| PoseidoPferd | 06.02.2018 18:35 |
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (06-02-2018 18:26:41)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-06]
FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-02-03]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-06 18:26 - 2018-02-06 18:31 - 000010056 _____ C:\Users\~.~\Desktop\FRST.txt
2018-02-05 18:49 - 2018-02-05 18:53 - 008206624 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.7.0.exe
2018-02-03 16:16 - 2018-02-05 19:56 - 000001258 _____ C:\Users\~.~\Desktop\Anweisung.Cosinus.txt
2018-02-03 16:16 - 2018-02-03 16:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6375E5BF.sys
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\Users\~.~\Desktop\mbar
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-03 15:45 - 2018-02-03 15:45 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-03 15:40 - 2018-02-03 15:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\~.~\Desktop\mbar-1.10.3.1001.exe
2018-02-03 15:14 - 2018-02-03 15:14 - 000029612 _____ C:\Users\~.~\.recently-used.xbel
2018-02-02 22:16 - 2018-02-02 22:16 - 000033574 _____ C:\Users\~.~\Desktop\Addition_18-02-02.txt
2018-02-02 22:16 - 2018-02-02 22:16 - 000020866 _____ C:\Users\~.~\Desktop\FRST_18-02-02.txt
2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion
2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt
2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer
2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4
2018-01-31 13:29 - 2018-02-05 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE
2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install
2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt
2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt
2018-01-26 21:28 - 2018-02-02 22:16 - 000033571 _____ C:\Users\~.~\Desktop\Addition_18-02-02_doubleSS.txt
2018-01-26 21:23 - 2018-02-02 22:16 - 000020863 _____ C:\Users\~.~\Desktop\FRST_18-02-02_doubleSS.txt
2018-01-26 21:21 - 2018-02-03 15:07 - 000001013 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-02-05 19:26 - 000000000 ____D C:\AdwCleaner
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-06 18:26 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-02-06 18:24 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-02-06 18:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-06 17:50 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-02-06 17:36 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-05 19:27 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-02-05 19:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-05 19:18 - 2011-10-06 07:15 - 000000000 ____D C:\Users\Administrator.Cunegonde
2018-02-05 19:08 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-02-05 19:07 - 2009-07-14 05:45 - 000331008 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-03 16:17 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-03 15:40 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-02-03 15:14 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-02-03 15:02 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-02-02 22:31 - 2010-08-16 21:14 - 000075728 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew
2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc
2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4
2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4
2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps
2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
==================== Files in the root of some directories =======
2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-30 09:38
==================== End of FRST.txt ============================
--- --- ---
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by ~.~ (06-02-2018 18:32:16)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version: - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JavaScript Tools (HKLM-x32\...\HSJS) (Version: - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version: - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 ad2games.com
127.0.0.1 cms.ad2click.nl
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 as.ad611.com
There are 14742 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
05-02-2018 18:57:15 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (02/05/2018 07:27:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PDF24 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 4 Creator service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2018-01-09 23:30:37.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:30:37.022
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:30:36.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:30:36.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:58.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:58.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:58.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:58.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:57.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-01-09 23:11:57.683
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 20%
Total physical RAM: 3932.86 MB
Available physical RAM: 3140.36 MB
Total Virtual: 7863.92 MB
Available Virtual: 6715.29 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:45.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
--- --- --- |
SecurityCheck und: