| Mandy8210 | 27.04.2014 05:55 |
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03
Ran by Mandy (administrator) on MANDY-PC on 27-04-2014 06:52:03
Running from C:\Users\Mandy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\003\xmkysecqun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Mandy\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
(Windows Net) C:\Users\Mandy\AppData\Roaming\Windows Net Data\net.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Google Inc.) C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10821224 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-03-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [Google Update] => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-18] (Google Inc.)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Mandy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [lollipop_02241913] => lollipop_02241913
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Run: [GoogleChromeAutoLaunch_176E77370D9312FCC40536E743CEB860] => C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {4c7b7547-9ac8-11e2-b545-a98b68f07187} - F:\Startme.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {772f2acc-12bb-11e2-8564-002682e4d21c} - F:\Startme.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {dd5093ae-0504-11e3-a5d4-810244db8389} - G:\autorun.exe
HKU\S-1-5-21-1044878827-1848065919-785215454-1000\...\MountPoints2: {f1880d4c-b85d-11e1-82ff-002682e4d21c} - F:\Startme.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mandy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_02241913.lnk
ShortcutTarget: lollipop_02241913.lnk -> C:\Users\Mandy\AppData\Local\Lollipop\lollipop_02241913.exe (No File)
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Mandy\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x14407D54DC3CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games
URLSearchHook: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
URLSearchHook: HKCU - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT2736476&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT2736476&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
SearchScopes: HKCU - {2624DF88-5E94-47C7-A590-A86912C54855} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AA1CE8C9-541D-4651-B46C-834CC57D8D92}&mid=98141d795cf547d0829bd16fc4003bef-818686da698e899c8909c8c1f70e3954f6c9b5ab&lang=de&ds=AVG&pr=pr&d=2013-01-30 16:14:42&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=330&systemid=1&v=a12349-120&apn_uid=0609435137134575&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEPwdBankBHO Class - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {45177936-603b-4261-8d42-df6f7091d5d0} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mandy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mandy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-06]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-03-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-12]
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=55&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=55&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA6377E71-49FC-48FC-89AC-B189EAF38924&SearchSource=58&CUI=&UM=5&UP=SP1A0305B2-C175-4A91-A488-F1E71AC81942&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Mandy\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Extension: (Google Drive) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-13]
CHR Extension: (YouTube) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-13]
CHR Extension: (Google-Suche) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-13]
CHR Extension: (weDownload Manager Pro) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-04-07]
CHR Extension: (Skype Click to Call) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Mandy\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dcpfhaghaadpjpgocojgnlhjcieeooel] - C:\Program Files (x86)\Re-markit\150.crx [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Mandy\AppData\Local\Torch\Plugins\TorchPlugin.crx [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Mandy\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-01-18]
CHR StartMenuInternet: Google Chrome - C:\Users\Mandy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-11-21] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-11-21] (DealPly Technologies Ltd)
R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [314736 2010-05-28] (Egis Technology Inc. )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-27] ()
==================== Drivers (Whitelisted) ====================
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)
R1 {2b4fc5ce-fd26-493c-97d3-e808aab73013}w64; C:\Windows\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys [61120 2014-04-24] (StdLib)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-27 06:52 - 2014-04-27 06:52 - 00026776 _____ () C:\Users\Mandy\Downloads\FRST.txt
