Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.08.2014, 00:10   #1
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Unglücklich

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Hallo,

ich habe wohl leider seit heute diesen Virus / Trojaner auf dem Rechner:
hxxp://search.fbdownloader.com/?channel=de_nt-Seite.
(Jedenfalls befürchte ich, dass es ein Virus ist, weil er hier in dem Forum schon öfters behandelt wurde).

Das Problem ist mir heute das erste Mal aufgefallen, bin ziemlich sicher, dass es gestern noch nicht da war. Und ich hab in letzter Zeit nichts neues installiert, nur Firefox aktualisiert.

Diese fbdownloader-Seite hatte meine übliche Startseite ersetzt, das hab ich geändert und sie auch aus der Suchmaschinenliste entfernt. Aber wenn ich einen neuen Tab öffne, kommt keine leere Seite sondern eben diese searchfb...

Das Antivirenprogramm Avira hat nichts angezeigt.

Vielen Dank im Voraus für Hilfe.

Alt 05.08.2014, 00:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.08.2014, 10:44   #3
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Hallo Cosinus,
Danke für Deine schnelle Antwort!

Dies sind die Fehlermeldungen aus dem Logfile / Avira:

Code:
ATTFilter
Exportierte Ereignisse:

04.08.2014 23:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\zzz\AppData\Local\Temp\nsnE46.tmp\nsJSON.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.08.2014 23:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\zzz\AppData\Local\Temp\nsnE46.tmp\nsJSON.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.08.2014 23:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\zzz\AppData\Local\Temp\nsnE46.tmp\nsJSON.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

04.08.2014 23:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\zzz\AppData\Local\Temp\nsnE46.tmp\nsJSON.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         

