| |
| |||||||
Log-Analyse und Auswertung: Windows7: auf Webseiten erscheinen unzählige automatische Links zu WerbeseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.03.2014, 19:27
| #1 |
| |  Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo, als erstes möchte ich Ihnen mitteilen, dass ich selbständig ("ein-Mann-Büro") tätig bin, hoffe aber trotzdem auf Ihre Hilfe. Den PC habe ich mir erst im Februar angeschafft und habe seit gestern deutliche Probleme mit meinem Internet. Zu meinem Problem: Es werden kleine Werbefenster geöffnet und wenn man diese schließen will, öffnet sich ein neuer Tab, in dem zunächst im Tabreiter "redirect" steht. Teilweise kommt die Meldung, dass Fehler auf dem Computer sind und dass der Videoplayer nicht aktuell ist. Beim Schließen der Meldung wird man zwangsweise weitergeleitet zu Software-Seiten für den Schutzsoftware für den Computer. Ich arbeite mit Firefox. Den CCleaner habe ich heute aktualisiert und auch angewendet. Firefox und den VCL-Media-Player habe ich deinstalliert und neu aus dem Internet geladen und wieder installiert. Jetzt erscheint mir auf fast allen Web-Seiten normaler Text mit Links (Wörter in grüner Schrift hervorgehoben und doppelt unterstrichen) und es öffnen sich Popup-Werbefenster beim drübergleiten mit dem Mauszeiger. Man wird auf Werbeseiten weitergeleitet (teilweise Seiten, die Software zum Reparieren des PC anbieten). Entsprechend Ihrer Anleitung habe ich bereits die Schritte 1-3 durchgeführt und hoffe, dass Sie mir helfen können. Viele Grüße, Williams Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:57 on 20/03/2014 (Wilhelms)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Wilhelms (administrator) on WILHELMS-THINK on 20-03-2014 15:14:23
Running from C:\Users\Wilhelms\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe
() C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] - C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ScanSoft OmniPage SE 16-reminder] - C:\Program Files (x86)\ScanSoft\OmniPage16\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-20] (Google Inc.)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\MountPoints2: {4963afac-c126-11e2-b484-806e6f6e6963} - Q:\LenovoQDrive.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll (Phoenix Media)
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll (hdideo)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll (Phoenix Media)
BHO-x32: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho.dll (hdideo)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: ResultsAlpha - {cbab673a-a480-4050-bd2b-5de24a7a0282} - C:\Program Files (x86)\ResultsAlpha\ResultsAlphabho.dll (ResultsAlpha)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default
FF user.js: detected! => C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default\user.js
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1<mpl=googlemail&emr=1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 bupService; C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-19] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2013-03-19] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2785280 2013-03-19] (Firebird Project)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 Update ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe [348960 2014-03-19] ()
R2 Util ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe [348960 2014-03-19] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [177152 2012-02-02] ( )
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 15:14 - 2014-03-20 15:14 - 00017724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:24 - 2014-03-20 13:26 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:16 - 2014-03-20 14:43 - 00003106 _____ () C:\Windows\Tasks\Weather It Up-chromeinstaller.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00002440 _____ () C:\Windows\Tasks\Weather It Up-firefoxinstaller.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001524 _____ () C:\Windows\Tasks\Weather It Up-updater.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001478 _____ () C:\Windows\Tasks\Weather It Up-codedownloader.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001358 _____ () C:\Windows\Tasks\Weather It Up-enabler.job
2014-03-20 13:16 - 2014-03-20 13:16 - 00004554 _____ () C:\Windows\System32\Tasks\Weather It Up-updater
2014-03-20 13:16 - 2014-03-20 13:16 - 00004508 _____ () C:\Windows\System32\Tasks\Weather It Up-codedownloader
2014-03-20 13:16 - 2014-03-20 13:16 - 00004388 _____ () C:\Windows\System32\Tasks\Weather It Up-enabler
2014-03-20 13:16 - 2014-03-20 13:16 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 14:43 - 00000168 _____ () C:\Windows\setupact.log
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 12:12 - 2014-03-20 07:50 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\systweak
2014-03-19 12:12 - 2014-02-26 18:45 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:51 - 2014-03-19 08:52 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:42 - 2014-03-20 14:43 - 00003090 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00002308 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001502 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001456 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001356 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-19 08:42 - 2014-03-19 15:33 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-19 08:42 - 2014-03-19 08:42 - 00004532 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-19 08:42 - 2014-03-19 08:42 - 00004486 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-19 08:42 - 2014-03-19 08:42 - 00004386 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-19 08:39 - 2014-03-19 08:50 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\DownloadGuide
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-12 10:27 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:27 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:27 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:27 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:27 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:27 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:27 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 10:25 - 2014-03-05 10:32 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-03-05 10:29 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-04 13:28 - 2014-03-04 14:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:15 - 2014-03-04 13:16 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:53 - 2014-03-03 07:55 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 11:13 - 2013-06-27 15:02 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKW3C03Z117
2014-02-28 10:45 - 2014-02-28 10:47 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-28 10:59 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-25 09:34 - 2014-02-25 09:35 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:48 - 2014-02-28 18:09 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:58 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Style
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\webkit
2014-02-19 11:12 - 2014-02-19 11:12 - 00000893 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-02-19 10:34 - 2014-02-19 10:34 - 00003304 _____ () C:\Users\Wilhelms\AppData\Local\recently-used.xbel
2014-02-19 10:07 - 2014-02-19 10:34 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gtk-2.0
2014-02-19 10:07 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\.thumbnails
2014-02-19 10:06 - 2014-02-19 11:21 - 00000000 ____D () C:\Users\Wilhelms\.gimp-2.8
2014-02-19 10:06 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gegl-0.2
2014-02-19 10:04 - 2014-02-19 10:04 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-19 09:32 - 2014-02-19 09:38 - 90396104 _____ (The GIMP Team ) C:\Users\Wilhelms\Downloads\gimp-2.8.10-setup.exe
2014-02-19 08:41 - 2014-02-19 08:41 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 08:41 - 2014-02-19 08:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-18 19:18 - 2014-02-18 19:23 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{6FF997C2-2B85-4A05-9162-404303D1463F}
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{2B3194B4-E0FE-430F-8F1A-692B86C2406B}
2014-02-18 18:52 - 2014-02-18 18:52 - 00001726 _____ () C:\Users\Public\Desktop\Sprengnetter-Bibliothek 25.0.lnk
2014-02-18 18:51 - 2014-02-18 18:51 - 00000000 ____D () C:\WFSoftware
2014-02-18 18:13 - 2014-02-18 18:35 - 330404011 _____ () C:\Users\Wilhelms\Downloads\bibliothek.zip
2014-02-18 16:57 - 2014-02-18 16:57 - 00000000 ____D () C:\ProgramData\Sprengnetter
2014-02-18 15:08 - 2014-02-19 08:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ___SD () C:\Users\Public\Desktop\Sprengnetter-Software
