwgfusfq.sys;c:\windows\SYSNATIVE\drivers\jwgfusfq.sys [x]

R1 lkidqtbj;lkidqtbj;c:\windows\system32\drivers\lkidqtbj.sys;c:\windows\SYSNATIVE\drivers\lkidqtbj.sys [x]

R1 luxsoypz;luxsoypz;c:\windows\system32\drivers\luxsoypz.sys;c:\windows\SYSNATIVE\drivers\luxsoypz.sys [x]

R1 mgvmetif;mgvmetif;c:\windows\system32\drivers\mgvmetif.sys;c:\windows\SYSNATIVE\drivers\mgvmetif.sys [x]

R1 mnjbezcu;mnjbezcu;c:\windows\system32\drivers\mnjbezcu.sys;c:\windows\SYSNATIVE\drivers\mnjbezcu.sys [x]

R1 nmtieyvf;nmtieyvf;c:\windows\system32\drivers\nmtieyvf.sys;c:\windows\SYSNATIVE\drivers\nmtieyvf.sys [x]

R1 ogjaukqp;ogjaukqp;c:\windows\system32\drivers\ogjaukqp.sys;c:\windows\SYSNATIVE\drivers\ogjaukqp.sys [x]

R1 onvpkmle;onvpkmle;c:\windows\system32\drivers\onvpkmle.sys;c:\windows\SYSNATIVE\drivers\onvpkmle.sys [x]

R1 oqbclhjc;oqbclhjc;c:\windows\system32\drivers\oqbclhjc.sys;c:\windows\SYSNATIVE\drivers\oqbclhjc.sys [x]

R1 ozyspljp;ozyspljp;c:\windows\system32\drivers\ozyspljp.sys;c:\windows\SYSNATIVE\drivers\ozyspljp.sys [x]

R1 pymmbndk;pymmbndk;c:\windows\system32\drivers\pymmbndk.sys;c:\windows\SYSNATIVE\drivers\pymmbndk.sys [x]

R1 raqrwwst;raqrwwst;c:\windows\system32\drivers\raqrwwst.sys;c:\windows\SYSNATIVE\drivers\raqrwwst.sys [x]

R1 rdbgatpi;rdbgatpi;c:\windows\system32\drivers\rdbgatpi.sys;c:\windows\SYSNATIVE\drivers\rdbgatpi.sys [x]

R1 ryjgvosc;ryjgvosc;c:\windows\system32\drivers\ryjgvosc.sys;c:\windows\SYSNATIVE\drivers\ryjgvosc.sys [x]

R1 satfowqq;satfowqq;c:\windows\system32\drivers\satfowqq.sys;c:\windows\SYSNATIVE\drivers\satfowqq.sys [x]

R1 tguahlfs;tguahlfs;c:\windows\system32\drivers\tguahlfs.sys;c:\windows\SYSNATIVE\drivers\tguahlfs.sys [x]

R1 ujbtaprf;ujbtaprf;c:\windows\system32\drivers\ujbtaprf.sys;c:\windows\SYSNATIVE\drivers\ujbtaprf.sys [x]

R1 vndgunpt;vndgunpt;c:\windows\system32\drivers\vndgunpt.sys;c:\windows\SYSNATIVE\drivers\vndgunpt.sys [x]

R1 vprixfyj;vprixfyj;c:\windows\system32\drivers\vprixfyj.sys;c:\windows\SYSNATIVE\drivers\vprixfyj.sys [x]

R1 wikznept;wikznept;c:\windows\system32\drivers\wikznept.sys;c:\windows\SYSNATIVE\drivers\wikznept.sys [x]

R1 yipyyguc;yipyyguc;c:\windows\system32\drivers\yipyyguc.sys;c:\windows\SYSNATIVE\drivers\yipyyguc.sys [x]

R1 yjbatmlg;yjbatmlg;c:\windows\system32\drivers\yjbatmlg.sys;c:\windows\SYSNATIVE\drivers\yjbatmlg.sys [x]

R1 yqysouog;yqysouog;c:\windows\system32\drivers\yqysouog.sys;c:\windows\SYSNATIVE\drivers\yqysouog.sys [x]

R1 zbjegjjy;zbjegjjy;c:\windows\system32\drivers\zbjegjjy.sys;c:\windows\SYSNATIVE\drivers\zbjegjjy.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

R3 auusb;Auerswald ISDN USB Driver;c:\windows\system32\DRIVERS\auusb.sys;c:\windows\SYSNATIVE\DRIVERS\auusb.sys [x]

R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]

R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]

S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]

S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]

S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]

S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]

S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]

S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-09-05 14:31        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-08-30 c:\windows\Tasks\0814avUpdateInfo.job

- c:\programdata\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-30 16:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04        164760        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]

@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"

[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]

2014-09-28 11:20        3149312        ----a-w-        c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 08:34        777032        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 08:34        777032        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 08:34        777032        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 08:34        777032        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 08:34        777032        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-30 172016]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-30 399856]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-30 442352]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]

"PasswordManager"="c:\program files\Lenovo\Password Manager\password_manager.exe" [2014-06-23 1665824]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3

IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4

IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1

IE: Lesezeichen ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html

IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

TCP: Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-ATworks - c:\users\*****\AppData\Local\ATworks\mc_dv_proHD.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\SAsrv.exe

c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe

c:\progra~1\Lenovo\Zoom\TPSCREX.EXE

c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE

c:\program files (x86)\TeamViewer\Version9\tv_w32.exe

c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\ThinkPad\Utilities\SCHTASK.exe

c:\windows\SysWOW64\RunDll32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-10-08  17:18:45 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-10-08 15:18

.

Vor Suchlauf: 8 Verzeichnis(se), 157.060.472.832 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 156.819.648.512 Bytes frei

.

- - End Of File - - 4ADD61185D3BED37DAB2EE51DD8AC941

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke Schrauber,
ich habe alle Programme ausgeführt, logs anbei.
Nachdem ADwcleaner den Rechner neu gestartet hat, kam AVG mit einem Virenfund:

Code:

Identity Protection Erkennung

"Allgemeine Verhaltenserkennung, C:\PROGRAMDATA\MICROSOFT\SECURE\ICONS\TEMP\TMP6B4.EXE"        "Gesichert"        "09.10.2014, 15:50:14"        "Datei oder Verzeichnis"        ""

Die anderen Logs sehen alle gut aus, aber wegen des Funds von AVG bin ich mir unsicher, ob noch etwas da ist.