2014-04-27 06:51 - 2014-04-27 06:52 - 00000000 ____D () C:\FRST
2014-04-27 06:50 - 2014-04-27 06:50 - 02061824 _____ (Farbar) C:\Users\Mandy\Downloads\FRST64.exe
2014-04-27 06:16 - 2014-04-27 06:16 - 00079440 _____ () C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-27 05:47 - 2014-04-27 05:47 - 00000000 ____D () C:\ProgramData\AVG Nation toolbar
2014-04-27 04:17 - 2014-04-27 04:17 - 00000000 ____D () C:\Users\Mandy\Desktop\Programm verknüpfungen
2014-04-27 04:05 - 2014-04-27 04:05 - 00000000 ____D () C:\Users\Mandy\Desktop\Abschied
2014-04-27 03:25 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-04-27 03:25 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-04-27 03:22 - 2014-04-27 03:23 - 00000000 ____D () C:\Program Files\003
2014-04-27 03:21 - 2014-04-27 03:21 - 00513424 _____ (installer) C:\Users\Mandy\Downloads\Anti-Malware.exe
2014-04-27 02:26 - 2014-04-27 04:23 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing
2014-04-27 02:26 - 2014-04-27 04:23 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-27 02:25 - 2014-04-27 02:25 - 00667216 _____ () C:\Users\Mandy\Downloads\wzmpis_9.exe
2014-04-25 08:43 - 2014-04-24 12:18 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys
2014-04-24 12:59 - 2014-04-27 04:15 - 00000000 ____D () C:\Users\Mandy\Desktop\tatto dresden
2014-04-24 11:58 - 2014-04-24 11:59 - 05290664 _____ (Canneverbe Limited ) C:\Users\Mandy\Desktop\nw_22713_cdbxpsetupexe.exe
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nero
2014-04-24 11:26 - 2014-04-27 04:21 - 00000000 ____D () C:\ProgramData\Nero
2014-04-22 11:06 - 2014-04-22 11:06 - 00821760 _____ (Browser Opt-out) C:\Users\Mandy\Downloads\uninstall.exe
2014-04-16 12:50 - 2014-04-16 12:50 - 00000000 ____D () C:\ProgramData\Datamngr
2014-04-11 21:43 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 21:43 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 21:43 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 21:43 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 21:41 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 21:41 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 21:41 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 21:41 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 21:41 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 21:41 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 21:41 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 21:41 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 21:41 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 21:41 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 21:41 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 21:41 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 21:41 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 17:22 - 2014-04-08 17:22 - 00610704 _____ () C:\Users\Mandy\Downloads\Java.exe
2014-04-04 17:38 - 2014-04-27 04:46 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-03-29 10:48 - 2014-03-29 10:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
==================== One Month Modified Files and Folders =======
2014-04-27 06:52 - 2014-04-27 06:52 - 00026776 _____ () C:\Users\Mandy\Downloads\FRST.txt
2014-04-27 06:52 - 2014-04-27 06:51 - 00000000 ____D () C:\FRST
2014-04-27 06:50 - 2014-04-27 06:50 - 02061824 _____ (Farbar) C:\Users\Mandy\Downloads\FRST64.exe
2014-04-27 06:20 - 2012-01-18 22:22 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job
2014-04-27 06:16 - 2014-04-27 06:16 - 00079440 _____ () C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-27 06:14 - 2014-02-18 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 06:04 - 2013-07-04 19:04 - 00000000 ____D () C:\Users\Mandy\Desktop\Sonstiges
2014-04-27 06:02 - 2011-06-12 22:22 - 00000000 ____D () C:\Program Files (x86)\fahrtenbuch.de
2014-04-27 06:01 - 2011-03-19 00:44 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Amazon
2014-04-27 06:01 - 2011-03-19 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 06:01 - 2011-03-19 00:41 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-27 05:50 - 2011-01-28 17:37 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\KeePass
2014-04-27 05:47 - 2014-04-27 05:47 - 00000000 ____D () C:\ProgramData\AVG Nation toolbar
2014-04-27 05:01 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 05:01 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 04:48 - 2013-12-10 16:12 - 00000000 ____D () C:\Users\Mandy\Desktop\Mäuse
2014-04-27 04:48 - 2013-09-08 21:09 - 00000000 ___RD () C:\Users\Mandy\Dropbox
2014-04-27 04:48 - 2013-09-08 21:06 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Dropbox