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\ProgramData\Sun
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Firebird
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-02-18 15:08 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-18 15:08 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-18 15:08 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-18 15:08 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-18 15:08 - 2013-03-19 11:00 - 00462848 _____ (IBPhoenix) C:\Windows\SysWOW64\Firebird2Control.cpl
2014-02-18 15:08 - 2013-03-19 10:58 - 00450560 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2014-02-18 15:08 - 2013-03-19 10:58 - 00450560 _____ (Firebird Project) C:\Windows\SysWOW64\FBCLIENT.DLL
2014-02-18 15:08 - 1999-11-12 05:11 - 00184832 _____ () C:\Windows\SysWOW64\BDEADMIN.CPL
2014-02-18 15:07 - 2014-02-18 18:45 - 00000000 ____D () C:\Program Files (x86)\WFSoftware
2014-02-18 14:46 - 2014-03-04 14:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-02-18 14:24 - 2014-02-18 14:56 - 441516978 _____ () C:\Users\Wilhelms\Downloads\Setup_2013.zip
2014-02-18 13:41 - 2014-03-07 20:16 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 13:37 - 2014-02-18 13:40 - 35670176 _____ (Skype Technologies S.A.) C:\Users\Wilhelms\Downloads\SkypeSetup13Full.exe
2014-02-18 13:36 - 2014-02-18 13:36 - 00008360 _____ () C:\Windows\system32\lvcoinst.log
2014-02-18 13:36 - 2014-02-18 13:36 - 00000000 ____D () C:\Program Files\Common Files\logishrd
==================== One Month Modified Files and Folders =======
2014-03-20 15:14 - 2014-03-20 15:14 - 00017724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:57 - 2014-02-06 17:06 - 00000000 ____D () C:\Users\Wilhelms
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 14:50 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 14:50 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 14:47 - 2013-05-20 19:16 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-03-20 14:47 - 2013-05-20 19:16 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-03-20 14:47 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 14:46 - 2013-05-20 09:27 - 01831893 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 14:43 - 2014-03-20 13:16 - 00003106 _____ () C:\Windows\Tasks\Weather It Up-chromeinstaller.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00002440 _____ () C:\Windows\Tasks\Weather It Up-firefoxinstaller.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001524 _____ () C:\Windows\Tasks\Weather It Up-updater.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001478 _____ () C:\Windows\Tasks\Weather It Up-codedownloader.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001358 _____ () C:\Windows\Tasks\Weather It Up-enabler.job
2014-03-20 14:43 - 2014-03-20 11:36 - 00000168 _____ () C:\Windows\setupact.log
2014-03-20 14:43 - 2014-03-19 08:42 - 00003090 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00002308 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001502 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001456 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001356 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-20 14:43 - 2013-05-20 09:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 14:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 14:41 - 2013-05-20 09:39 - 629752320 ___SH () C:\Windows\lenovo_fastboot.img
2014-03-20 14:33 - 2013-05-20 09:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 14:24 - 2014-02-11 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:26 - 2014-03-20 13:24 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:20 - 2014-02-10 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 13:18 - 2014-02-06 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-20 13:16 - 2014-03-20 13:16 - 00004554 _____ () C:\Windows\System32\Tasks\Weather It Up-updater
2014-03-20 13:16 - 2014-03-20 13:16 - 00004508 _____ () C:\Windows\System32\Tasks\Weather It Up-codedownloader
2014-03-20 13:16 - 2014-03-20 13:16 - 00004388 _____ () C:\Windows\System32\Tasks\Weather It Up-enabler
2014-03-20 13:16 - 2014-03-20 13:16 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 07:50 - 2014-03-19 12:12 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\systweak
2014-03-20 07:28 - 2014-02-06 17:07 - 00085760 _____ () C:\Users\Wilhelms\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 07:27 - 2009-07-14 05:45 - 00355912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 15:33 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-19 09:10 - 2014-02-06 22:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:52 - 2014-03-19 08:51 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:50 - 2014-03-19 08:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\DownloadGuide
2014-03-19 08:42 - 2014-03-19 08:42 - 00004532 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-19 08:42 - 2014-03-19 08:42 - 00004486 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-19 08:42 - 2014-03-19 08:42 - 00004386 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-18 10:08 - 2014-02-06 17:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 10:07 - 2014-02-06 17:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-17 08:29 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\LSC
2014-03-17 08:29 - 2013-05-20 19:08 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files\Lenovo
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:24 - 2014-02-11 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:24 - 2014-02-11 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:24 - 2014-02-11 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 20:16 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-03-06 14:31 - 2014-02-10 19:52 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Lenovo
2014-03-06 08:18 - 2013-05-20 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-06 08:18 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-05 10:32 - 2014-03-05 10:25 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:29 - 2014-03-05 10:24 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-02-11 19:26 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-04 14:25 - 2014-03-04 13:28 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-04 14:05 - 2014-02-18 14:46 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:24 - 2013-05-20 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 13:16 - 2014-03-04 13:15 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 23:42 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Microsoft Help
2014-03-03 23:10 - 2014-02-11 12:36 - 00000000 ____D () C:\ProgramData\AAV
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:55 - 2014-03-03 07:53 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-02 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 10:27 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 10:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 10:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 10:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 10:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 10:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 10:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 10:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 10:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 10:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 10:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 10:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 10:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 10:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 10:27 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 10:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 10:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 10:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 10:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 10:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 10:27 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 10:27 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 10:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 10:27 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 10:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 10:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 10:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 10:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 10:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 10:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 18:09 - 2014-02-22 20:48 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 10:59 - 2014-02-25 09:35 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-28 10:47 - 2014-02-28 10:45 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-26 18:45 - 2014-03-19 12:12 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-02-25 09:35 - 2014-02-25 09:34 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-25 09:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:01 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Adobe
