Hallo Dennis,
Vielen Dank schon einmal für die umfangreiche Unterstützung!
Die Bearbeitungsschritte sind soweit reibungslos verlaufen, dabei ist noch folgendes zu bemerken:
- McAfee Security Scan Plus konnte nicht mittels Revo Uninstaller gefunden werden und deinstalliert werden
- Avira Antivir hat währrend des MBAM mehrere Funde gemeldet die sich nach Augenschein mit den Funden von MBAM decken.
MBAM Log Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 04.07.2015
Suchlauf-Zeit: 19:30:31
Logdatei: mbam.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Anita
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 429828
Verstrichene Zeit: 12 Min, 42 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 6
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917],
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917],
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917],
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [aacff94a2565b383492660c09f644bb5],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [aacff94a2565b383492660c09f644bb5],
Registrierungswerte: 6
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, îÃïÃ? ÃÃ?OË?Â* Ë?r Æ?r, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917]
PUP.Optional.LoadTubes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [eb8ed96a5238ab8b9ddd61f809fae917],
PUP.Optional.LoadTubes.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [c9b00142bad0a98d9edc63f639ca02fe],
PUP.Optional.LoadTubes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [e7922f141575c4722555491015ee09f7],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\43k87fsa.default\extensions\quick_start@gmail.com, In Quarantäne, [2e4b172c47432b0bc7f1fcede61db848]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [3742142f3456cc6ae355b222c14201ff]
Registrierungsdaten: 12
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}),Ersetzt,[84f54300ee9cae88ba456978f2130000]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[5524e45f8cfe9f97e91529b8d82dd32d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[4e2bc281f1995fd79868a33f45c015eb]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}),Ersetzt,[a1d888bb2e5c4ee80b08a43321e49868]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[0a6fde653357d6604b4fd011b3529967]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}),Ersetzt,[3049142f3852e452619e905114f1d22e]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[df9a281b117945f1fc02b9280cf9db25]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[84f543003159b2849a663da5ff06fe02]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M&q={searchTerms}),Ersetzt,[95e499aa91f9d46231e24790fd08b947]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[bebb2a19beccfc3a702afce5ea1ba759]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[f782d66d4644b6803ebd667bd3326799]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1402323253&from=cor&uid=ST500LM000-SSHD-8GB_W371KD7MXXXXW371KD7M),Ersetzt,[63165ae95f2bda5c38c22ab7b154ba46]
Ordner: 2
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\html, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
Dateien: 16
PUP.Optional.SkyTech.A, C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\alilog.dll, In Quarantäne, [e19897ac7614c670851b02fe09f919e7],
PUP.Optional.V9.A, C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\qSE.exe, In Quarantäne, [98e1a99ad9b1310544f15aef38c8e21e],
PUP.Optional.Skytech.A, C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\UninstallManager.exe, In Quarantäne, [bfba6ed5197151e5f71d0aa7c53cbb45],
PUP.Optional.IePluginService.A, C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [62174201484270c6d247d0b1649d2ad6],
PUP.Optional.WpManager, C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [4930a79c6921a591ac268dfe1ee36b95],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\keyHash.txt, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\config.txt, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\domHash.txt, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\evHash.txt, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\uninstall.exe, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\updateHash.txt, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\html\dimensions.ini, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\html\install.html, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\html\uninstall.html, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.LoadTubes, C:\Users\Anita\AppData\Roaming\loadtbs\html\uninstallComplete.html, In Quarantäne, [0475f84bdcae22141f3b9846bf45dc24],
PUP.Optional.QuickStart.A, C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\43k87fsa.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[d5a4c083b6d40a2cc80343daa95de21e]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner Log Code:
# AdwCleaner v4.207 - Bericht erstellt 04/07/2015 um 20:03:41
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-02.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Anita - LENOVO-PC
# Gestarted von : C:\Users\Anita\Downloads\AdwCleaner_4.207.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
Task Gelöscht : PC Speed Maximizer Schedule
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweet-page.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
[43k87fsa.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[43k87fsa.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[43k87fsa.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R0].txt - [1604 Bytes] - [04/07/2015 20:00:42]
AdwCleaner[S0].txt - [1493 Bytes] - [04/07/2015 20:03:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1552 Bytes] ##########
JRT Log Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.9 (07.04.2015:1)
OS: Windows 8.1 x64
Ran by Anita on 04.07.2015 at 20:15:39,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.07.2015 at 20:18:17,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Anita (administrator) on LENOVO-PC on 04-07-2015 20:22:16
Running from C:\Users\Anita\Desktop