Hier die anderen Logs:

Malwarebytes:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 09.10.2014

Scan Time: 15:35:50

Logfile: mbam.txt

Administrator: Yes
 

Version: 2.00.2.1012

Malware Database: v2014.10.09.05

Rootkit Database: v2014.10.08.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: *****
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 416014

Time Elapsed: 6 min, 38 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 0

(No malicious items detected)
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 0

(No malicious items detected)
 

Files: 0

(No malicious items detected)
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

Adwarecleaner:

Code:

# AdwCleaner v3.311 - Bericht erstellt am 09/10/2014 um 15:47:59

# Aktualisiert 30/09/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : ****** - HOMER

# Gestartet von : C:\Users\******\Desktop\AdwCleaner_3.311.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17280
 
 

-\\ Google Chrome v37.0.2062.103
 

[ Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [829 octets] - [09/10/2014 15:46:30]

AdwCleaner[S0].txt - [751 octets] - [09/10/2014 15:47:59]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [810 octets] ##########

Junkware Removal Tool:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.2 (10.09.2014:1)

OS: Windows 7 Professional x64

Ran by ***** on 09.10.2014 at 15:54:41,83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09.10.2014 at 15:58:02,99

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01

Ran by ******* (administrator) on HOMER on 09-10-2014 16:00:44

Running from C:\Users\*******\Downloads

Loaded Profile: ******* (Available profiles: ******* & Saal_2)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

Startup: C:\Users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk

ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-08-20]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.de/

CHR DefaultSearchKeyword: Default -> 9EBFA32934A79B33AFADFE1FE72A1DEE0235DC647285FF5BD0630C39E9CEE7A6

CHR DefaultSearchURL: Default -> DF1094A862136371041EF75098A471342A563B3CDC64F9963B331EE409C08C3B

CHR Profile: C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]

CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]

CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]

CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]

CHR Extension: (Media Hint) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-09-28]

CHR Extension: (Excel Online) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-04-17]

CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                         )

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [105984 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [30720 2013-01-23] (Huawei Technologies Co., Ltd.) [File not signed]

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-09] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2014-08-17] (Fuzhou Rockchip Electronics Co,Ltd.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)

S1 arfbwqdh; \??\C:\Windows\system32\drivers\arfbwqdh.sys [X]

S1 camvqqvf; \??\C:\Windows\system32\drivers\camvqqvf.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-09 16:00 - 2014-10-09 16:01 - 00024971 _____ () C:\Users\*******\Downloads\FRST.txt

2014-10-09 15:53 - 2014-10-09 15:53 - 01705755 _____ (Thisisu) C:\Users\*******\Desktop\JRT.exe

2014-10-09 15:45 - 2014-10-09 15:48 - 00000000 ____D () C:\AdwCleaner

2014-10-09 15:45 - 2014-10-09 15:45 - 01375089 _____ () C:\Users\*******\Desktop\AdwCleaner_3.311.exe

2014-10-08 17:18 - 2014-10-08 17:25 - 00040374 _____ () C:\ComboFix.txt

2014-10-08 17:11 - 2014-10-08 17:18 - 00000000 ____D () C:\Qoobox

2014-10-08 16:32 - 2014-10-08 17:17 - 00000000 ____D () C:\Windows\erdnt

2014-10-08 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-08 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-08 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-08 16:31 - 2014-10-08 16:31 - 05582481 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe

2014-10-08 15:36 - 2014-10-08 15:36 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe

2014-10-08 15:33 - 2014-10-09 16:00 - 00000000 ____D () C:\FRST

2014-10-08 15:33 - 2014-10-08 15:33 - 02109952 _____ (Farbar) C:\Users\*******\Downloads\FRST64.exe

2014-10-08 15:32 - 2014-10-08 15:32 - 00000474 _____ () C:\Users\*******\Downloads\defogger_disable.log

2014-10-08 15:32 - 2014-10-08 15:32 - 00000000 _____ () C:\Users\*******\defogger_reenable

2014-10-08 15:31 - 2014-10-08 15:31 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe

2014-10-07 20:06 - 2014-10-07 20:06 - 02347384 _____ (ESET) C:\Users\*******\Downloads\esetsmartinstaller_deu.exe

2014-10-07 19:21 - 2014-10-09 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-07 19:20 - 2014-10-07 19:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.2.1012.exe

2014-10-07 19:20 - 2014-10-07 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-07 19:20 - 2014-10-07 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-07 19:20 - 2014-10-07 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-07 19:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-07 19:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-07 19:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-07 18:47 - 2014-10-07 18:47 - 00000000 ____D () C:\Windows\ERUNT

2014-10-06 20:29 - 2014-10-06 20:59 - 00000000 ____D () C:\FTV

2014-10-06 20:23 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\*******\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 17:04 - 2014-10-06 19:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Veusdin

2014-09-30 20:25 - 2014-09-30 20:26 - 153796568 _____ (AVG Technologies) C:\Users\*******\Downloads\avg_free_x86_all_2015_5315a8160.exe

2014-09-28 17:51 - 2014-09-28 17:51 - 00000213 _____ () C:\Users\*******\.swfinfo

2014-09-28 13:25 - 2014-10-09 15:52 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-28 13:22 - 2014-10-07 23:49 - 00000000 ____D () C:\Users\*******\AppData\Local\ATworks

2014-09-28 13:22 - 2014-09-28 13:23 - 00000000 ____D () C:\Users\*******\AppData\Local\UVmedia

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\Program Files\MPC-HC

2014-09-24 21:11 - 2014-09-24 21:12 - 63850156 _____ () C:\Users\*******\Downloads\xbmc-13.2-Gotham.exe

2014-09-24 21:09 - 2014-09-24 21:09 - 01609767 _____ () C:\Users\*******\Downloads\plugin.video.streamzto-0.2.6.zip

2014-09-24 21:07 - 2014-09-28 20:59 - 00000000 ____D () C:\Users\*******\AppData\Roaming\XBMC

2014-09-24 21:07 - 2014-09-24 21:08 - 08046503 _____ () C:\Users\*******\Downloads\script.streamztv-0.0.6alpha.zip

2014-09-24 21:07 - 2014-09-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC

2014-09-24 21:06 - 2014-09-24 21:12 - 00000000 ____D () C:\Program Files (x86)\XBMC

2014-09-24 21:05 - 2014-09-24 21:05 - 59604731 _____ () C:\Users\*******\Downloads\xbmc-12.3.exe

2014-09-20 15:08 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FormPrinter

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\Program Files\FormPrinter

2014-09-20 14:09 - 2014-09-20 14:09 - 02312498 _____ ( ) C:\Users\*******\Downloads\FormPrinter_Free_Setup.exe

2014-09-14 15:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 15:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 15:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 15:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 15:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 15:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 15:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 15:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-14 15:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 15:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 15:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 15:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-14 15:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-14 15:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 15:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 15:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-14 15:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-09-14 13:19 - 2014-09-14 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 12:52 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 12:52 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 12:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-09 20:27 - 2014-09-09 20:27 - 113694849 _____ () C:\Users\*******\Downloads\G I R L - Pharrell Williams.zip

2014-09-09 19:32 - 2014-09-09 19:33 - 00000000 ____D () C:\ProgramData\13208b219e95daaa

2014-09-09 19:32 - 2014-09-09 19:32 - 00000442 __RSH () C:\ProgramData\ntuser.pol

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\*******\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Saal_2\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Gast

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-09-09 19:32 - 2014-09-09 19:32 - 00000000 ____D () C:\Users\Administrator
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-09 16:00 - 2014-03-01 15:21 - 01944890 _____ () C:\Windows\WindowsUpdate.log

2014-10-09 15:59 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-09 15:59 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-09 15:58 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat

2014-10-09 15:58 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat

2014-10-09 15:58 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-09 15:52 - 2014-03-02 20:37 - 00000000 ___RD () C:\Users\*******\Dropbox

2014-10-09 15:52 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox

2014-10-09 15:52 - 2014-03-02 20:21 - 00000000 ___RD () C:\Users\*******\Google Drive

2014-10-09 15:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-09 15:51 - 2009-07-14 06:51 - 00093487 _____ () C:\Windows\setupact.log

2014-10-09 15:49 - 2014-03-01 15:43 - 00026118 _____ () C:\Windows\PFRO.log

2014-10-09 15:39 - 2014-03-01 16:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-08 20:10 - 2014-03-03 19:19 - 00000000 ____D () C:\Users\*******\.freemind