2014-02-22 19:58 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Style
2014-02-19 11:21 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\.gimp-2.8
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\webkit
2014-02-19 11:12 - 2014-02-19 11:12 - 00000893 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-02-19 10:34 - 2014-02-19 10:34 - 00003304 _____ () C:\Users\Wilhelms\AppData\Local\recently-used.xbel
2014-02-19 10:34 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gtk-2.0
2014-02-19 10:07 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\.thumbnails
2014-02-19 10:06 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gegl-0.2
2014-02-19 10:04 - 2014-02-19 10:04 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-19 09:38 - 2014-02-19 09:32 - 90396104 _____ (The GIMP Team ) C:\Users\Wilhelms\Downloads\gimp-2.8.10-setup.exe
2014-02-19 08:41 - 2014-02-19 08:41 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 08:41 - 2014-02-19 08:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-19 08:41 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 19:23 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{6FF997C2-2B85-4A05-9162-404303D1463F}
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{2B3194B4-E0FE-430F-8F1A-692B86C2406B}
2014-02-18 18:52 - 2014-02-18 18:52 - 00001726 _____ () C:\Users\Public\Desktop\Sprengnetter-Bibliothek 25.0.lnk
2014-02-18 18:51 - 2014-02-18 18:51 - 00000000 ____D () C:\WFSoftware
2014-02-18 18:45 - 2014-02-18 15:07 - 00000000 ____D () C:\Program Files (x86)\WFSoftware
2014-02-18 18:35 - 2014-02-18 18:13 - 330404011 _____ () C:\Users\Wilhelms\Downloads\bibliothek.zip
2014-02-18 18:28 - 2013-05-20 09:41 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 18:28 - 2013-05-20 09:41 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 16:57 - 2014-02-18 16:57 - 00000000 ____D () C:\ProgramData\Sprengnetter
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ___SD () C:\Users\Public\Desktop\Sprengnetter-Software
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\ProgramData\Sun
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Firebird
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-02-18 14:56 - 2014-02-18 14:24 - 441516978 _____ () C:\Users\Wilhelms\Downloads\Setup_2013.zip
2014-02-18 13:41 - 2014-02-18 13:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 13:40 - 2014-02-18 13:37 - 35670176 _____ (Skype Technologies S.A.) C:\Users\Wilhelms\Downloads\SkypeSetup13Full.exe
2014-02-18 13:36 - 2014-02-18 13:36 - 00008360 _____ () C:\Windows\system32\lvcoinst.log
2014-02-18 13:36 - 2014-02-18 13:36 - 00000000 ____D () C:\Program Files\Common Files\logishrd
Some content of TEMP:
====================
C:\Users\Wilhelms\AppData\Local\Temp\FPPSetup.exe
C:\Users\Wilhelms\AppData\Local\Temp\lowproc.exe
C:\Users\Wilhelms\AppData\Local\Temp\RealPlayer2_20140108.exe
C:\Users\Wilhelms\AppData\Local\Temp\stubhelper.dll
C:\Users\Wilhelms\AppData\Local\Temp\weather-it-up_20140311.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 10:55
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-20 15:49:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC56 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wilhelms\AppData\Local\Temp\fftdipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[3964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[3964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe[4220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe[4220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe (*** suspicious ***) @ C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1652](2014-03-19 07:42:39) 0000000000400000
Library C:\Users\Wilhelms\AppData\Roaming\BupSystem\sub\default.dll (*** suspicious ***) @ C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1652](2014-03-19 07:42:48) 0000000002f50000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
20.03.2014, 20:10
| #2 |
  | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo, Williams und
__________________ Mir fehlt noch die Additions.txt. Sie sollte neben der FRST.txt liegen. Geändert von mort (20.03.2014 um 20:20 Uhr) |
|
20.03.2014, 20:29
| #3 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo mort,
__________________ja, mir ist das aufgefalllen, das diese txt-Datei nicht da ist. Ich hatte sie eigentlich abgespeichert, dachte ich zumindest. Soll ich dieses Programm nochmal ausführen, damit die Datei erstellt wird? |
|
20.03.2014, 20:34
| #4 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Sie sollte unter C:\Users\Wilhelms\Downloads liegen. |
|
20.03.2014, 20:36
| #5 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Vielen Dank. Ja, da ist sie: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Wilhelms at 2014-03-20 15:15:07
Running from C:\Users\Wilhelms\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
addplushd (HKLM-x32\...\addplushd) (Version: 1.34.3.6 - hdideo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AgroView SN 2014 (HKLM-x32\...\{36239D80-6108-4405-91C1-6B9F69B0AA35}) (Version: 3.0.125 - GAF AG)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2239633A-969C-39BF-B5C2-C172F44EC096}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0214.2237.40551 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2237.40551 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0214.2237.40551 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0214.2237.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0214.2236.40551 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0214.2237.40551 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Firebird 2.1.5.18497 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.5.18497 - Firebird Project)
G&D StarSign USB Token für ELSTER (HKLM-x32\...\InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}) (Version: 1.2.0 - Secunet Security Networks AG)
G&D StarSign USB Token für ELSTER (Version: 1.2.0 - Secunet Security Networks AG) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
OKI MC351/361/561 Scanner (HKLM-x32\...\InstallShield_{0BBAEB2B-2042-4C58-9F64-DC684E67A352}) (Version: 1.0.2.0 - Oki Data Corporation)
OKI PostScript Gamma Utility (HKLM-x32\...\{8F93941C-2ECF-40C6-A0AC-D0BE40E7911E}) (Version: 1.1.8 - Okidata)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Protegere (HKLM-x32\...\Protegere) (Version: - )
PureSync (x32 Version: 3.7.9 - Jumping Bytes) Hidden
PureSync 3.7.9 (HKLM-x32\...\PureSync) (Version: 3.7.9 - Jumping Bytes)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
ResultsAlpha (HKLM\...\ResultsAlpha) (Version: 2014.03.18.233345 - ResultsAlpha)
ScannerDriver (Version: 1.0.2.0 - Oki Data Corporation) Hidden
ScanSoft OmniPage SE 16 (HKLM-x32\...\{9F4EF688-774B-470C-A5A5-8E459C42D3EC}) (Version: 16.1.0000 - Nuance Communications, Inc.)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Software-Edition 2013 (HKLM-x32\...\{4543C6FA-89E7-4F1E-89A2-32F3FFEBB47E}) (Version: 30.0 - Sprengnetter GmbH)
Sprengnetter Bibliothek 25.0 (HKLM-x32\...\{11D63A06-3102-4AA2-830A-65FABE8E74E3}) (Version: 25 - Sprengnetter GmbH)
Sprengnetter-Bibliothek (HKLM-x32\...\{FC48331E-B17A-41B0-9237-10B96E4D9883}) (Version: 25.0 - Sprengnetter GmbH)
Sprengnetter-Bibliothek 25.0 (x32 Version: 25 - Sprengnetter GmbH) Hidden
Sprengnetter-JVEG (HKLM-x32\...\{6BB4934B-B823-4FCC-B6DC-2E8F7D59CED9}) (Version: 10.0 - Sprengnetter GmbH)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Template Manager 4.0 (HKLM-x32\...\{D360A313-4656-4A1F-929A-243F668C12DA}) (Version: 4.0.1 - Okidata)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.30.0 - Lenovo)
ThinkVantage Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.10.0007 - Lenovo Group Limited)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.2.1 - TP-LINK)
USB CCID Smartcard Reader - Version 1.2.1.2 (HKLM\...\{939913F9-F134-4E9E-B879-BE6755B69952}) (Version: 3.0.0.1 - USB CCID)
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Weather It Up (HKLM-x32\...\Weather It Up) (Version: 1.34.3.6 - Phoenix Media)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Advanced Micro Devices (AtiHDAudioService) MEDIA (10/18/2011 7.12.0.7704) (HKLM\...\7E26D65CA5110FF168A57B5C479134FA5450759B) (Version: 10/18/2011 7.12.0.7704 - Advanced Micro Devices)
Windows-Treiberpaket - Advanced Micro Devices, Inc. (amdkmdap) Display (02/14/2012 8.913.1.0000) (HKLM\...\4D7E325B73136CE735F86BC465965BFECB76C1AD) (Version: 02/14/2012 8.913.1.0000 - Advanced Micro Devices, Inc.)