und hier die logs von FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by thinkpatty (administrator) on THINKPATTY-NOTEBOOK on 05-08-2014 11:21:47
Running from C:\Users\thinkpatty\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Gemalto N.V.) C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388160 2012-03-30] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [HotSync] => "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-22] (Gemalto N.V.)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [SSync] => C:\Users\thinkpatty\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [OMESupervisor] => C:\Users\thinkpatty\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [qupdate] => C:/Program Files (x86)/4Free Video Converter/ [0 ] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [SCheck] => C:\Users\thinkpatty\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [Snoozer] => C:\Users\thinkpatty\AppData\Roaming\Snz\Snz.exe [1628642 2014-08-03] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [DataMgr] => C:\Users\thinkpatty\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [Intermediate] => C:\Users\thinkpatty\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [Sixth] => C:\Users\thinkpatty\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-03] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\MountPoints2: {ced90391-0400-11e2-813f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Produktregistrierung.lnk
ShortcutTarget: Lenovo Produktregistrierung.lnk -> C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448
FF NewTab: about:blank
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Homepage: hxxp://camera.mvkofu.com/cgi-bin/livecam.cgi|about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\imdbcom-all.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-en-ssl.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-ssl-de.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\donottrackplus@abine.com [2014-07-12]
FF Extension: Furigana Inserter - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\furiganainserter@zorkzero.net [2014-01-04]
FF Extension: MaskMe - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\idme@abine.com [2014-03-05]
FF Extension: Rikaichan Japanese-German Dictionary File - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\rikaichan-jpde@polarcloud.com [2014-01-04]
FF Extension: Rikaichan - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2014-01-04]
FF Extension: YouTube Video and Audio Downloader - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-01-04]
FF Extension: Print / Print Preview (Update) - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-01-04]
FF Extension: Simple New Tab - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Undo Closed Tabs Button - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2014-01-04]
FF Extension: IMDB  Search - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-01-04]
FF Extension: Adblock Plus - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-09-21]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2011-04-05] (PalmSource, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 11:21 - 2014-08-05 11:22 - 00025662 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-05 11:21 - 2014-08-05 11:21 - 00000000 ____D () C:\FRST
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Snz
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Sixth
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\simple_new_tab
2014-08-01 21:40 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 21:40 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 21:40 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 21:40 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 21:40 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 21:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 22:02 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 22:02 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 22:02 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 22:01 - 2014-07-17 22:02 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-08 22:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 22:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:29 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:29 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:29 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:29 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 22:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 22:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 22:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 22:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 22:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:28 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:28 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:28 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:28 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 22:28 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:28 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 22:28 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 22:28 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 22:28 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 22:28 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 22:27 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:27 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 22:27 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 22:48 - 2014-07-13 00:47 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 11:22 - 2014-08-05 11:21 - 00025662 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-05 11:21 - 2014-08-05 11:21 - 00000000 ____D () C:\FRST
2014-08-05 11:02 - 2013-04-06 22:09 - 00068591 _____ () C:\Windows\setupact.log
2014-08-05 11:02 - 2012-09-22 03:11 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-08-05 11:02 - 2012-09-22 03:11 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-08-05 11:02 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 10:53 - 2012-09-21 17:31 - 01601799 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 10:52 - 2013-07-21 22:02 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\FreePDF_XP
2014-08-05 10:52 - 2013-03-13 20:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 10:03 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 10:03 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 01:12 - 2012-12-23 19:11 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\vlc
2014-08-04 23:46 - 2012-12-24 18:21 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86FF1390-C901-4334-BD04-C824B17AB4C5}
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Snz
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Sixth
2014-08-04 23:39 - 2014-08-04 23:39 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\simple_new_tab
2014-08-04 23:38 - 2013-06-26 00:07 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\SCheck
2014-08-04 23:38 - 2013-06-26 00:07 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\DataMgr
2014-08-03 00:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-31 21:16 - 2013-05-11 07:31 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\TV-Browser
2014-07-31 17:19 - 2013-01-12 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-28 22:33 - 2013-04-01 14:38 - 185753063 _____ () C:\Windows\system32\Drivers\TRACES.TXT
2014-07-27 10:57 - 2012-12-20 03:33 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Skype
2014-07-27 08:44 - 2012-12-28 23:05 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\dvdcss
2014-07-24 20:49 - 2013-05-08 00:03 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:37 - 2013-03-14 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-17 22:01 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 22:02 - 2013-10-25 08:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 22:02 - 2013-06-28 08:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 00:47 - 2014-07-07 22:48 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe
2014-07-13 00:47 - 2014-06-13 20:38 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\LSC
2014-07-11 03:02 - 2014-07-17 22:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 22:02 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 21:51 - 2009-07-14 06:45 - 00289760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 21:50 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 02:52 - 2013-07-17 10:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 02:50 - 2012-12-21 02:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 23:50 - 2013-03-13 20:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:50 - 2012-12-20 01:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:50 - 2012-12-20 01:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\zweitie\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\thinkpatty\AppData\Local\Temp\avgnt.exe
C:\Users\thinkpatty\AppData\Local\Temp\conduitinstaller.exe
C:\Users\thinkpatty\AppData\Local\Temp\jna1392145300159319316.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna473201254396229551.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna4816647515258307023.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\nse4F73.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsfF60E.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj359.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj87F3.exe
C:\Users\thinkpatty\AppData\Local\Temp\nso1456.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstEACF.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstF9F1.exe
C:\Users\thinkpatty\AppData\Local\Temp\nszDD50.exe
C:\Users\thinkpatty\AppData\Local\Temp\SkypeSetup.exe
C:\Users\thinkpatty\AppData\Local\Temp\SPStub.exe
C:\Users\thinkpatty\AppData\Local\Temp\tbHots.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 22:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


und das Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by thinkpatty at 2014-08-05 11:22:40
Running from C:\Users\thinkpatty\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Audition Loopology Content (x32 Version: 3.0.0 - Ihr Firmenname) Hidden
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InCopy CS2 (HKLM-x32\...\Adobe InCopy CS2 - {C35B3785-531C-4D00-9EFA-44A130BFF73F}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InCopy CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (x32 Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.9 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Avid Codecs LE (HKLM-x32\...\{6CA8F328-2590-4232-9A2D-B50F72F41863}) (Version: 2.3.8 - Ihr Firmenname)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bonsai (HKLM-x32\...\{82CEE465-6031-44B7-99C6-556179B3FEDD}) (Version:  - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.27 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2100 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayNotez Desktop (HKLM-x32\...\{57EEC188-B921-48CD-9F0F-A10542AA22F7}) (Version:  - )
DramaQueen (HKLM-x32\...\DramaQueen) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
FotoStation Pro (HKLM-x32\...\{5E96FF24-E3EF-42FA-A212-ACEC6251C564}) (Version:  - )
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Free Videos To DVD V 4.0.0 (HKLM-x32\...\Free Videos To DVD_is1) (Version: 4.0.0.0 - Koyote soft)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMDb 3.5.3 (HKLM-x32\...\MyMDb_0) (Version:  - )
MyMDb 3.6 (HKLM-x32\...\MyMDb_1) (Version:  - )
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11700.17.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{89590A73-9AC3-48ED-B83E-6489900DED5A}) (Version: 10.5.10000 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Ihr Firmenname)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SplashID (HKLM-x32\...\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}) (Version: 4.16 - SplashData, Inc.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2100 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.06 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
TSST OEM Content (HKLM-x32\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
TV-Browser 3.3a (HKLM-x32\...\tvbrowser) (Version: 3.3a - TV-Browser Team)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrvAMDASF) System  (06/21/2012 16.1.4.17) (HKLM\...\A333D414B3783936ED9A3F663498AB82EB07B7A3) (Version: 06/21/2012 16.1.4.17 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (06/21/2012 16.1.4.17) (HKLM\...\FE61CFFCEFBF4E2D83AE176443D33414275365FC) (Version: 06/21/2012 16.1.4.17 - Synaptics)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-06-2014 08:04:29 Geplanter Prüfpunkt
06-07-2014 20:00:01 Geplanter Prüfpunkt
09-07-2014 00:48:58 Windows Update
17-07-2014 20:01:22 Installed Java 7 Update 65
23-07-2014 21:36:06 Windows Update
01-08-2014 19:39:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0400AA8E-CEB2-4722-9D7F-33CD94B8AF86} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {096F735B-A3A3-42C6-83A5-637F8EDA7730} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2C76250E-6CED-47E5-9675-18E0792897EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {2E9EAA4B-DB11-41C1-834B-E7B76051A26F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {2EC20A49-CACF-44C0-9FC4-244B22B03353} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {35F4E4E9-B36E-40B3-99C4-CE46E80AF4C7} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {54285433-D926-45B1-8E2F-9095FB61A3B2} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2012-05-15] (Lenovo)
Task: {5F13C138-371C-4C65-86D0-D45E2384586D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {652C1122-D9DC-4BEB-B2AC-2F3CBAA86751} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {7A198F95-9567-4937-815C-D4DD806B02D2} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {7DE0015F-68ED-4F30-A4A1-28A58B4DB1FC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {AC4366F4-522C-435C-8255-3008D9D748E9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {BCC556F6-4EF5-43C6-8AB0-6BE3DAE861AE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {BCE198D5-7C97-45C9-BA54-EB428587516A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C6524EC3-F8F8-47E6-973F-6A2286CF1D47} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for thinkpatty-NOTEBOOK.thinkpatty => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {D2679BEC-8639-4987-A56C-3C729C13D5DD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {DF1CE569-459A-4779-BF80-F387A247F0A0} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-07-21 22:01 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2012-09-21 17:48 - 2012-05-15 23:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-21 17:45 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-09-21 17:45 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2012-09-21 17:49 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-09-21 17:49 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-02-15 01:05 - 2012-02-15 01:37 - 11796096 _____ () C:\Users\thinkpatty\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-07-30 22:48 - 2014-07-30 22:48 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 09:56:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 11:55:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 11:41:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 08:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 09:13:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/03/2014 09:04:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 06:58:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 07:00:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 09:36:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 05:37:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/05/2014 10:59:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/05/2014 10:59:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/05/2014 10:59:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/05/2014 10:59:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/05/2014 10:59:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/05/2014 09:56:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (08/04/2014 11:55:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (08/04/2014 11:41:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (08/04/2014 08:34:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (08/03/2014 09:03:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (08/05/2014 09:56:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 11:55:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 11:41:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 08:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 09:13:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (08/03/2014 09:04:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2014 06:58:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 07:00:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 09:36:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 05:37:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8105.98 MB
Available physical RAM: 5757.02 MB
Total Pagefile: 16210.13 MB
Available Pagefile: 13655.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:125.92 GB) (Free:53.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (daten) (Fixed) (Total:322.75 GB) (Free:56.69 GB) NTFS
Drive e: (BLAUSTICK) (Removable) (Total:3.76 GB) (Free:2.45 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D100D3C3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.