2014-10-08 17:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-10-08 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-08 15:32 - 2014-03-01 15:21 - 00000000 ____D () C:\Users\*******

2014-10-08 07:35 - 2014-03-02 22:02 - 00000000 ____D () C:\Users\*******\AppData\Roaming\KeePass

2014-10-05 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-10-05 16:18 - 2014-03-03 21:30 - 00053028 _____ () C:\QcOSD.txt

2014-10-04 08:54 - 2014-03-07 19:47 - 00000000 ____D () C:\Users\*******\Downloads\HDDScan-3.3

2014-10-03 00:53 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2

2014-10-03 00:53 - 2014-03-01 16:40 - 00000000 ____D () C:\ProgramData\lenovo

2014-10-03 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-10-02 20:10 - 2014-03-02 21:18 - 00007609 _____ () C:\Users\*******\AppData\Local\resmon.resmoncfg

2014-09-28 13:23 - 2014-03-02 08:11 - 00000000 ____D () C:\Users\*******\AppData\Roaming\uTorrent

2014-09-23 18:32 - 2014-03-01 16:40 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-09-22 08:42 - 2014-03-01 15:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 13:30 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-19 15:26 - 2014-05-03 10:33 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Audacity

2014-09-17 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-17 19:01 - 2014-03-02 16:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 16:21 - 2014-03-02 17:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-14 15:28 - 2014-03-01 15:48 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 15:27 - 2014-03-02 10:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 15:24 - 2014-03-02 10:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-14 13:30 - 2014-03-01 16:38 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\*******\AppData\Roaming\HpUpdate

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-09-14 13:14 - 2014-03-29 16:28 - 00049802 _____ () C:\Windows\ZTEInstallInfo.log

2014-09-14 13:14 - 2014-03-29 16:28 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB

2014-09-14 13:14 - 2014-03-01 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-10 18:03 - 2014-03-02 19:11 - 00000000 ____D () C:\Users\*******\Documents\Jasmin

2014-09-09 20:56 - 2014-03-13 19:12 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Mp3tag

2014-09-09 19:32 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2\AppData\Local\Google

2014-09-09 19:32 - 2014-03-01 16:43 - 00000000 ____D () C:\Users\*******\AppData\Local\Google

2014-09-09 19:32 - 2014-03-01 16:43 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-09 19:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-09 19:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 

Some content of TEMP:

====================

C:\Users\*******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplapf91.dll

C:\Users\*******\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-06 20:10
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo,
leider zeigt AVG immernoch Viruswarnungen an :balla:

Hier die logs:

Eset:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=8278609c30597540a213b10cdd61e49f

# engine=20541

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-10-10 10:30:51

# local_time=2014-10-11 12:30:51 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='AVG AntiVirus Free Edition 2014'

# compatibility_mode=1051 16777213 100 98 118386 100114235 0 0

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 2278975 35960645 0 0

# scanned=299881

# found=12

# cleaned=0

# scan_time=15478

sh=6B59C16B5BF54985ABD36DFF9AC2593D22D220B9 ft=1 fh=c71c00117decc4da vn="Variante von Win64/Sathurbot.A Trojaner" ac=I fn="C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll"

sh=756CFFE46BDEC95BB2E8BA9F9FCD9BBC0148D180 ft=1 fh=2a5e316bd00e295c vn="Variante von Win32/Kryptik.CNEQ Trojaner" ac=I fn="C:\ProgramData\Microsoft\Secure\Icons\temp\tmp89E7.exe"

sh=6B59C16B5BF54985ABD36DFF9AC2593D22D220B9 ft=1 fh=c71c00117decc4da vn="Variante von Win64/Sathurbot.A Trojaner" ac=I fn="C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll"

sh=756CFFE46BDEC95BB2E8BA9F9FCD9BBC0148D180 ft=1 fh=2a5e316bd00e295c vn="Variante von Win32/Kryptik.CNEQ Trojaner" ac=I fn="C:\Users\All Users\Microsoft\Secure\Icons\temp\tmp89E7.exe"

sh=B309FB2D268EB547A1412E1A541E146140399FF4 ft=1 fh=2f1278be69544658 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\ATworks\CNHL730S.DLL"

sh=A2FB89A67932FF77541B61ECBD39D3934E5D61C1 ft=1 fh=5164bfde1779337a vn="Variante von Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T04G95OV\installer_adobe_flash_player_German[2].exe"

sh=9ACF8A50D9284ED22A5D41D5AFF46422AAA36C43 ft=1 fh=cad425a988b560a5 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\UVmedia\EP0NO001.DLL"

sh=1F0F0225A75862A77467CF78063E34A07A04570E ft=1 fh=4c1d4c18210df6e6 vn="Variante von Win32/Kryptik.CNEK Trojaner" ac=I fn="C:\Users\******\AppData\Roaming\Irrybau\ymidil.exe"

sh=18F4E744BE4C9FCF999928AEA2086855DF25B9FF ft=1 fh=c6d586143217eda0 vn="Variante von Win64/Asterope.A Trojaner" ac=I fn="C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

sh=1F0F0225A75862A77467CF78063E34A07A04570E ft=1 fh=4c1d4c18210df6e6 vn="Variante von Win32/Kryptik.CNEK Trojaner" ac=I fn="C:\Windows\System32\wadizoku.exe"

sh=1F0F0225A75862A77467CF78063E34A07A04570E ft=1 fh=4c1d4c18210df6e6 vn="Variante von Win32/Kryptik.CNEK Trojaner" ac=I fn="C:\Windows\SysWOW64\wadizoku.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="${Memory}"

SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials     

AVG AntiVirus Free Edition 2014   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 67  

 Adobe Reader XI  

 Google Chrome 36.0.1985.143  

 Google Chrome 37.0.2062.103  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 AVG avgwdsvc.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01

Ran by ****** (administrator) on HOMER on 11-10-2014 07:02:12

Running from C:\Users\******\Desktop

Loaded Profile: ****** (Available profiles: ****** & Saal_2)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)

HKLM\...\Run: [Xukyxedoi] => "C:\Users\******\AppData\Roaming\Irrybau\ymidil.exe"

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [Evtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\******\AppData\Local\UVmedia\EP0NO001.DLL

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [ATworks] => regsvr32.exe C:\Users\******\AppData\Local\ATworks\CNHL730S.DLL <===== ATTENTION

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\RunOnce: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Policies\Explorer: [Run] "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Command Processor: "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe" <===== ATTENTION!