Windows-Treiberpaket - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) (HKLM\...\5DE3700033F94FCFD8726BE46A6727E460254CD5) (Version: 01/03/2012 6.0.1.6543 - Realtek Semiconductor Corp.)
WISO Fahrtenbuch 2014 (HKLM-x32\...\{831729FC-0296-45DD-9AFB-A6C6591AA731}) (Version: 21.01.8499 - Buhl Data Service GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {10C9FF74-A711-4E46-9A3B-43DE9655FB78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {27169B4C-4EBA-4D2D-AA61-AACF0E3678FD} - System32\Tasks\Weather It Up-chromeinstaller => C:\Program Files (x86)\Weather It Up\Weather It Up-chromeinstaller.exe [2014-03-20] (Phoenix Media)
Task: {2B84CF81-631A-46F6-AB12-4DF9ED7F81BA} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {458B16AB-C1BE-4655-A6E6-45D7703AE6C4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {48C1ED82-19E3-44CA-87A3-95842F3FC40F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {5AE7910E-4712-4616-AF5D-E0CBF33616F9} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2012-05-15] (Lenovo)
Task: {5B10D507-6CE9-45FD-9DBF-3EE2D3718877} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {62C017A5-BFF6-4EEA-BA9A-2A8B2D3AEDFC} - System32\Tasks\addplushd-codedownloader => C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe [2014-03-19] (hdideo)
Task: {7C416333-D4C9-415A-A86C-A54E18619B7F} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Wilhelms-THINK.Wilhelms => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {897D42E4-28C8-4871-944A-BDFAE718FA33} - System32\Tasks\addplushd-enabler => C:\Program Files (x86)\addplushd\addplushd-enabler.exe [2014-03-19] (hdideo) <==== ATTENTION
Task: {9ABC86C4-3683-40EE-A97E-B7E56B9E9328} - System32\Tasks\Weather It Up-enabler => C:\Program Files (x86)\Weather It Up\Weather It Up-enabler.exe [2014-03-20] (Phoenix Media) <==== ATTENTION
Task: {9FEA4117-E917-4A34-B2C5-50747F6E6430} - System32\Tasks\Weather It Up-firefoxinstaller => C:\Program Files (x86)\Weather It Up\Weather It Up-firefoxinstaller.exe [2014-03-20] (Phoenix Media)
Task: {A96BDDFB-9CC0-4AA7-9244-E071B192AAB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {AEAABBB4-9365-4A15-8BA6-6077D79921DC} - System32\Tasks\Weather It Up-updater => C:\Program Files (x86)\Weather It Up\Weather It Up-updater.exe [2014-03-20] (Phoenix Media)
Task: {B72EBB5B-EFDD-4323-8C1B-9946DC3246F1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-921028674-1557540371-993933637-1000
Task: {BA52234E-CF32-4CE9-A024-28A52D8BD507} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PWMIDTSV.EXE [2012-02-22] (Lenovo Group Limited)
Task: {BB3E75B8-E658-46AD-AA0B-8E1674DEB93F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C61C3895-875C-4D74-96AE-867AA30CC6C9} - System32\Tasks\addplushd-chromeinstaller => C:\Program Files (x86)\addplushd\addplushd-chromeinstaller.exe [2014-03-19] (hdideo)
Task: {D646A6B4-ABEB-47C1-83F4-36CF2944DD95} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {DB5329AD-26E9-4D06-89E0-86F924D614E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DBF3D62F-9DD2-4FCA-B8EF-9F5D7F4AF730} - System32\Tasks\addplushd-firefoxinstaller => C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe [2014-03-19] (hdideo)
Task: {DE2D5421-C617-40CB-AC0E-230E66183685} - System32\Tasks\addplushd-updater => C:\Program Files (x86)\addplushd\addplushd-updater.exe [2014-03-19] (hdideo)
Task: {E321AF97-1C7C-4A35-937E-57423B371272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {E373E5C5-AA34-42A9-96AF-96D15EC2CFC9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {E863F75C-205E-4BEF-A73F-EA6E4E131212} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {EA8C7AB9-1227-4770-B4E3-91EECBE4CD16} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {FABEB877-657D-4AAB-BE54-8E4EF75181A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FCE18F58-99FE-442A-9AC9-D337FD94AE67} - System32\Tasks\Weather It Up-codedownloader => C:\Program Files (x86)\Weather It Up\Weather It Up-codedownloader.exe [2014-03-20] (Phoenix Media)
Task: C:\Windows\Tasks\addplushd-chromeinstaller.job => C:\Program Files (x86)\addplushd\addplushd-chromeinstaller.exe
Task: C:\Windows\Tasks\addplushd-codedownloader.job => C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe
Task: C:\Windows\Tasks\addplushd-enabler.job => C:\Program Files (x86)\addplushd\addplushd-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\addplushd-firefoxinstaller.job => C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe
Task: C:\Windows\Tasks\addplushd-updater.job => C:\Program Files (x86)\addplushd\addplushd-updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Weather It Up-chromeinstaller.job => C:\Program Files (x86)\Weather It Up\Weather It Up-chromeinstaller.exe
Task: C:\Windows\Tasks\Weather It Up-codedownloader.job => C:\Program Files (x86)\Weather It Up\Weather It Up-codedownloader.exe
Task: C:\Windows\Tasks\Weather It Up-enabler.job => C:\Program Files (x86)\Weather It Up\Weather It Up-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Weather It Up-firefoxinstaller.job => C:\Program Files (x86)\Weather It Up\Weather It Up-firefoxinstaller.exe
Task: C:\Windows\Tasks\Weather It Up-updater.job => C:\Program Files (x86)\Weather It Up\Weather It Up-updater.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-03-19 08:42 - 2014-03-19 08:42 - 01005056 _____ () C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe
2014-03-19 08:45 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-06 22:39 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-19 00:33 - 2014-03-19 00:33 - 00348960 _____ () C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe
2014-03-19 09:42 - 2014-03-19 09:42 - 00348960 _____ () C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe
2013-05-20 09:35 - 2012-02-12 19:10 - 00035840 ____N () C:\Program Files (x86)\Lenovo\PowerMgr\GR\PWMRT64V.DLL
2011-11-09 08:55 - 2011-11-09 08:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-14 21:35 - 2012-02-14 21:35 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-19 08:42 - 2014-03-19 08:42 - 00374272 _____ () C:\Users\Wilhelms\AppData\Roaming\BupSystem\sub\default.dll
2013-05-20 09:39 - 2012-01-17 07:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2014-03-20 12:22 - 2014-03-20 12:22 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 10:24 - 2014-03-12 10:24 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-02-14 13:52 - 2014-02-14 13:52 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-05-20 09:31 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-20 09:29 - 2011-12-16 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/20/2014 02:43:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 01:23:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/20/2014 01:23:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/20/2014 01:23:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/20/2014 01:23:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/20/2014 01:22:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/20/2014 01:20:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 11:36:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 08:48:10 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (03/20/2014 07:28:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/20/2014 02:53:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/20/2014 02:43:38 PM) (Source: SCardSvr) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (03/20/2014 01:30:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/20/2014 01:20:13 PM) (Source: SCardSvr) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (03/20/2014 11:46:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/20/2014 11:38:38 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Error: (03/20/2014 11:36:40 AM) (Source: SCardSvr) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (03/20/2014 07:37:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/20/2014 07:29:15 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Error: (03/20/2014 07:27:53 AM) (Source: SCardSvr) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.
Microsoft Office Sessions:
=========================