2014-04-27 04:46 - 2014-04-04 17:38 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-27 04:46 - 2011-02-10 18:19 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-27 04:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 04:30 - 2013-08-29 16:22 - 00014416 _____ () C:\ProgramData\hpzinstall.log
2014-04-27 04:30 - 2011-01-28 15:19 - 01482468 ____N () C:\Windows\WindowsUpdate.log
2014-04-27 04:25 - 2012-07-03 18:18 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-27 04:23 - 2014-04-27 02:26 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing
2014-04-27 04:23 - 2014-04-27 02:26 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-27 04:21 - 2014-04-24 11:26 - 00000000 ____D () C:\ProgramData\Nero
2014-04-27 04:17 - 2014-04-27 04:17 - 00000000 ____D () C:\Users\Mandy\Desktop\Programm verknüpfungen
2014-04-27 04:16 - 2014-02-17 16:36 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Task Coach
2014-04-27 04:16 - 2013-07-04 18:58 - 00000000 ____D () C:\Users\Mandy\Desktop\Larry
2014-04-27 04:16 - 2012-09-08 09:43 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe
2014-04-27 04:15 - 2014-04-24 12:59 - 00000000 ____D () C:\Users\Mandy\Desktop\tatto dresden
2014-04-27 04:05 - 2014-04-27 04:05 - 00000000 ____D () C:\Users\Mandy\Desktop\Abschied
2014-04-27 04:00 - 2014-02-18 18:58 - 00000000 ____D () C:\Users\Mandy\Desktop\Musik
2014-04-27 03:50 - 2012-07-03 18:25 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-04-27 03:50 - 2011-06-13 17:19 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-04-27 03:49 - 2014-01-17 15:05 - 00000000 ____D () C:\Program Files\Paint.NET
2014-04-27 03:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-27 03:24 - 2014-01-29 17:04 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-04-27 03:23 - 2014-04-27 03:22 - 00000000 ____D () C:\Program Files\003
2014-04-27 03:21 - 2014-04-27 03:21 - 00513424 _____ (installer) C:\Users\Mandy\Downloads\Anti-Malware.exe
2014-04-27 02:25 - 2014-04-27 02:25 - 00667216 _____ () C:\Users\Mandy\Downloads\wzmpis_9.exe
2014-04-27 01:06 - 2012-01-18 22:22 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job
2014-04-25 14:55 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-25 14:55 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-25 14:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 14:52 - 2009-07-14 04:34 - 00000540 _____ () C:\Windows\win.ini
2014-04-24 12:18 - 2014-04-25 08:43 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}w64.sys
2014-04-24 11:59 - 2014-04-24 11:58 - 05290664 _____ (Canneverbe Limited ) C:\Users\Mandy\Desktop\nw_22713_cdbxpsetupexe.exe
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nero
2014-04-24 11:37 - 2014-01-17 17:51 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\OpenCandy
2014-04-24 11:20 - 2014-01-29 17:04 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001428 _____ () C:\Windows\Tasks\weDownload Manager Pro-updater.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001330 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-04-24 11:20 - 2013-11-21 18:13 - 00001230 _____ () C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00002060 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000900 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-04-24 11:20 - 2013-11-21 18:12 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-04-24 11:20 - 2013-01-31 22:07 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-04-23 09:18 - 2014-01-18 17:37 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Windows Net Data
2014-04-22 11:07 - 2014-03-27 20:06 - 00003114 _____ () C:\Windows\System32\Tasks\{0B346B95-34B3-4A24-84DD-205B67D207CC}
2014-04-22 11:07 - 2014-03-27 19:46 - 00003410 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-04-22 11:07 - 2014-01-29 17:04 - 00003146 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-22 11:07 - 2014-01-18 17:25 - 00003154 _____ () C:\Windows\System32\Tasks\{CE5F1AEA-F795-4BD1-904D-F652FB82B3B5}
2014-04-22 11:07 - 2013-11-21 18:13 - 00004470 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2014-04-22 11:07 - 2013-11-21 18:13 - 00004372 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2014-04-22 11:07 - 2013-11-21 18:13 - 00004272 _____ () C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2014-04-22 11:07 - 2013-11-21 18:12 - 00003912 _____ () C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2014-04-22 11:07 - 2013-11-21 18:12 - 00003660 _____ () C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2014-04-22 11:07 - 2013-11-21 18:12 - 00003232 _____ () C:\Windows\System32\Tasks\Dealply
2014-04-22 11:07 - 2013-01-31 22:07 - 00002860 _____ () C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv
2014-04-22 11:07 - 2012-12-15 10:57 - 00003124 _____ () C:\Windows\System32\Tasks\{170D0736-078E-491F-9F80-A74C323939CB}