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

Startup: C:\Users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk

ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk

ShortcutTarget: bootcfg.lnk -> C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe (No File)

Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-08-20]
 

Chrome: 

=======

CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]

CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]

CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]

CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]

CHR Extension: (Media Hint) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-09-28]

CHR Extension: (Excel Online) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-04-17]

CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                         )

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [105984 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [30720 2013-01-23] (Huawei Technologies Co., Ltd.) [File not signed]

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2014-08-17] (Fuzhou Rockchip Electronics Co,Ltd.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)

S1 arfbwqdh; \??\C:\Windows\system32\drivers\arfbwqdh.sys [X]

S1 camvqqvf; \??\C:\Windows\system32\drivers\camvqqvf.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-11 07:02 - 2014-10-11 07:02 - 00026940 _____ () C:\Users\******\Desktop\FRST.txt

2014-10-11 07:01 - 2014-10-11 07:01 - 02109952 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe

2014-10-11 06:46 - 2014-10-11 06:46 - 00854417 _____ () C:\Users\******\Desktop\SecurityCheck.exe

2014-10-10 20:09 - 2014-10-11 06:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-10 20:09 - 2014-10-10 20:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-10 20:09 - 2014-10-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-10 20:09 - 2014-10-10 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\system32\Macromed

2014-10-10 19:38 - 2014-10-11 07:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 3659286796.job

2014-10-10 19:38 - 2014-10-11 06:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\Irrybau

2014-10-10 19:38 - 2014-10-10 19:38 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 3659286796

2014-10-09 15:45 - 2014-10-09 15:48 - 00000000 ____D () C:\AdwCleaner

2014-10-08 17:18 - 2014-10-08 17:25 - 00040374 _____ () C:\ComboFix.txt

2014-10-08 17:11 - 2014-10-08 17:18 - 00000000 ____D () C:\Qoobox

2014-10-08 16:32 - 2014-10-08 17:17 - 00000000 ____D () C:\Windows\erdnt

2014-10-08 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-08 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-08 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-08 15:33 - 2014-10-11 07:02 - 00000000 ____D () C:\FRST

2014-10-08 15:32 - 2014-10-08 15:32 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log

2014-10-08 15:32 - 2014-10-08 15:32 - 00000000 _____ () C:\Users\******\defogger_reenable

2014-10-08 15:31 - 2014-10-08 15:31 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe

2014-10-07 18:47 - 2014-10-07 18:47 - 00000000 ____D () C:\Windows\ERUNT

2014-10-06 20:29 - 2014-10-06 20:59 - 00000000 ____D () C:\FTV

2014-10-06 20:23 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\******\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 17:04 - 2014-10-06 19:50 - 00000000 ____D () C:\Users\******\AppData\Roaming\Veusdin

2014-09-30 20:25 - 2014-09-30 20:26 - 153796568 _____ (AVG Technologies) C:\Users\******\Downloads\avg_free_x86_all_2015_5315a8160.exe

2014-09-28 17:51 - 2014-09-28 17:51 - 00000213 _____ () C:\Users\******\.swfinfo

2014-09-28 13:25 - 2014-10-10 19:53 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\******\AppData\Local\UVmedia

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\******\AppData\Local\ATworks

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\Program Files\MPC-HC

2014-09-24 21:11 - 2014-09-24 21:12 - 63850156 _____ () C:\Users\******\Downloads\xbmc-13.2-Gotham.exe

2014-09-24 21:09 - 2014-09-24 21:09 - 01609767 _____ () C:\Users\******\Downloads\plugin.video.streamzto-0.2.6.zip

2014-09-24 21:07 - 2014-09-28 20:59 - 00000000 ____D () C:\Users\******\AppData\Roaming\XBMC

2014-09-24 21:07 - 2014-09-24 21:08 - 08046503 _____ () C:\Users\******\Downloads\script.streamztv-0.0.6alpha.zip

2014-09-24 21:07 - 2014-09-24 21:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC

2014-09-24 21:06 - 2014-09-24 21:12 - 00000000 ____D () C:\Program Files (x86)\XBMC

2014-09-24 21:05 - 2014-09-24 21:05 - 59604731 _____ () C:\Users\******\Downloads\xbmc-12.3.exe

2014-09-20 15:08 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FormPrinter

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\Program Files\FormPrinter

2014-09-20 14:09 - 2014-09-20 14:09 - 02312498 _____ ( ) C:\Users\******\Downloads\FormPrinter_Free_Setup.exe

2014-09-14 15:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 15:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 15:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 15:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 15:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 15:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 15:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 15:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-14 15:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 15:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 15:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 15:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-14 15:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-14 15:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 15:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 15:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-14 15:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-09-14 13:19 - 2014-09-14 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 12:52 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 12:52 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 12:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-11 03:00 - 2014-03-01 15:21 - 02056271 _____ () C:\Windows\WindowsUpdate.log

2014-10-10 23:26 - 2014-03-01 16:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-10 20:18 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat

2014-10-10 20:18 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat

2014-10-10 20:18 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-10 20:18 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-10 20:18 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-10 20:11 - 2014-03-02 20:37 - 00000000 ___RD () C:\Users\******\Dropbox

2014-10-10 20:11 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox

2014-10-10 20:11 - 2014-03-02 20:21 - 00000000 ___RD () C:\Users\******\Google Drive

2014-10-10 20:11 - 2014-03-01 15:43 - 00027334 _____ () C:\Windows\PFRO.log

2014-10-10 20:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-10 20:11 - 2009-07-14 06:51 - 00093711 _____ () C:\Windows\setupact.log

2014-10-09 16:39 - 2014-03-02 22:02 - 00000000 ____D () C:\Users\******\AppData\Roaming\KeePass

2014-10-08 20:10 - 2014-03-03 19:19 - 00000000 ____D () C:\Users\******\.freemind

2014-10-08 17:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-10-08 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-08 15:32 - 2014-03-01 15:21 - 00000000 ____D () C:\Users\******

2014-10-05 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-10-05 16:18 - 2014-03-03 21:30 - 00053028 _____ () C:\QcOSD.txt

2014-10-04 08:54 - 2014-03-07 19:47 - 00000000 ____D () C:\Users\******\Downloads\HDDScan-3.3

2014-10-03 00:53 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2

2014-10-03 00:53 - 2014-03-01 16:40 - 00000000 ____D () C:\ProgramData\lenovo

2014-10-03 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-10-02 20:10 - 2014-03-02 21:18 - 00007609 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg

2014-09-28 13:23 - 2014-03-02 08:11 - 00000000 ____D () C:\Users\******\AppData\Roaming\uTorrent

2014-09-23 18:32 - 2014-03-01 16:40 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-09-22 08:42 - 2014-03-01 15:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 13:30 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-19 15:26 - 2014-05-03 10:33 - 00000000 ____D () C:\Users\******\AppData\Roaming\Audacity

2014-09-17 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-17 19:01 - 2014-03-02 16:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 16:21 - 2014-03-02 17:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-14 15:28 - 2014-03-01 15:48 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 15:27 - 2014-03-02 10:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 15:24 - 2014-03-02 10:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-14 13:30 - 2014-03-01 16:38 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\HpUpdate

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-09-14 13:14 - 2014-03-29 16:28 - 00049802 _____ () C:\Windows\ZTEInstallInfo.log

2014-09-14 13:14 - 2014-03-29 16:28 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB

2014-09-14 13:14 - 2014-03-01 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 

Some content of TEMP:

====================

C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptz4klk.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-06 20:10
 

==================== End Of Log ============================

--- --- ---

Vielen Dank für deine Hilfe!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\ProgramData\Microsoft\Secure

C:\Users\******\AppData\Roaming\Irrybau

C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate

C:\Windows\System32\wadizoku.exe

C:\Windows\SysWOW64\wadizoku.exe

HKLM\...\Run: [Xukyxedoi] => "C:\Users\******\AppData\Roaming\Irrybau\ymidil.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [ATworks] => regsvr32.exe C:\Users\******\AppData\Local\ATworks\CNHL730S.DLL <===== ATTENTION

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\RunOnce: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Policies\Explorer: [Run] "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Command Processor: "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe" <===== ATTENTION!

Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk

ShortcutTarget: bootcfg.lnk -> C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe (No File)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

Hosts:

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Hallo,
ich musste den fix zwei Mal laufen lassen, weil ich beim ersten Mal vergessen hatte ****** durch meinen Windows-Accountnamen zu ersetzen.

fixlog 1:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01

Ran by ******** at 2014-10-11 23:52:45 Run:1

Running from C:\Users\********\Desktop

Loaded Profile: ******** (Available profiles: ******** & Saal_2)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\ProgramData\Microsoft\Secure

C:\Users\******\AppData\Roaming\Irrybau

C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate

C:\Windows\System32\wadizoku.exe

C:\Windows\SysWOW64\wadizoku.exe

HKLM\...\Run: [Xukyxedoi] => "C:\Users\******\AppData\Roaming\Irrybau\ymidil.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [ATworks] => regsvr32.exe C:\Users\******\AppData\Local\ATworks\CNHL730S.DLL <===== ATTENTION

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\RunOnce: [bootcfg] => "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Policies\Explorer: [Run] "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Command Processor: "C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe" <===== ATTENTION!

Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk

ShortcutTarget: bootcfg.lnk -> C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe (No File)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

Hosts:

Emptytemp:

         

*****************
 
 

"C:\ProgramData\Microsoft\Secure" directory move:
 

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.

Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp21A7.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4894.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6153.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6B4.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp89E7.exe => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp89E7.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9BE1.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9C80.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF1A0.tmp => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\temp\{4C49B2CD-463F-AA34-CCBD-AA5662765B1C} => Moved successfully.

C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.

Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.
 

"C:\Users\******\AppData\Roaming\Irrybau" => File/Directory not found.

"C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate" => File/Directory not found.

"C:\Windows\System32\wadizoku.exe" => File/Directory not found.

"C:\Windows\SysWOW64\wadizoku.exe" => File/Directory not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Xukyxedoi => value deleted successfully.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ATworks => value deleted successfully.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bootcfg => value deleted successfully.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\bootcfg => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.

C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk not found.

C:\Users\******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe not found.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}\\NameServer => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}\\NameServer => value deleted successfully.

cgiysjzx => Service deleted successfully.

crbklzbk => Service deleted successfully.

csdgjtlz => Service deleted successfully.

dofgpqgb => Service deleted successfully.

dycnyyuq => Service deleted successfully.

edlsjeqg => Service deleted successfully.

etgqpixz => Service deleted successfully.

fkfpxnhh => Service deleted successfully.

fqyymmff => Service deleted successfully.

gsdtcoeo => Service deleted successfully.

iuqcvcgn => Service deleted successfully.

jwgfusfq => Service deleted successfully.

lkidqtbj => Service deleted successfully.

luxsoypz => Service deleted successfully.

mgvmetif => Service deleted successfully.

mnjbezcu => Service deleted successfully.

nmtieyvf => Service deleted successfully.

ogjaukqp => Service deleted successfully.

onvpkmle => Service deleted successfully.

oqbclhjc => Service deleted successfully.

ozyspljp => Service deleted successfully.

pymmbndk => Service deleted successfully.

raqrwwst => Service deleted successfully.

rdbgatpi => Service deleted successfully.

ryjgvosc => Service deleted successfully.

satfowqq => Service deleted successfully.

tguahlfs => Service deleted successfully.

ujbtaprf => Service deleted successfully.

vndgunpt => Service deleted successfully.

vprixfyj => Service deleted successfully.

wikznept => Service deleted successfully.

yipyyguc => Service deleted successfully.

yjbatmlg => Service deleted successfully.

yqysouog => Service deleted successfully.

zbjegjjy => Service deleted successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 1.2 GB temporary data.
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-11 23:55:12)<=
 

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.

C:\ProgramData\Microsoft\Secure => Is moved successfully.
 

==== End of Fixlog ====

fixlog 2:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01

Ran by ******* at 2014-10-11 23:58:39 Run:2

Running from C:\Users\*******\Desktop

Loaded Profile: ******* (Available profiles: ******* & Saal_2)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\ProgramData\Microsoft\Secure

C:\Users\*******\AppData\Roaming\Irrybau

C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate

C:\Windows\System32\wadizoku.exe

C:\Windows\SysWOW64\wadizoku.exe

HKLM\...\Run: [Xukyxedoi] => "C:\Users\*******\AppData\Roaming\Irrybau\ymidil.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [ATworks] => regsvr32.exe C:\Users\*******\AppData\Local\ATworks\CNHL730S.DLL <===== ATTENTION

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [bootcfg] => "C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\RunOnce: [bootcfg] => "C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Policies\Explorer: [Run] "C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe"

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Command Processor: "C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe" <===== ATTENTION!

Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk

ShortcutTarget: bootcfg.lnk -> C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe (No File)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Tcpip\..\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

S1 cgiysjzx; \??\C:\Windows\system32\drivers\cgiysjzx.sys [X]

S1 crbklzbk; \??\C:\Windows\system32\drivers\crbklzbk.sys [X]

S1 csdgjtlz; \??\C:\Windows\system32\drivers\csdgjtlz.sys [X]

S1 dofgpqgb; \??\C:\Windows\system32\drivers\dofgpqgb.sys [X]

S1 dycnyyuq; \??\C:\Windows\system32\drivers\dycnyyuq.sys [X]

S1 edlsjeqg; \??\C:\Windows\system32\drivers\edlsjeqg.sys [X]

S1 etgqpixz; \??\C:\Windows\system32\drivers\etgqpixz.sys [X]

S1 fkfpxnhh; \??\C:\Windows\system32\drivers\fkfpxnhh.sys [X]

S1 fqyymmff; \??\C:\Windows\system32\drivers\fqyymmff.sys [X]

S1 gsdtcoeo; \??\C:\Windows\system32\drivers\gsdtcoeo.sys [X]

S1 iuqcvcgn; \??\C:\Windows\system32\drivers\iuqcvcgn.sys [X]

S1 jwgfusfq; \??\C:\Windows\system32\drivers\jwgfusfq.sys [X]

S1 lkidqtbj; \??\C:\Windows\system32\drivers\lkidqtbj.sys [X]

S1 luxsoypz; \??\C:\Windows\system32\drivers\luxsoypz.sys [X]

S1 mgvmetif; \??\C:\Windows\system32\drivers\mgvmetif.sys [X]

S1 mnjbezcu; \??\C:\Windows\system32\drivers\mnjbezcu.sys [X]

S1 nmtieyvf; \??\C:\Windows\system32\drivers\nmtieyvf.sys [X]

S1 ogjaukqp; \??\C:\Windows\system32\drivers\ogjaukqp.sys [X]

S1 onvpkmle; \??\C:\Windows\system32\drivers\onvpkmle.sys [X]

S1 oqbclhjc; \??\C:\Windows\system32\drivers\oqbclhjc.sys [X]

S1 ozyspljp; \??\C:\Windows\system32\drivers\ozyspljp.sys [X]

S1 pymmbndk; \??\C:\Windows\system32\drivers\pymmbndk.sys [X]

S1 raqrwwst; \??\C:\Windows\system32\drivers\raqrwwst.sys [X]

S1 rdbgatpi; \??\C:\Windows\system32\drivers\rdbgatpi.sys [X]

S1 ryjgvosc; \??\C:\Windows\system32\drivers\ryjgvosc.sys [X]

S1 satfowqq; \??\C:\Windows\system32\drivers\satfowqq.sys [X]

S1 tguahlfs; \??\C:\Windows\system32\drivers\tguahlfs.sys [X]

S1 ujbtaprf; \??\C:\Windows\system32\drivers\ujbtaprf.sys [X]

S1 vndgunpt; \??\C:\Windows\system32\drivers\vndgunpt.sys [X]

S1 vprixfyj; \??\C:\Windows\system32\drivers\vprixfyj.sys [X]

S1 wikznept; \??\C:\Windows\system32\drivers\wikznept.sys [X]

S1 yipyyguc; \??\C:\Windows\system32\drivers\yipyyguc.sys [X]

S1 yjbatmlg; \??\C:\Windows\system32\drivers\yjbatmlg.sys [X]

S1 yqysouog; \??\C:\Windows\system32\drivers\yqysouog.sys [X]

S1 zbjegjjy; \??\C:\Windows\system32\drivers\zbjegjjy.sys [X]

Hosts:

Emptytemp:

         

*****************
 

"C:\ProgramData\Microsoft\Secure" => File/Directory not found.