Error: (03/20/2014 02:43:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 01:23:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wilhelms\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe
Error: (03/20/2014 01:23:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wilhelms\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe
Error: (03/20/2014 01:23:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wilhelms\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe
Error: (03/20/2014 01:23:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wilhelms\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe
Error: (03/20/2014 01:22:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wilhelms\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe
Error: (03/20/2014 01:20:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 11:36:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 08:48:10 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (03/20/2014 07:28:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4052.3 MB
Available physical RAM: 2350.46 MB
Total Pagefile: 8102.77 MB
Available Pagefile: 6121.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:461.52 GB) (Free:421.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:454.85 GB) (Free:434.19 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 24A91A9C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=462 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
21.03.2014, 11:46
| #6 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Wir können bei Arbeitsrechnern gerne helfen. Bedenke aber, dass in den Logs möglicherweise wichtige Daten stehen.  Sieht nicht schlimm aus, sollten es schnell durchbringen. Wir müssen nur kurz etwas prüfen. Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
22.03.2014, 00:56
| #7 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo mort, vielen Dank für Deine Hilfe. Ich habe empfohlenen Scan durchlaufen lassen und als ergebnis stand dort: "Scan finished: No malware found!" Ich kann das Programm nur mit "Exit" verlassen. Soll ich den PC noch mal neustarten und noch mal einen Scan durchführen? Eine log-Datei habe ich nicht. Hallo mort, ich habe doch noch die log-Datei gefunden. Beim Starten der mbar.exe wurde ein Ordner auf dem Desktop abgelegt. Das habe ich erst jetzt gesehen. Hier kommt der Inhalt der mbar-log. Tut mir leid, dass ich das erst jetzt gesehen habe. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.21.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Wilhelms :: WILHELMS-THINK [administrator]
21.03.2014 12:34:49
mbar-log-2014-03-21 (12-34-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 239625
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
22.03.2014, 09:32
| #8 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Passt schon. Ist nur Adware. Schritt 1 Klicke bitte auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 Der ESET Scan kann lang dauern. ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
|
|
23.03.2014, 00:46
| #9 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo mort, vielen Dank. hier ist die Logdatei vom AdwCleaner: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 22/03/2014 um 22:22:47
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Wilhelms - WILHELMS-THINK
# Gestartet von : C:\Users\Wilhelms\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Partner Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Wilhelms\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Wilhelms\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144d94f1fbb2e135ea28968d28cf7bfd");
*************************
AdwCleaner[R0].txt - [3259 octets] - [22/03/2014 22:22:08]
AdwCleaner[S0].txt - [3082 octets] - [22/03/2014 22:22:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3142 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.22.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Wilhelms :: WILHELMS-THINK [Administrator] Schutz: Aktiviert 22.03.2014 22:49:28 mbam-log-2014-03-22 (22-49-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218515 Laufzeit: 2 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$Recycle.Bin\S-1-5-21-921028674-1557540371-993933637-1000\$R8C1G9E.exe (PUP.Optional.OptimumInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-921028674-1557540371-993933637-1000\$RKFTNGQ.exe (PUP.Optional.AirAdInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-921028674-1557540371-993933637-1000\$RTI6QQZ.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ... und hier nun die Logdateien aus Schritt 4 und 5: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b30fab9ccea1d14db2a42ad0565052ea
# engine=17561
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-22 11:29:11
# local_time=2014-03-23 12:29:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3826385 147160801 0 0
# scanned=193603
# found=0
# cleaned=0
# scan_time=4394
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Wilhelms (administrator) on WILHELMS-THINK on 23-03-2014 00:34:13
Running from C:\Users\Wilhelms\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] - C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ScanSoft OmniPage SE 16-reminder] - C:\Program Files (x86)\ScanSoft\OmniPage16\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-20] (Google Inc.)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\MountPoints2: {4963afac-c126-11e2-b484-806e6f6e6963} - Q:\LenovoQDrive.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 bupService; C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-19] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2013-03-19] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2785280 2013-03-19] (Firebird Project)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [177152 2012-02-02] ( )
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-22 23:10 - 2014-03-22 23:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-22 23:08 - 2014-03-22 23:08 - 02347384 _____ (ESET) C:\Users\Wilhelms\Downloads\esetsmartinstaller_enu.exe
2014-03-22 22:44 - 2014-03-22 22:44 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Malwarebytes
2014-03-22 22:43 - 2014-03-22 22:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-22 22:43 - 2014-03-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 22:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-22 22:27 - 2014-03-22 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wilhelms\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 19:08 - 2014-03-22 22:22 - 00000000 ____D () C:\AdwCleaner
2014-03-22 19:07 - 2014-03-22 19:07 - 01950720 _____ () C:\Users\Wilhelms\Desktop\adwcleaner.exe
2014-03-22 19:04 - 2014-03-22 22:56 - 00002538 _____ () C:\Windows\PFRO.log
2014-03-21 12:34 - 2014-03-21 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 12:34 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 12:31 - 2014-03-21 12:44 - 00000000 ____D () C:\Users\Wilhelms\Desktop\mbar
2014-03-21 12:31 - 2014-03-21 12:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 12:29 - 2014-03-21 12:30 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Wilhelms\Downloads\mbar-1.07.0.1009.exe
2014-03-20 16:01 - 2014-03-20 16:01 - 545874178 _____ () C:\Windows\MEMORY.DMP
2014-03-20 16:01 - 2014-03-20 16:01 - 00274816 _____ () C:\Windows\Minidump\032014-15475-01.dmp
2014-03-20 16:01 - 2014-03-20 16:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\LSC
2014-03-20 15:22 - 2014-03-20 15:22 - 00380416 _____ () C:\Users\Wilhelms\Desktop\Gmer-19357.exe
2014-03-20 15:15 - 2014-03-20 15:15 - 00041359 _____ () C:\Users\Wilhelms\Downloads\Addition.txt
2014-03-20 15:14 - 2014-03-23 00:34 - 00016724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-23 00:34 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:24 - 2014-03-20 13:26 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-22 22:56 - 00000672 _____ () C:\Windows\setupact.log