2014-04-22 11:06 - 2014-04-22 11:06 - 00821760 _____ (Browser Opt-out) C:\Users\Mandy\Downloads\uninstall.exe
2014-04-16 17:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 12:50 - 2014-04-16 12:50 - 00000000 ____D () C:\ProgramData\Datamngr
2014-04-14 13:30 - 2011-07-19 18:33 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 13:30 - 2011-07-19 18:33 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 13:25 - 2013-08-14 18:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 13:25 - 2011-01-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 13:21 - 2011-01-28 17:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 17:22 - 2014-04-08 17:22 - 00610704 _____ () C:\Users\Mandy\Downloads\Java.exe
2014-04-05 23:01 - 2011-07-19 18:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 23:01 - 2011-07-19 18:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-04 18:15 - 2012-01-18 22:22 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA
2014-04-04 18:15 - 2012-01-18 22:22 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core
2014-03-31 09:35 - 2011-01-28 16:29 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 07:10 - 2013-12-19 15:18 - 00000106 _____ () C:\Users\Mandy\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 21:43 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 21:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 21:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 21:43 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 10:48 - 2014-03-29 10:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Some content of TEMP:
====================
C:\Users\Mandy\AppData\Local\Temp\avgnt.exe
C:\Users\Mandy\AppData\Local\Temp\nsgB6CE.exe
C:\Users\Mandy\AppData\Local\Temp\SpOrder.dll
C:\Users\Mandy\AppData\Local\Temp\UNINSTALL.EXE
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 00:33
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2014 03
Ran by Mandy at 2014-04-27 06:52:34
Running from C:\Users\Mandy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
4500_G510gm_Help (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.376.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{01CC2860-A3CD-4D57-98A5-B202CA6B04ED}) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Angry Birds (HKLM-x32\...\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}) (Version: 1.6.2 - Rovio)
Angry Birds Rio (HKLM-x32\...\{E0B3F290-186B-46C8-BA95-F3D6542C2407}) (Version: 1.4.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
BioExcess (HKLM-x32\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.175 - Egis Technology Inc.)
BioExcess (x32 Version: 6.0.48.175 - Egis Technology Inc.) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dealply (HKCU\...\Dealply) (Version: - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Freeware.de Toolbar (HKLM-x32\...\Freeware.de Toolbar) (Version: 6.8.5.1 - Freeware.de)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Haushaltsbuch 8.9 DEMO (HKLM-x32\...\{41A43D52-79B2-4DCD-8ED5-0E62C2290529}) (Version: 8.9.46 - Reiners-Software)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 28264) (Version: 28264 - Intel)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Kalender-Excel-8.10 (HKLM-x32\...\Kalender-Excel-8.10_is1) (Version: 8.10 - MSDatec)
KeePass Password Safe 2.14 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.01.29.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lollipop (HKCU\...\lollipop_02241913) (Version: - Lollipop Network, S.L.) <==== ATTENTION
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Box Toolbar for Chrome (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarGC) (Version: 1.5.0.0 - APN LLC) <==== ATTENTION
Music Box Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarIE) (Version: 1.5.0.0 - APN LLC) <==== ATTENTION
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nitro Reader 2 (HKLM\...\{E9ABE702-55E6-40E4-B3BD-99D70BB3DF24}) (Version: 2.5.0.45 - Nitro PDF Software)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.7 - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
weDownload Manager Pro (HKLM-x32\...\weDownload Manager Pro) (Version: 1.30.153.1 - weDownload) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )
Windows-Treiberpaket - Intel (NETw5s64) net (01/13/2010 13.1.1.1) (HKLM\...\8C37689CB3B9356BF3244BEC3421F153D01BFDBF) (Version: 01/13/2010 13.1.1.1 - Intel)
Windows-Treiberpaket - Intel (NETw5v64) net (01/13/2010 13.1.1.1) (HKLM\...\B3385C3CDAEAA7DCB6E193F6C0058E2D7BAB12F6) (Version: 01/13/2010 13.1.1.1 - Intel)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
08-04-2014 15:39:36 Windows Update
14-04-2014 11:19:16 Windows Update
14-04-2014 11:40:37 Windows-Sicherung
18-04-2014 22:15:33 Windows Update
19-04-2014 01:00:10 Windows Update
22-04-2014 05:34:17 Windows Update
24-04-2014 09:25:18 Installed Nero Burning ROM 2014.