Loaded Profiles: Anita (Available Profiles: UpdatusUser & Anita & Anita_2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-08-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-08-03] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-12-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-18] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3D4FF09D-4BEA-486E-A9F4-CEB6F4679A81}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C0893004-22FC-4D7B-B053-70CF76FD7902}: [DhcpNameServer] 61.15.0.88
FireFox:
========
FF ProfilePath: C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\43k87fsa.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin HKU\S-1-5-21-3774790954-3187863596-3014663056-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-3774790954-3187863596-3014663056-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)
FF HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-10-17] (PointGrab LTD)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2013-08-03] (GenesysLogic)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-03] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-04 20:22 - 2015-07-04 20:22 - 00012143 _____ C:\Users\Anita\Desktop\FRST.txt
2015-07-04 20:18 - 2015-07-04 20:18 - 00000615 _____ C:\Users\Anita\Desktop\JRT.txt
2015-07-04 20:15 - 2015-07-04 20:15 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-LENOVO-PC-Windows-8.1-(64-bit).dat
2015-07-04 20:15 - 2015-07-04 20:15 - 00000000 ____D C:\RegBackup
2015-07-04 20:07 - 2015-07-04 20:08 - 02952814 _____ (Malwarebytes Corporation) C:\Users\Anita\Desktop\JRT.exe
2015-07-04 20:06 - 2015-07-04 20:06 - 00001632 _____ C:\Users\Anita\Desktop\AdwCleaner[S0].txt
2015-07-04 20:00 - 2015-07-04 20:03 - 00000000 ____D C:\AdwCleaner
2015-07-04 19:59 - 2015-07-04 20:00 - 02244096 _____ C:\Users\Anita\Downloads\AdwCleaner_4.207.exe
2015-07-04 19:58 - 2015-07-04 19:58 - 00010838 _____ C:\Users\Anita\Desktop\mbam.txt
2015-07-04 19:56 - 2015-07-04 20:03 - 00000000 ____D C:\Users\TEMP
2015-07-04 19:29 - 2015-07-04 19:57 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 19:29 - 2015-07-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-04 19:29 - 2015-07-04 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-04 19:29 - 2015-07-04 19:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-04 19:29 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-04 19:29 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-04 19:29 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-04 19:25 - 2015-07-04 19:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Anita\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-04 19:18 - 2015-07-04 19:18 - 00001295 _____ C:\Users\Anita\Desktop\Revo Uninstaller.lnk
2015-07-04 19:18 - 2015-07-04 19:18 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-04 18:36 - 2015-07-04 18:37 - 00000000 ____D C:\Users\Anita\Desktop\Logs_#1
2015-07-04 18:35 - 2015-07-04 18:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Anita\Desktop\revosetup95.exe
2015-07-04 11:20 - 2015-07-04 11:20 - 00000000 ____D C:\Users\Anita\AppData\Roaming\Nitro PDF
2015-07-04 10:41 - 2015-07-04 10:41 - 00380416 _____ C:\Users\Anita\Desktop\Gmer-19357.exe
2015-07-04 10:32 - 2015-07-04 20:22 - 00000000 ____D C:\FRST
2015-07-04 10:31 - 2015-07-04 10:31 - 02112512 _____ (Farbar) C:\Users\Anita\Desktop\FRST64.exe
2015-07-04 10:29 - 2015-07-04 10:29 - 00000472 _____ C:\Users\Anita\Downloads\defogger_disable.log
2015-07-04 10:29 - 2015-07-04 10:29 - 00000000 _____ C:\Users\Anita\defogger_reenable
2015-07-04 10:28 - 2015-07-04 10:28 - 00050477 _____ C:\Users\Anita\Desktop\Defogger.exe
2015-07-03 18:25 - 2015-07-03 18:25 - 00242928 _____ C:\Users\Anita\Downloads\Firefox Setup Stub 39.0.exe
2015-06-19 17:26 - 2015-06-19 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-06-19 17:26 - 2015-06-19 17:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-06-14 13:50 - 2015-06-19 17:26 - 00001958 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-06-14 13:50 - 2015-06-19 17:26 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-06-14 13:47 - 2015-06-14 13:47 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Anita\Downloads\flashplayer18_ga_install.exe
2015-06-11 07:51 - 2015-06-11 07:51 - 00001147 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-10 15:33 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 15:33 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 15:33 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 15:33 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 15:33 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 15:33 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 15:33 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 15:33 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 15:33 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 15:33 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 15:28 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 15:28 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 15:28 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 15:28 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 15:28 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 15:28 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 15:28 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 15:28 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 15:28 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 15:28 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 15:28 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 15:28 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 15:28 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 15:28 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:28 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 15:28 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 15:28 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 15:28 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 15:28 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 15:28 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 15:16 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 15:16 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 15:16 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 15:16 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 15:16 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 15:16 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 15:16 