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:51 - 2014-03-19 08:52 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:42 - 2014-03-22 19:04 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-12 10:27 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:27 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:27 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:27 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:27 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:27 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:27 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 10:25 - 2014-03-05 10:32 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-03-05 10:29 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:15 - 2014-03-04 13:16 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:53 - 2014-03-03 07:55 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 11:13 - 2013-06-27 15:02 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKW3C03Z117
2014-02-28 10:45 - 2014-02-28 10:47 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-28 10:59 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-25 09:34 - 2014-02-25 09:35 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:48 - 2014-02-28 18:09 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:58 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
==================== One Month Modified Files and Folders =======
2014-03-23 00:34 - 2014-03-20 15:14 - 00016724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-23 00:34 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-23 00:33 - 2013-05-20 09:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 00:24 - 2014-02-11 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 23:16 - 2013-05-20 09:27 - 01953405 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 23:10 - 2014-03-22 23:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-22 23:08 - 2014-03-22 23:08 - 02347384 _____ (ESET) C:\Users\Wilhelms\Downloads\esetsmartinstaller_enu.exe
2014-03-22 23:03 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 23:03 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 23:00 - 2013-05-20 19:16 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-03-22 23:00 - 2013-05-20 19:16 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-03-22 23:00 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 22:56 - 2014-03-22 19:04 - 00002538 _____ () C:\Windows\PFRO.log
2014-03-22 22:56 - 2014-03-20 11:36 - 00000672 _____ () C:\Windows\setupact.log
2014-03-22 22:56 - 2013-05-20 09:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 22:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 22:44 - 2014-03-22 22:44 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Malwarebytes
2014-03-22 22:43 - 2014-03-22 22:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-22 22:43 - 2014-03-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 22:28 - 2014-03-22 22:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wilhelms\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 22:22 - 2014-03-22 19:08 - 00000000 ____D () C:\AdwCleaner
2014-03-22 19:07 - 2014-03-22 19:07 - 01950720 _____ () C:\Users\Wilhelms\Desktop\adwcleaner.exe
2014-03-22 19:04 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-21 12:44 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 12:44 - 2014-03-21 12:31 - 00000000 ____D () C:\Users\Wilhelms\Desktop\mbar
2014-03-21 12:34 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 12:31 - 2014-03-21 12:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 12:30 - 2014-03-21 12:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Wilhelms\Downloads\mbar-1.07.0.1009.exe
2014-03-20 16:01 - 2014-03-20 16:01 - 545874178 _____ () C:\Windows\MEMORY.DMP
2014-03-20 16:01 - 2014-03-20 16:01 - 00274816 _____ () C:\Windows\Minidump\032014-15475-01.dmp
2014-03-20 16:01 - 2014-03-20 16:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\LSC
2014-03-20 15:22 - 2014-03-20 15:22 - 00380416 _____ () C:\Users\Wilhelms\Desktop\Gmer-19357.exe
2014-03-20 15:15 - 2014-03-20 15:15 - 00041359 _____ () C:\Users\Wilhelms\Downloads\Addition.txt
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:57 - 2014-02-06 17:06 - 00000000 ____D () C:\Users\Wilhelms
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 14:41 - 2013-05-20 09:39 - 629752320 ___SH () C:\Windows\lenovo_fastboot.img
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:26 - 2014-03-20 13:24 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:20 - 2014-02-10 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 13:18 - 2014-02-06 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 07:28 - 2014-02-06 17:07 - 00085760 _____ () C:\Users\Wilhelms\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 07:27 - 2009-07-14 05:45 - 00355912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 09:10 - 2014-02-06 22:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:52 - 2014-03-19 08:51 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-18 10:08 - 2014-02-06 17:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 10:07 - 2014-02-06 17:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-17 08:29 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\LSC
2014-03-17 08:29 - 2013-05-20 19:08 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files\Lenovo
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:24 - 2014-02-11 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:24 - 2014-02-11 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:24 - 2014-02-11 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 20:16 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-03-06 14:31 - 2014-02-10 19:52 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Lenovo
2014-03-06 08:18 - 2013-05-20 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-06 08:18 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-05 10:32 - 2014-03-05 10:25 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:29 - 2014-03-05 10:24 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-02-11 19:26 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-04 14:05 - 2014-02-18 14:46 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:24 - 2013-05-20 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 13:16 - 2014-03-04 13:15 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 23:42 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Microsoft Help
2014-03-03 23:10 - 2014-02-11 12:36 - 00000000 ____D () C:\ProgramData\AAV
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:55 - 2014-03-03 07:53 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-02 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 10:27 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 10:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 10:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 10:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 10:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 10:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 10:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 10:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 10:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 10:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 10:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 10:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 10:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 10:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 10:27 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 10:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 10:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 10:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 10:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 10:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 10:27 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 10:27 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 10:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 10:27 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 10:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 10:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 10:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 10:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 10:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 10:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 18:09 - 2014-02-22 20:48 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 10:59 - 2014-02-25 09:35 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-28 10:47 - 2014-02-28 10:45 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-25 09:34 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-25 09:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:01 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Adobe