25-04-2014 06:55:15 Windows Update
27-04-2014 01:11:52 Removed Media Go
27-04-2014 01:24:42 Windows Defender Checkpoint
27-04-2014 01:40:07 Removed Media Go Video Playback Engine 2.0.117.09030
27-04-2014 01:41:40 Removed Nero Burning ROM 2014.
27-04-2014 01:45:47 Removed Nero Info.
27-04-2014 01:46:21 Removed Paint.NET v3.5.11
27-04-2014 02:20:16 Removed Nero Burning ROM 2014.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-09-08 11:22 - 00001339 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {07588F50-96A2-470E-9E40-F3F24825F252} - System32\Tasks\{EA4E805C-3B5A-407F-BB99-19D76C34E0E8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {086C3B7E-23D2-4DFE-8E89-779BBA875CC8} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: {30A7AA95-BB34-41FB-9889-CAA23CD85A29} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-11-21] (DealPly Technologies Ltd) <==== ATTENTION
Task: {551118CD-D315-4371-99D6-D777961A1BAA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {5EF8481D-BB28-4AE0-BB33-C0AAF8BB968C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {677356C1-F36D-4B42-B485-78671FA1110C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {67C3041E-1F9E-4BFD-AF8B-7651F929BB2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-24] (Adobe Systems Incorporated)
Task: {6FD08931-3374-4CB1-8C0A-D6D70E61E395} - System32\Tasks\weDownload Manager Pro-updater => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe <==== ATTENTION
Task: {77771C32-C2A1-4CAB-B80C-B20206CEFA05} - System32\Tasks\weDownload Manager Pro-enabler => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {7CB5B4C5-40D9-4B66-9A5E-83B631AB92D8} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {7D670F60-DEB7-4105-BA15-FBE07A7FA959} - System32\Tasks\Dealply => C:\Users\Mandy\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-11-21] () <==== ATTENTION
Task: {82C150D3-049A-4EFE-B292-C033EBA9A2CE} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {957CACE8-CE39-4F0D-A9AB-5AF0A944D023} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Mandy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {973F0E33-D391-4915-9B58-C096ED9B026B} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {A18A9D7B-CDE7-4138-9F7C-5B0F217E5D9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2A956D9-F265-43E8-9430-6A4C68C4249B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29] (Facebook Inc.)
Task: {C9935F27-6928-402D-AE52-2633AE6AE201} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {CAF365B8-9EBB-4580-AFCA-3F419B2D4999} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-11-21] (DealPly Technologies Ltd) <==== ATTENTION
Task: {E3F97FF8-66A5-4C1D-A8E3-4F7BEE48ED23} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29] (Facebook Inc.)