C:\Users\*******\AppData\Roaming\Irrybau => Moved successfully.

C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate => Moved successfully.

"C:\Windows\System32\wadizoku.exe" => File/Directory not found.

"C:\Windows\SysWOW64\wadizoku.exe" => File/Directory not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Xukyxedoi => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ATworks => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bootcfg => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\bootcfg => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => Value not found.

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\Software\Microsoft\Command Processor\\AutoRun => Value not found.

C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk => Moved successfully.

C:\Users\*******\AppData\Roaming\Microsoft\Windows\IEUpdate\bootcfg.exe not found.

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10D528C3-8BA2-4936-ABEF-8FE367F33462}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{270524F5-95C9-4F05-9209-140C6F142ACF}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59AD8773-367B-4F5B-86FF-4FAFC94F00CD}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E56D900-F8EA-4463-AF87-02615993FF41}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7234CFC1-00AD-4C0D-BB07-9172CA94234F}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9249EE51-50DC-464A-9FF3-9D49D9AF5D76}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ECEF730-CB7C-4463-83D2-DD66F76B809B}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A0D3C4AF-322E-4E44-B007-A6666274B290}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA3016DC-B318-4802-B590-A4E69C01F2AB}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B2AC3C8B-758E-4DEE-9011-8F6A8274E559}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3597B19-F365-48EC-975E-96FD643613FB}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C42DA61D-E9AC-4763-95D2-4DFDED8DFA6F}\\NameServer => Value not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DBA24878-EBE5-4077-A9F2-906F33B2A028}\\NameServer => Value not found.

cgiysjzx => Service not found.

crbklzbk => Service not found.

csdgjtlz => Service not found.

dofgpqgb => Service not found.

dycnyyuq => Service not found.

edlsjeqg => Service not found.

etgqpixz => Service not found.

fkfpxnhh => Service not found.

fqyymmff => Service not found.

gsdtcoeo => Service not found.

iuqcvcgn => Service not found.

jwgfusfq => Service not found.

lkidqtbj => Service not found.

luxsoypz => Service not found.

mgvmetif => Service not found.

mnjbezcu => Service not found.

nmtieyvf => Service not found.

ogjaukqp => Service not found.

onvpkmle => Service not found.

oqbclhjc => Service not found.

ozyspljp => Service not found.

pymmbndk => Service not found.

raqrwwst => Service not found.

rdbgatpi => Service not found.

ryjgvosc => Service not found.

satfowqq => Service not found.

tguahlfs => Service not found.

ujbtaprf => Service not found.

vndgunpt => Service not found.

vprixfyj => Service not found.

wikznept => Service not found.

yipyyguc => Service not found.

yjbatmlg => Service not found.

yqysouog => Service not found.

zbjegjjy => Service not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 34.4 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

frst:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01

Ran by ******** (administrator) on HOMER on 12-10-2014 00:02:09

Running from C:\Users\********\Desktop

Loaded Profile: ******** (Available profiles: ******** & Saal_2)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Dropbox, Inc.) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [Evtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\********\AppData\Local\UVmedia\EP0NO001.DLL

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

Startup: C:\Users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk

ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-08-20]
 

Chrome: 

=======

CHR Profile: C:\Users\********\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]

CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]

CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]

CHR Extension: (Google-Suche) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]

CHR Extension: (Media Hint) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-09-28]

CHR Extension: (Excel Online) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-04-17]

CHR Extension: (Google Wallet) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

CHR Extension: (Google Mail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                         )

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [105984 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [30720 2013-01-23] (Huawei Technologies Co., Ltd.) [File not signed]

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2014-08-17] (Fuzhou Rockchip Electronics Co,Ltd.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)

S1 arfbwqdh; \??\C:\Windows\system32\drivers\arfbwqdh.sys [X]

S1 camvqqvf; \??\C:\Windows\system32\drivers\camvqqvf.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-12 00:02 - 2014-10-12 00:02 - 00020612 _____ () C:\Users\********\Desktop\FRST.txt

2014-10-11 16:19 - 2014-10-11 16:16 - 00598016 _____ (Soft Inc) C:\Users\********\AppData\Roaming\7a3kUOCE.exe

2014-10-11 07:01 - 2014-10-11 07:01 - 02109952 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe

2014-10-10 20:09 - 2014-10-11 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-10 20:09 - 2014-10-10 20:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-10 20:09 - 2014-10-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-10 20:09 - 2014-10-10 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\system32\Macromed

2014-10-10 19:38 - 2014-10-11 16:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 3659286796.job

2014-10-10 19:38 - 2014-10-10 19:38 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 3659286796

2014-10-09 15:45 - 2014-10-09 15:48 - 00000000 ____D () C:\AdwCleaner

2014-10-08 17:18 - 2014-10-08 17:25 - 00040374 _____ () C:\ComboFix.txt

2014-10-08 17:11 - 2014-10-08 17:18 - 00000000 ____D () C:\Qoobox

2014-10-08 16:32 - 2014-10-08 17:17 - 00000000 ____D () C:\Windows\erdnt

2014-10-08 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-08 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-08 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-08 15:33 - 2014-10-12 00:02 - 00000000 ____D () C:\FRST

2014-10-08 15:32 - 2014-10-08 15:32 - 00000474 _____ () C:\Users\********\Downloads\defogger_disable.log

2014-10-08 15:32 - 2014-10-08 15:32 - 00000000 _____ () C:\Users\********\defogger_reenable

2014-10-08 15:31 - 2014-10-08 15:31 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe

2014-10-07 18:47 - 2014-10-07 18:47 - 00000000 ____D () C:\Windows\ERUNT

2014-10-06 20:29 - 2014-10-11 13:55 - 00000000 ____D () C:\FTV

2014-10-06 20:23 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\********\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 17:04 - 2014-10-06 19:50 - 00000000 ____D () C:\Users\********\AppData\Roaming\Veusdin

2014-09-30 20:25 - 2014-09-30 20:26 - 153796568 _____ (AVG Technologies) C:\Users\********\Downloads\avg_free_x86_all_2015_5315a8160.exe

2014-09-28 17:51 - 2014-09-28 17:51 - 00000213 _____ () C:\Users\********\.swfinfo

2014-09-28 13:25 - 2014-10-10 19:53 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\********\AppData\Local\UVmedia

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\********\AppData\Local\ATworks

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\Program Files\MPC-HC

2014-09-24 21:11 - 2014-09-24 21:12 - 63850156 _____ () C:\Users\********\Downloads\xbmc-13.2-Gotham.exe

2014-09-24 21:09 - 2014-09-24 21:09 - 01609767 _____ () C:\Users\********\Downloads\plugin.video.streamzto-0.2.6.zip

2014-09-24 21:07 - 2014-09-28 20:59 - 00000000 ____D () C:\Users\********\AppData\Roaming\XBMC