2014-02-22 19:58 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
Some content of TEMP:
====================
C:\Users\Wilhelms\AppData\Local\Temp\FPPSetup.exe
C:\Users\Wilhelms\AppData\Local\Temp\lowproc.exe
C:\Users\Wilhelms\AppData\Local\Temp\Quarantine.exe
C:\Users\Wilhelms\AppData\Local\Temp\RealPlayer2_20140108.exe
C:\Users\Wilhelms\AppData\Local\Temp\stubhelper.dll
C:\Users\Wilhelms\AppData\Local\Temp\weather-it-up_20140311.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 17:41
==================== End Of Log ============================
--- --- --- |
|
23.03.2014, 09:54
| #10 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Noch ein paar reste. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 bupService; C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-19] ()
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-22 19:04 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
Ist nun noch ein Problem vorhanden? |
|
23.03.2014, 14:40
| #11 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Ich folge hier Deinen anweisungen und bin froh, dass ich so gut durchkomme. Vielen, vieln Dank. Hier nun die LOGdatei von Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Wilhelms at 2014-03-23 14:32:55 Run:1
Running from C:\Users\Wilhelms\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 bupService; C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-19] ()
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-22 19:04 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
bupService => Service stopped successfully.
bupService => Service deleted successfully.
C:\Users\Wilhelms\AppData\Roaming\Security System 2 => Moved successfully.
C:\Users\Wilhelms\AppData\Roaming\BupSystem => Moved successfully.
C:\Program Files (x86)\ResultsAlpha => Moved successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Wilhelms (administrator) on WILHELMS-THINK on 23-03-2014 14:34:55
Running from C:\Users\Wilhelms\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] - C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ScanSoft OmniPage SE 16-reminder] - C:\Program Files (x86)\ScanSoft\OmniPage16\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-20] (Google Inc.)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\MountPoints2: {4963afac-c126-11e2-b484-806e6f6e6963} - Q:\LenovoQDrive.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&ss=1&scc=1<mpl=googlemail&hl=de&emr=1&elo=1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2013-03-19] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2785280 2013-03-19] (Firebird Project)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [177152 2012-02-02] ( )
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-22 23:08 - 2014-03-22 23:08 - 02347384 _____ (ESET) C:\Users\Wilhelms\Downloads\esetsmartinstaller_enu.exe
2014-03-22 22:44 - 2014-03-22 22:44 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Malwarebytes
2014-03-22 22:43 - 2014-03-22 22:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-22 22:43 - 2014-03-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 22:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-22 22:27 - 2014-03-22 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wilhelms\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 19:08 - 2014-03-22 22:22 - 00000000 ____D () C:\AdwCleaner
2014-03-22 19:07 - 2014-03-22 19:07 - 01950720 _____ () C:\Users\Wilhelms\Desktop\adwcleaner.exe
2014-03-22 19:04 - 2014-03-22 22:56 - 00002538 _____ () C:\Windows\PFRO.log
2014-03-21 12:34 - 2014-03-21 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 12:34 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 12:31 - 2014-03-21 12:44 - 00000000 ____D () C:\Users\Wilhelms\Desktop\mbar
2014-03-21 12:31 - 2014-03-21 12:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 12:29 - 2014-03-21 12:30 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Wilhelms\Downloads\mbar-1.07.0.1009.exe
2014-03-20 16:01 - 2014-03-20 16:01 - 545874178 _____ () C:\Windows\MEMORY.DMP
2014-03-20 16:01 - 2014-03-20 16:01 - 00274816 _____ () C:\Windows\Minidump\032014-15475-01.dmp
2014-03-20 16:01 - 2014-03-20 16:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\LSC
2014-03-20 15:22 - 2014-03-20 15:22 - 00380416 _____ () C:\Users\Wilhelms\Desktop\Gmer-19357.exe
2014-03-20 15:15 - 2014-03-20 15:15 - 00041359 _____ () C:\Users\Wilhelms\Downloads\Addition.txt
2014-03-20 15:14 - 2014-03-23 14:34 - 00016747 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-23 14:34 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:24 - 2014-03-20 13:26 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-23 14:21 - 00000840 _____ () C:\Windows\setupact.log
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:51 - 2014-03-19 08:52 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-12 10:27 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:27 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:27 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:27 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:27 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:27 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:27 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 10:25 - 2014-03-05 10:32 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-03-05 10:29 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:15 - 2014-03-04 13:16 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:53 - 2014-03-03 07:55 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 11:13 - 2013-06-27 15:02 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKW3C03Z117
2014-02-28 10:45 - 2014-02-28 10:47 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-28 10:59 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-25 09:34 - 2014-02-25 09:35 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:48 - 2014-02-28 18:09 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:58 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
==================== One Month Modified Files and Folders =======
2014-03-23 14:35 - 2014-03-20 15:14 - 00016747 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-23 14:34 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-23 14:33 - 2013-05-20 09:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 14:29 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 14:29 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 14:26 - 2013-05-20 19:16 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-03-23 14:26 - 2013-05-20 19:16 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-03-23 14:26 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 14:24 - 2014-02-11 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 14:22 - 2013-05-20 09:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 14:21 - 2014-03-20 11:36 - 00000840 _____ () C:\Windows\setupact.log
2014-03-23 14:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 11:27 - 2013-05-20 09:27 - 01971638 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 23:08 - 2014-03-22 23:08 - 02347384 _____ (ESET) C:\Users\Wilhelms\Downloads\esetsmartinstaller_enu.exe
2014-03-22 22:56 - 2014-03-22 19:04 - 00002538 _____ () C:\Windows\PFRO.log
2014-03-22 22:44 - 2014-03-22 22:44 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Malwarebytes
2014-03-22 22:43 - 2014-03-22 22:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-22 22:43 - 2014-03-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 22:28 - 2014-03-22 22:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wilhelms\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 22:22 - 2014-03-22 19:08 - 00000000 ____D () C:\AdwCleaner
2014-03-22 19:07 - 2014-03-22 19:07 - 01950720 _____ () C:\Users\Wilhelms\Desktop\adwcleaner.exe
2014-03-21 12:44 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 12:44 - 2014-03-21 12:31 - 00000000 ____D () C:\Users\Wilhelms\Desktop\mbar