Task: {E9FAB387-AF21-41CD-B605-6BDF418788B0} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2013-11-21] (weDownload) <==== ATTENTION
Task: {EB3731B2-7007-49D9-A246-7CAF3AC6C37D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FCA93422-04A3-4CD0-BBB6-1EC5D276F369} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Mandy\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job => C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000Core.job => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044878827-1848065919-785215454-1000UA.job => C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-enabler.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-updater.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-05-28 04:15 - 2010-05-28 04:15 - 01407344 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2012-12-13 11:22 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spdpsl.dll
2011-01-29 13:11 - 2008-06-04 08:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2006-12-08 14:00 - 2006-12-08 14:00 - 00022016 _____ () C:\Windows\System32\sugi1l6.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-27 03:23 - 2014-04-27 03:23 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2014-02-24 20:07 - 2014-03-01 23:03 - 02552856 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
2011-01-28 17:29 - 2011-01-02 12:16 - 00303104 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-03-27 19:45 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Mandy\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-09 17:15 - 2014-01-09 17:15 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-04-11 21:33 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 21:33 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 21:33 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-11 21:33 - 2014-04-02 03:58 - 13691720 _____ () C:\Users\Mandy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2014-03-27 19:45 - 2014-02-25 12:41 - 00394808 _____ () C:\program files (x86)\avira\antivir desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Mandy\AppData\Local\nZwo6biR:QdOPKihpVr4jI7XtY9
AlternateDataStreams: C:\Users\Mandy\AppData\Local\Temp:6VV9yyBKCcYMNXtPt1suU
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk => C:\Windows\pss\OpenOffice.org 3.4.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Mandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: icq => C:\Users\Mandy\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iMesh => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
MSCONFIG\startupreg: Intel AppUp(SM) center_Nagware => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe"
MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2014 04:25:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_Sony PC Companion, Version: 17.0.0.717, Zeitstempel: 0x4cab8cfa
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000494f3
ID des fehlerhaften Prozesses: 0x236c
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_Sony PC Companion0
Pfad der fehlerhaften Anwendung: setup.exe_Sony PC Companion1
Pfad des fehlerhaften Moduls: setup.exe_Sony PC Companion2
Berichtskennung: setup.exe_Sony PC Companion3
Error: (04/27/2014 04:23:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1f78
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Error: (04/27/2014 04:23:05 AM) (Source: Microsoft-Windows-RestartManager) (User: Mandy-PC)
Description: Die Anwendung oder der Dienst "SecureAssist" konnte nicht neu gestartet werden.
Error: (04/27/2014 04:22:36 AM) (Source: Microsoft-Windows-RestartManager) (User: Mandy-PC)
Description: Die Anwendung oder der Dienst "SecureAssist" konnte nicht heruntergefahren werden.
Error: (04/27/2014 03:45:44 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden einer Windows Installer-Transaktion: . Fehler 5 beim Beenden der Transaktion.
Error: (04/27/2014 02:26:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WinZipMalwareProtector.exe, Version: 2.1.1000.10798, Zeitstempel: 0x5159285c
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xWinZipMalwareProtector.exe0
Pfad der fehlerhaften Anwendung: WinZipMalwareProtector.exe1
Pfad des fehlerhaften Moduls: WinZipMalwareProtector.exe2
Berichtskennung: WinZipMalwareProtector.exe3
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10270341
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10270341
Error: (04/25/2014 02:47:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/25/2014 11:56:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6177
System errors:
=============
Error: (04/27/2014 04:47:49 AM) (Source: DCOM) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (04/27/2014 04:46:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (04/27/2014 04:23:15 AM) (Source: DCOM) (User: )
Description: {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Error: (04/27/2014 03:51:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:51:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:51:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Swift Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:29:18 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/27/2014 03:24:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2014 03:23:57 AM) (Source: Service Control Manager) (User: )
Description: Dienst "vToolbarUpdater17.3.0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/27/2014 03:23:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (01/21/2012 00:12:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3305 seconds with 2220 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 7924.51 MB
Available physical RAM: 4556.04 MB
Total Pagefile: 15847.2 MB
Available Pagefile: 12357.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:76.49 GB) NTFS
Drive d: () (Fixed) (Total:171.71 GB) (Free:171.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