2014-09-24 21:07 - 2014-09-24 21:08 - 08046503 _____ () C:\Users\********\Downloads\script.streamztv-0.0.6alpha.zip

2014-09-24 21:07 - 2014-09-24 21:07 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC

2014-09-24 21:06 - 2014-09-24 21:12 - 00000000 ____D () C:\Program Files (x86)\XBMC

2014-09-24 21:05 - 2014-09-24 21:05 - 59604731 _____ () C:\Users\********\Downloads\xbmc-12.3.exe

2014-09-20 15:08 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FormPrinter

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\Program Files\FormPrinter

2014-09-20 14:09 - 2014-09-20 14:09 - 02312498 _____ ( ) C:\Users\********\Downloads\FormPrinter_Free_Setup.exe

2014-09-14 15:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 15:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 15:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 15:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 15:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 15:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 15:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 15:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-14 15:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 15:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 15:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 15:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-14 15:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-14 15:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 15:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 15:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-14 15:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-09-14 13:19 - 2014-09-14 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 12:52 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 12:52 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 12:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-12 00:00 - 2014-03-02 20:37 - 00000000 ___RD () C:\Users\********\Dropbox

2014-10-12 00:00 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\********\AppData\Roaming\Dropbox

2014-10-12 00:00 - 2014-03-02 20:21 - 00000000 ___RD () C:\Users\********\Google Drive

2014-10-12 00:00 - 2014-03-01 15:43 - 00063506 _____ () C:\Windows\PFRO.log

2014-10-12 00:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-12 00:00 - 2009-07-14 06:51 - 00093991 _____ () C:\Windows\setupact.log

2014-10-11 23:59 - 2014-03-01 15:21 - 01054886 _____ () C:\Windows\WindowsUpdate.log

2014-10-11 23:59 - 2009-07-14 19:58 - 00684314 _____ () C:\Windows\system32\perfh007.dat

2014-10-11 23:59 - 2009-07-14 19:58 - 00144478 _____ () C:\Windows\system32\perfc007.dat

2014-10-11 23:59 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-11 23:59 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-11 23:54 - 2014-09-09 19:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-10-11 23:52 - 2014-03-01 16:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-11 23:52 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-10-11 13:43 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-09 16:39 - 2014-03-02 22:02 - 00000000 ____D () C:\Users\********\AppData\Roaming\KeePass

2014-10-08 20:10 - 2014-03-03 19:19 - 00000000 ____D () C:\Users\********\.freemind

2014-10-08 17:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-10-08 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-08 15:32 - 2014-03-01 15:21 - 00000000 ____D () C:\Users\********

2014-10-05 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-10-05 16:18 - 2014-03-03 21:30 - 00053028 _____ () C:\QcOSD.txt

2014-10-04 08:54 - 2014-03-07 19:47 - 00000000 ____D () C:\Users\********\Downloads\HDDScan-3.3

2014-10-03 00:53 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2

2014-10-03 00:53 - 2014-03-01 16:40 - 00000000 ____D () C:\ProgramData\lenovo

2014-10-03 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-10-02 20:10 - 2014-03-02 21:18 - 00007609 _____ () C:\Users\********\AppData\Local\resmon.resmoncfg

2014-09-28 13:23 - 2014-03-02 08:11 - 00000000 ____D () C:\Users\********\AppData\Roaming\uTorrent

2014-09-23 18:32 - 2014-03-01 16:40 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-09-22 08:42 - 2014-03-01 15:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 13:30 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-19 15:26 - 2014-05-03 10:33 - 00000000 ____D () C:\Users\********\AppData\Roaming\Audacity

2014-09-17 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-17 19:01 - 2014-03-02 16:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 16:21 - 2014-03-02 17:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-14 15:28 - 2014-03-01 15:48 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 15:27 - 2014-03-02 10:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 15:24 - 2014-03-02 10:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-14 13:30 - 2014-03-01 16:38 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\********\AppData\Roaming\HpUpdate

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-09-14 13:14 - 2014-03-29 16:28 - 00049802 _____ () C:\Windows\ZTEInstallInfo.log

2014-09-14 13:14 - 2014-03-29 16:28 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB

2014-09-14 13:14 - 2014-03-01 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 

Some content of TEMP:

====================

C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf4vgql.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-06 20:10
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

2014-10-11 16:19 - 2014-10-11 16:16 - 00598016 _____ (Soft Inc) C:\Users\********\AppData\Roaming\7a3kUOCE.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte. Noch Probleme?

Hallo,
hier der fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01

Ran by ******* at 2014-10-12 15:21:34 Run:3

Running from C:\Users\*******\Desktop

Loaded Profile: ******* (Available profiles: ******* & Saal_2)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

2014-10-11 16:19 - 2014-10-11 16:16 - 00598016 _____ (Soft Inc) C:\Users\*******\AppData\Roaming\7a3kUOCE.exe

*****************
 

C:\Users\*******\AppData\Roaming\7a3kUOCE.exe => Moved successfully.
 

==== End of Fixlog ====

Und hier der FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01

Ran by ******* (administrator) on HOMER on 12-10-2014 15:22:03

Running from C:\Users\*******\Desktop

Loaded Profile: ******* (Available profiles: ******* & Saal_2)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Mozilla Foundation) C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\prism\openvpn-client.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\openvpn.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)

HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-210949329-1137805421-2219713098-1000\...\Run: [Evtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\*******\AppData\Local\UVmedia\EP0NO001.DLL

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

Startup: C:\Users\Saal_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk

ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension

FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-08-20]
 

Chrome: 

=======

CHR Profile: C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]

CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]

CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]

CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]

CHR Extension: (Media Hint) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-09-28]

CHR Extension: (Excel Online) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-04-17]

CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                         )

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [105984 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-02-26] (Huawei Technologies Co., Ltd.) [File not signed]

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [30720 2013-01-23] (Huawei Technologies Co., Ltd.) [File not signed]

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2014-08-17] (Fuzhou Rockchip Electronics Co,Ltd.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)

S1 arfbwqdh; \??\C:\Windows\system32\drivers\arfbwqdh.sys [X]

S1 camvqqvf; \??\C:\Windows\system32\drivers\camvqqvf.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-12 15:22 - 2014-10-12 15:22 - 00020551 _____ () C:\Users\*******\Desktop\FRST.txt

2014-10-12 15:09 - 2014-10-12 15:09 - 02536151 _____ (Dominik Reichl ) C:\Users\*******\Downloads\KeePass-2.28-Setup.exe

2014-10-11 07:01 - 2014-10-11 07:01 - 02109952 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe

2014-10-10 20:09 - 2014-10-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-10 20:09 - 2014-10-10 20:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-10 20:09 - 2014-10-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-10 20:09 - 2014-10-10 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-10-10 20:09 - 2014-10-10 20:09 - 00000000 ____D () C:\Windows\system32\Macromed

2014-10-10 19:38 - 2014-10-11 16:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 3659286796.job

2014-10-10 19:38 - 2014-10-10 19:38 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 3659286796

2014-10-09 15:45 - 2014-10-09 15:48 - 00000000 ____D () C:\AdwCleaner

2014-10-08 17:18 - 2014-10-08 17:25 - 00040374 _____ () C:\ComboFix.txt

2014-10-08 17:11 - 2014-10-08 17:18 - 00000000 ____D () C:\Qoobox

2014-10-08 16:32 - 2014-10-08 17:17 - 00000000 ____D () C:\Windows\erdnt

2014-10-08 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-08 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-08 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-08 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-08 15:33 - 2014-10-12 15:22 - 00000000 ____D () C:\FRST