2014-03-21 12:34 - 2014-03-21 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 12:31 - 2014-03-21 12:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 12:30 - 2014-03-21 12:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Wilhelms\Downloads\mbar-1.07.0.1009.exe
2014-03-20 16:01 - 2014-03-20 16:01 - 545874178 _____ () C:\Windows\MEMORY.DMP
2014-03-20 16:01 - 2014-03-20 16:01 - 00274816 _____ () C:\Windows\Minidump\032014-15475-01.dmp
2014-03-20 16:01 - 2014-03-20 16:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\LSC
2014-03-20 15:22 - 2014-03-20 15:22 - 00380416 _____ () C:\Users\Wilhelms\Desktop\Gmer-19357.exe
2014-03-20 15:15 - 2014-03-20 15:15 - 00041359 _____ () C:\Users\Wilhelms\Downloads\Addition.txt
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:57 - 2014-02-06 17:06 - 00000000 ____D () C:\Users\Wilhelms
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 14:41 - 2013-05-20 09:39 - 629752320 ___SH () C:\Windows\lenovo_fastboot.img
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:26 - 2014-03-20 13:24 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:20 - 2014-02-10 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 13:18 - 2014-02-06 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 07:28 - 2014-02-06 17:07 - 00085760 _____ () C:\Users\Wilhelms\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 07:27 - 2009-07-14 05:45 - 00355912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 09:10 - 2014-02-06 22:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:52 - 2014-03-19 08:51 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-18 10:08 - 2014-02-06 17:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 10:07 - 2014-02-06 17:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-17 08:29 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\LSC
2014-03-17 08:29 - 2013-05-20 19:08 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files\Lenovo
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:24 - 2014-02-11 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:24 - 2014-02-11 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:24 - 2014-02-11 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 20:16 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-03-06 14:31 - 2014-02-10 19:52 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Lenovo
2014-03-06 08:18 - 2013-05-20 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-06 08:18 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-05 10:32 - 2014-03-05 10:25 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:29 - 2014-03-05 10:24 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-02-11 19:26 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-04 14:05 - 2014-02-18 14:46 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:24 - 2013-05-20 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 13:16 - 2014-03-04 13:15 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 23:42 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Microsoft Help
2014-03-03 23:10 - 2014-02-11 12:36 - 00000000 ____D () C:\ProgramData\AAV
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:55 - 2014-03-03 07:53 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-02 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 10:27 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 10:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 10:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 10:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 10:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 10:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 10:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 10:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 10:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 10:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 10:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 10:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 10:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 10:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 10:27 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 10:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 10:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 10:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 10:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 10:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 10:27 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 10:27 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 10:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 10:27 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 10:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 10:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 10:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 10:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 10:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 10:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 18:09 - 2014-02-22 20:48 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 10:59 - 2014-02-25 09:35 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-28 10:47 - 2014-02-28 10:45 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-25 09:34 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-25 09:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:01 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Adobe
2014-02-22 19:58 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
Some content of TEMP:
====================
C:\Users\Wilhelms\AppData\Local\Temp\FPPSetup.exe
C:\Users\Wilhelms\AppData\Local\Temp\lowproc.exe
C:\Users\Wilhelms\AppData\Local\Temp\Quarantine.exe
C:\Users\Wilhelms\AppData\Local\Temp\RealPlayer2_20140108.exe
C:\Users\Wilhelms\AppData\Local\Temp\stubhelper.dll
C:\Users\Wilhelms\AppData\Local\Temp\weather-it-up_20140311.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 17:41
==================== End Of Log ============================
Soweit sieht es super aus. Die grünen und doppeltunterstrichenen Wörter mit dem Weiterleitungslink sind verschwunden. Hurra! Ob das alles war, werde ich wohl beim Weiterarbeiten sehen. Vielen Dank. Ist damit jetzt alles abgeschlossen auf meinem PC? |
|
24.03.2014, 08:44
| #12 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Ja, ist sauber. Damit hätten wir es geschaft.  Updates Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunter Klicke nun auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java- und Flash-Versionen. Falls du Java brauchst kannst du es wieder herunter laden:
Öffne bitte mit beiden Browsern Adobe - Adobe Flash Player installieren und lade dir die neueste Version herunter. Entferne beim installieren den Haken bei McAfee Security Plus. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.
Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Falls du dich bedanken willst, kannst du es hier gerne tun. Wenn du das Trojaner-Board untersützten willst, kannst du auch Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
25.03.2014, 13:17
| #13 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo mort, ich war erst skeptisch, ob ich das mit meinem Computerhintergrundwissen schaffe, deinen Anweisungen zu folgen, aber ich bin sehr, sehr zufrieden. Deine Erläuterungen waren super schnell und eindeutig. Ich kann wieder arbeiten Dank deiner Hilfe. Der Computer läuft wieder ohne lästige Werbelinks. VIELEN, vielen Dank. Ich kann euch nur weiter empfehlen. Macht weiter so! Beste Grüße von Williams Als Antivirenprogramm habe ich mir wieder "avast" eingestellt. Das hatte ich auch auf meinem alten Laptop und war damit zufrieden. Eine Spende für euch folgt noch! |
|
25.03.2014, 13:54
| #14 |
| | Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Danke für deine Antwort und die Spende |
|
| Themen zu Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten |
| administrator, adobe, automatische weiterleitung zu werbeseiten, browser, ccsetup, computer, continue, desktop, explorer, fehler, flash player, google, helper, homepage, mozilla, pdf, realtek, registry, scan, security, services.exe, svchost.exe, symantec, system, usb, werbefenster, windows, winlogon.exe |
Linear-Darstellung