==================== End Of Log ============================
         
__________________

Alt 05.08.2014, 11:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.08.2014, 12:47   #5
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Gleich kommen die ganzen Files, aber vorher schon mal die gute Nachricht, dass jetzt "neuen Tab öffnen" zu einem neutral-leeren Tab führt (und nicht mehr auf die search.fb-Seite).


hier die ADW-Logdatei

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 05/08/2014 um 12:20:20
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : thinkpatty - THINKPATTY-NOTEBOOK
# Gestartet von : C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\simple_new_tab
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\thinkpatty\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\thinkpatty\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\thinkpatty\Documents\Mobogenie
Ordner Gelöscht : C:\Users\thinkpatty\Documents\Updater
Datei Gelöscht : C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Uninstall.exe
Datei Gelöscht : C:\Users\thinkpatty\daemonprocess.txt
Datei Gelöscht : C:\Users\thinkpatty\AppData\Local\omesuperv.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OMESupervisor]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_4free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_4free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiograbber_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiograbber_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avidemux_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avidemux_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eax-movie-catalog_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eax-movie-catalog_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_evernote_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_evernote_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_handbrake_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_handbrake_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mozilla-sunbird_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mozilla-sunbird_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mycam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mycam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mymdb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mymdb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nvu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nvu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sony-ericsson-pc-suite_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sony-ericsson-pc-suite_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tv-browser_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tv-browser_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winamp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winamp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vrt7igcb.default\prefs.js ]


[ Datei : C:\Users\zweitie\AppData\Roaming\Mozilla\Firefox\Profiles\8luato4z.default\prefs.js ]


[ Datei : C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\prefs.js ]

Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

*************************

AdwCleaner[R0].txt - [8852 octets] - [05/08/2014 12:17:26]
AdwCleaner[S0].txt - [8191 octets] - [05/08/2014 12:20:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8251 octets] ##########
         
--- --- ---

[/code]