2014-10-08 15:32 - 2014-10-08 15:32 - 00000474 _____ () C:\Users\*******\Downloads\defogger_disable.log

2014-10-08 15:32 - 2014-10-08 15:32 - 00000000 _____ () C:\Users\*******\defogger_reenable

2014-10-08 15:31 - 2014-10-08 15:31 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe

2014-10-07 18:47 - 2014-10-07 18:47 - 00000000 ____D () C:\Windows\ERUNT

2014-10-06 20:29 - 2014-10-11 13:55 - 00000000 ____D () C:\FTV

2014-10-06 20:23 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\*******\AppData\Local\Amazon_FireTV_Utility_App

2014-10-05 17:04 - 2014-10-06 19:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Veusdin

2014-09-30 20:25 - 2014-09-30 20:26 - 153796568 _____ (AVG Technologies) C:\Users\*******\Downloads\avg_free_x86_all_2015_5315a8160.exe

2014-09-28 17:51 - 2014-09-28 17:51 - 00000213 _____ () C:\Users\*******\.swfinfo

2014-09-28 13:25 - 2014-10-10 19:53 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\*******\AppData\Local\UVmedia

2014-09-28 13:22 - 2014-10-10 19:23 - 00000000 ____D () C:\Users\*******\AppData\Local\ATworks

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-09-28 13:14 - 2014-09-28 13:14 - 00000000 ____D () C:\Program Files\MPC-HC

2014-09-24 21:11 - 2014-09-24 21:12 - 63850156 _____ () C:\Users\*******\Downloads\xbmc-13.2-Gotham.exe

2014-09-24 21:09 - 2014-09-24 21:09 - 01609767 _____ () C:\Users\*******\Downloads\plugin.video.streamzto-0.2.6.zip

2014-09-24 21:07 - 2014-09-28 20:59 - 00000000 ____D () C:\Users\*******\AppData\Roaming\XBMC

2014-09-24 21:07 - 2014-09-24 21:08 - 08046503 _____ () C:\Users\*******\Downloads\script.streamztv-0.0.6alpha.zip

2014-09-24 21:07 - 2014-09-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC

2014-09-24 21:06 - 2014-09-24 21:12 - 00000000 ____D () C:\Program Files (x86)\XBMC

2014-09-24 21:05 - 2014-09-24 21:05 - 59604731 _____ () C:\Users\*******\Downloads\xbmc-12.3.exe

2014-09-20 15:08 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FormPrinter

2014-09-20 14:12 - 2014-09-20 14:12 - 00000000 ____D () C:\Program Files\FormPrinter

2014-09-20 14:09 - 2014-09-20 14:09 - 02312498 _____ ( ) C:\Users\*******\Downloads\FormPrinter_Free_Setup.exe

2014-09-14 15:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 15:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 15:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-14 15:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 15:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 15:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 15:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-14 15:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 15:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 15:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-14 15:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 15:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 15:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 15:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-14 15:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-14 15:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 15:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 15:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-14 15:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 15:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 15:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 15:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 15:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 15:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 15:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-14 15:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-14 15:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-14 15:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 15:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 15:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 15:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 15:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-14 15:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 15:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-14 15:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-09-14 13:19 - 2014-09-14 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 12:52 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 12:52 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 12:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 12:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-12 15:21 - 2014-03-02 22:02 - 00000000 ____D () C:\Users\*******\AppData\Roaming\KeePass

2014-10-12 15:19 - 2014-03-01 15:21 - 01116940 _____ () C:\Windows\WindowsUpdate.log

2014-10-12 15:14 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-12 15:14 - 2009-07-14 06:45 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-12 15:13 - 2014-03-01 16:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-12 15:13 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat

2014-10-12 15:13 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat

2014-10-12 15:13 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-12 15:08 - 2014-03-02 20:37 - 00000000 ___RD () C:\Users\*******\Dropbox

2014-10-12 15:08 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox

2014-10-12 15:08 - 2014-03-02 20:21 - 00000000 ___RD () C:\Users\*******\Google Drive

2014-10-12 15:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-12 15:07 - 2009-07-14 06:51 - 00094047 _____ () C:\Windows\setupact.log

2014-10-12 00:00 - 2014-03-01 15:43 - 00063506 _____ () C:\Windows\PFRO.log

2014-10-11 23:54 - 2014-09-09 19:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-10-11 23:52 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-10-08 20:10 - 2014-03-03 19:19 - 00000000 ____D () C:\Users\*******\.freemind

2014-10-08 17:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-10-08 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-08 15:32 - 2014-03-01 15:21 - 00000000 ____D () C:\Users\*******

2014-10-05 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-10-05 16:18 - 2014-03-03 21:30 - 00053028 _____ () C:\QcOSD.txt

2014-10-04 08:54 - 2014-03-07 19:47 - 00000000 ____D () C:\Users\*******\Downloads\HDDScan-3.3

2014-10-03 00:53 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Saal_2

2014-10-03 00:53 - 2014-03-01 16:40 - 00000000 ____D () C:\ProgramData\lenovo

2014-10-03 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-10-02 20:10 - 2014-03-02 21:18 - 00007609 _____ () C:\Users\*******\AppData\Local\resmon.resmoncfg

2014-09-28 13:23 - 2014-03-02 08:11 - 00000000 ____D () C:\Users\*******\AppData\Roaming\uTorrent

2014-09-23 18:32 - 2014-03-01 16:40 - 00000000 ____D () C:\Windows\System32\Tasks\TVT

2014-09-22 08:42 - 2014-03-01 15:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 13:30 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-19 15:26 - 2014-05-03 10:33 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Audacity

2014-09-17 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-17 19:01 - 2014-03-02 16:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 16:21 - 2014-03-02 17:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 15:28 - 2014-03-01 16:26 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-14 15:28 - 2014-03-01 15:48 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 15:27 - 2014-03-02 10:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 15:27 - 2014-03-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 15:24 - 2014-03-02 10:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-14 13:30 - 2014-03-01 16:38 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\*******\AppData\Roaming\HpUpdate

2014-09-14 13:25 - 2014-03-01 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-09-14 13:14 - 2014-03-29 16:28 - 00049802 _____ () C:\Windows\ZTEInstallInfo.log

2014-09-14 13:14 - 2014-03-29 16:28 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB

2014-09-14 13:14 - 2014-03-01 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 

Some content of TEMP:

====================

C:\Users\*******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwjxqm0.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-06 20:10
 

==================== End Of Log ============================

--- --- ---

Entschuldige bitte, die hatte ich übersehen.

Nein, ich hatte seit gestern keine Probleme mehr.
Danke!

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Vielen Dank für Ihre großartige Hilfe!

Ich hoffe mit deinen Tipps in Zukunft nicht wieder so einen Aufwand zu verursachen.

Als ich den PC heute das erste Mal hochgefahren habe, hat AVG gemeldet, dass es folgende Bedrohung gefunden und entfernt hat:

Code:

IDP.Program.D1B0A5C0 an folgendem Ort: C:\Users\******\AppData\Local\UVmedia\EP0N0001.DLL

Abgesehen von dieser Meldung konnte ich aber keine Probleme mehr feststellen.
Wenn aus Ihrer Sicht keine weiteren Schritte nötig sind schließen Sie dieses Thema bitte.

Ich danke von ganzem Herzen für Ihre uneigennützige Hilfe!