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 15:16 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 15:16 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 15:16 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 15:16 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 15:16 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 15:16 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 15:16 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 15:16 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 15:16 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 15:16 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 15:16 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 15:16 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 15:16 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 15:16 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 15:16 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 15:16 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 15:16 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 15:16 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 15:16 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 15:16 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 15:16 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 15:16 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 15:16 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 15:16 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 15:16 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 15:16 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 15:16 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 15:16 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 15:16 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 15:16 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 15:16 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 15:16 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 15:16 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 15:16 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 15:16 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 15:13 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-04 17:42 - 2015-07-03 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-04 20:19 - 2013-12-18 00:33 - 01174342 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-04 20:16 - 2014-04-21 22:00 - 00000000 ____D C:\Users\Anita\AppData\Local\CrashDumps
2015-07-04 20:16 - 2013-12-18 01:00 - 00008704 _____ C:\WINDOWS\system32\VfService.trf
2015-07-04 20:10 - 2013-12-18 09:14 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-04 20:10 - 2013-12-18 09:14 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-04 20:10 - 2013-10-07 20:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-04 20:06 - 2015-02-25 21:04 - 00000000 ____D C:\Users\Anita\OneDrive
2015-07-04 20:05 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-04 20:04 - 2013-10-07 20:23 - 00321768 _____ C:\WINDOWS\PFRO.log
2015-07-04 20:04 - 2013-08-22 16:46 - 00026314 _____ C:\WINDOWS\setupact.log
2015-07-04 20:04 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-04 20:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-04 19:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-07-04 19:34 - 2014-04-07 16:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774790954-3187863596-3014663056-1002
2015-07-04 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-04 11:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-04 10:59 - 2014-04-07 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 10:29 - 2014-04-07 15:58 - 00000000 ____D C:\Users\Anita
2015-07-03 18:34 - 2014-04-07 09:12 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 18:34 - 2014-04-07 09:12 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-03 18:32 - 2014-04-07 09:22 - 00000000 ____D C:\Users\Anita\AppData\Local\Adobe
2015-07-01 14:31 - 2014-06-09 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-25 13:24 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-20 05:02 - 2015-05-15 09:39 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2015-05-15 09:39 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 09:12 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-14 18:18 - 2015-02-25 21:00 - 00000000 __SHD C:\Users\Anita\AppData\Local\EmieUserList
2015-06-14 18:18 - 2015-02-25 21:00 - 00000000 __SHD C:\Users\Anita\AppData\Local\EmieSiteList
2015-06-14 18:18 - 2015-02-25 21:00 - 00000000 __SHD C:\Users\Anita\AppData\Local\EmieBrowserModeList
2015-06-14 13:50 - 2013-12-18 00:54 - 00000000 ____D C:\ProgramData\McAfee
2015-06-12 09:39 - 2013-08-22 16:44 - 00409160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-12 09:38 - 2014-06-09 16:44 - 00000000 ____D C:\ProgramData\Avira
2015-06-11 17:55 - 2014-04-07 10:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 17:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 07:51 - 2014-06-09 16:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-11 07:51 - 2014-06-09 16:44 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-09 10:18 - 2014-06-09 17:09 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-09 10:18 - 2014-06-09 17:09 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2013-12-18 00:42 - 2013-12-18 00:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Anita\AppData\Local\Temp\avgnt.exe
C:\Users\Anita\AppData\Local\Temp\ose00000.exe
C:\Users\Anita\AppData\Local\Temp\Quarantine.exe
C:\Users\Anita\AppData\Local\Temp\sqlite3.dll
C:\Users\Anita_2\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-25 13:27
==================== End of log ============================
--- --- ---
Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Anita at 2015-07-04 20:23:13
Running from C:\Users\Anita\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3774790954-3187863596-3014663056-500 - Administrator - Disabled)
Anita (S-1-5-21-3774790954-3187863596-3014663056-1002 - Administrator - Enabled) => C:\Users\Anita
Anita_2 (S-1-5-21-3774790954-3187863596-3014663056-1003 - Limited - Enabled) => C:\Users\Anita_2
Gast (S-1-5-21-3774790954-3187863596-3014663056-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3774790954-3187863596-3014663056-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.1611.212 - Alps Electric)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{3963D1D4-8723-4EE4-9694-D1078BB26B75}) (Version: 2.0.0.1017 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1017 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{C0EE31FB-F593-4128-8A86-FDB37BA2486D}) (Version: 8.5.6.5 - Nitro)
NVIDIA Grafiktreiber 327.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.45 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3774790954-3187863596-3014663056-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3774790954-3187863596-3014663056-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
14-06-2015 18:16:30 Windows Update
24-06-2015 13:17:19 Windows Update
04-07-2015 13:05:47 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {18358168-4513-4403-BAC5-87A94B064E90} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {5B78CB37-F102-47DB-B155-FA284F7C1C60} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-04] ()
==================== Loaded Modules (Whitelisted) ==============
2013-12-18 00:36 - 2013-09-04 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Anita\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3774790954-3187863596-3014663056-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F0AE8BC3-9E64-47A4-A368-6B871831C6C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C075158A-6262-40C0-9A52-1321FF1368A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72C7BFAB-32DB-46DB-9C29-9C977654E32A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6EB512D-B545-4124-87C5-1F8AA9E3BE5F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{990D30E5-0FDB-48C2-B252-89CCEED799A8}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5849BC3F-E5D5-45D5-B565-29D94D6C80D1}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{8DE49E38-7A15-4033-AEE7-7D6CFA6785B5}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{A054811E-9850-445F-BAD3-42DBA9FD30C4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A27E7C43-E980-4339-AB6A-ECC28D3F22F6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F39E8E80-DDC9-4848-B97C-E55B7D5513A4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6C6766C-A7DA-4902-B9B7-DE7453A3F4EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/04/2015 08:16:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xa2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (07/04/2015 08:03:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\TEMP. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden.
DETAIL - Das Verzeichnis ist nicht leer.
Error: (07/04/2015 07:56:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lenovo-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (07/04/2015 07:56:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lenovo-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (07/04/2015 07:56:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Lenovo-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (07/04/2015 07:56:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\UpdatusUser\ntuser.dat
Error: (07/04/2015 11:09:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x16d8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (07/04/2015 11:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (07/04/2015 11:07:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (07/03/2015 06:49:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm uninstall.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3458
Startzeit: 01d0b5b0025b8f35
Endzeit: 0
Anwendungspfad: C:\Users\Anita\AppData\Roaming\loadtbs\uninstall.exe
Berichts-ID: 6859607d-21a3-11e5-8276-40f02f784797
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (07/04/2015 08:16:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/04/2015 08:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VeriFaceSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PGService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/04/2015 08:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nalpeiron Licensing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-06-09 17:02:10.785
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 35%
Total physical RAM: 4008.27 MB
Available physical RAM: 2571.14 MB
Total Pagefile: 4712.27 MB
Available Pagefile: 2993.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.8 GB) (Free:374.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 640BD816)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- ---
Zusätzlich noch der Avira Event Log aufgrund der auftretenden Funde:
Avira Log Code:
Exportierte Ereignisse:
04.07.2015 19:46 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\SupTab_Setup30
2.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Subtab.opona' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:46 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\wpm_v18.8.0.30
4.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Cherished.oia' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:46 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\SupTab_Setup30
2.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Subtab.opona' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:46 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\wpm_v18.8.0.30
4.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Cherished.oia' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anita_2\Downloads\OpenofficeSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.YA' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:39 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\wpm_v18.8.0.30
4.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Cherished.oia' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:39 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anita\AppData\Local\Temp\170919187\170919187.zipDir\tmp\SupTab_Setup30
2.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Subtab.opona' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.07.2015 19:08 [Updater] Update nicht ausgeführt
Das Update von Computer LENOVO-PC (192.168.2.109) von "'unbekannt'" ist
fehlgeschlagen.
Keine Internetverbindung.
Es wurden keine neuen Dateien geladen.
Schöne Grüße,
mtothew |
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
SecurityCheck und:
dann auf 
und dann auf 
. 