hier die JRT-Logfile

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by thinkpatty on 05.08.2014 at 12:34:05,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{061E8BBE-C216-4639-8C6D-EDBFAFDBF762}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{2FC63DE4-8A14-444E-AD51-6E617768AA1E}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{721C2064-981D-441F-AB1E-19519403D592}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{B184AC23-3971-4FCD-B058-12851E65B702}
Successfully deleted: [Empty Folder] C:\Users\thinkpatty\appdata\local\{EC21CA4C-D5B6-4ED2-8B4D-86F0EA9D6213}



~~~ FireFox

Successfully deleted the following from C:\Users\thinkpatty\AppData\Roaming\mozilla\firefox\profiles\as4scrmj.default-1388827521448\prefs.js

user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Deutsch");
user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Deutsch");
Emptied folder: C:\Users\thinkpatty\AppData\Roaming\mozilla\firefox\profiles\as4scrmj.default-1388827521448\minidumps [52 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.08.2014 at 12:41:26,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und hier die neue FRST-logfile:




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by thinkpatty (administrator) on THINKPATTY-NOTEBOOK on 05-08-2014 13:30:18
Running from C:\Users\thinkpatty\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Gemalto N.V.) C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388160 2012-03-30] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [HotSync] => "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\thinkpatty\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-22] (Gemalto N.V.)
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\Run: [qupdate] => C:/Program Files (x86)/4Free Video Converter/ [0 ] ()
HKU\S-1-5-21-3195242532-272872467-449839891-1000\...\MountPoints2: {ced90391-0400-11e2-813f-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Produktregistrierung.lnk
ShortcutTarget: Lenovo Produktregistrierung.lnk -> C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448
FF NewTab: about:blank
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF Homepage: hxxp://camera.mvkofu.com/cgi-bin/livecam.cgi|about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\imdbcom-all.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-en-ssl.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\wikipedia-ssl-de.xml
FF SearchPlugin: C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\donottrackplus@abine.com [2014-07-12]
FF Extension: Furigana Inserter - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\furiganainserter@zorkzero.net [2014-01-04]
FF Extension: MaskMe - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\idme@abine.com [2014-03-05]
FF Extension: Rikaichan Japanese-German Dictionary File - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\rikaichan-jpde@polarcloud.com [2014-01-04]
FF Extension: Rikaichan - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2014-01-04]
FF Extension: YouTube Video and Audio Downloader - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-01-04]
FF Extension: Print / Print Preview (Update) - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-01-04]
FF Extension: Undo Closed Tabs Button - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2014-01-04]
FF Extension: IMDB  Search - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-01-04]
FF Extension: Adblock Plus - C:\Users\thinkpatty\AppData\Roaming\Mozilla\Firefox\Profiles\as4scrmj.default-1388827521448\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-09-21]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2011-04-05] (PalmSource, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 12:41 - 2014-08-05 12:41 - 00001707 _____ () C:\Users\thinkpatty\Desktop\JRT.txt
2014-08-05 12:33 - 2014-08-05 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:32 - 2014-08-05 12:32 - 01016261 _____ (Thisisu) C:\Users\thinkpatty\Desktop\JRT.exe
2014-08-05 12:17 - 2014-08-05 12:20 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:17 - 2014-08-05 12:17 - 01361309 _____ () C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
2014-08-05 11:22 - 2014-08-05 11:23 - 00035490 _____ () C:\Users\thinkpatty\Downloads\Addition.txt
2014-08-05 11:21 - 2014-08-05 13:30 - 00023487 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 11:21 - 2014-08-05 13:30 - 00000000 ____D () C:\FRST
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-01 21:40 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 21:40 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 21:40 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 21:40 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 21:40 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 21:40 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 21:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 21:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 22:02 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 22:02 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 22:02 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 22:01 - 2014-07-17 22:02 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-08 22:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 22:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:29 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:29 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:29 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:29 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 22:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 22:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 22:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 22:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 22:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 22:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 22:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 22:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 22:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 22:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:28 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:28 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:28 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:28 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:28 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 22:28 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:28 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 22:28 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 22:28 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 22:28 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 22:28 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 22:28 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 22:28 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 22:28 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 22:28 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 22:28 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 22:27 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:27 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 22:27 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 22:48 - 2014-07-13 00:47 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 13:31 - 2014-08-05 11:21 - 00023487 _____ () C:\Users\thinkpatty\Downloads\FRST.txt
2014-08-05 13:30 - 2014-08-05 11:21 - 00000000 ____D () C:\FRST
2014-08-05 13:27 - 2012-09-22 03:11 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-08-05 13:27 - 2012-09-22 03:11 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-08-05 13:27 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 12:50 - 2013-03-13 20:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 12:41 - 2014-08-05 12:41 - 00001707 _____ () C:\Users\thinkpatty\Desktop\JRT.txt
2014-08-05 12:33 - 2014-08-05 12:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:33 - 2013-04-06 22:09 - 00068796 _____ () C:\Windows\setupact.log
2014-08-05 12:32 - 2014-08-05 12:32 - 01016261 _____ (Thisisu) C:\Users\thinkpatty\Desktop\JRT.exe
2014-08-05 12:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:25 - 2012-09-21 17:31 - 01609063 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 12:23 - 2013-07-21 22:02 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\FreePDF_XP
2014-08-05 12:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 12:21 - 2013-04-06 22:08 - 00278254 _____ () C:\Windows\PFRO.log
2014-08-05 12:20 - 2014-08-05 12:17 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:20 - 2013-06-26 00:07 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Common
2014-08-05 12:20 - 2012-12-19 21:35 - 00000000 ____D () C:\Users\thinkpatty
2014-08-05 12:17 - 2014-08-05 12:17 - 01361309 _____ () C:\Users\thinkpatty\Desktop\adwcleaner_3.302.exe
2014-08-05 11:23 - 2014-08-05 11:22 - 00035490 _____ () C:\Users\thinkpatty\Downloads\Addition.txt
2014-08-05 11:21 - 2014-08-05 11:21 - 02094080 _____ (Farbar) C:\Users\thinkpatty\Downloads\FRST64.exe
2014-08-05 01:12 - 2012-12-23 19:11 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\vlc
2014-08-04 23:46 - 2012-12-24 18:21 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86FF1390-C901-4334-BD04-C824B17AB4C5}
2014-08-03 00:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-31 21:16 - 2013-05-11 07:31 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\TV-Browser
2014-07-31 17:19 - 2013-01-12 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 22:48 - 2014-07-30 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 00:11 - 2014-07-30 00:11 - 00001084 _____ () C:\QcOSD.txt
2014-07-28 22:33 - 2013-04-01 14:38 - 185753063 _____ () C:\Windows\system32\Drivers\TRACES.TXT
2014-07-27 10:57 - 2012-12-20 03:33 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\Skype
2014-07-27 08:44 - 2012-12-28 23:05 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\dvdcss
2014-07-24 20:49 - 2013-05-08 00:03 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 20:43 - 2013-03-14 02:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:37 - 2013-03-14 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 22:02 - 2014-07-17 22:01 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 22:02 - 2013-10-25 08:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 22:02 - 2013-06-28 08:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 00:47 - 2014-07-07 22:48 - 00000000 ____D () C:\Users\thinkpatty\AppData\Local\Adobe
2014-07-13 00:47 - 2014-06-13 20:38 - 00000000 ____D () C:\Users\thinkpatty\AppData\Roaming\LSC
2014-07-11 03:02 - 2014-07-17 22:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 22:02 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 21:51 - 2009-07-14 06:45 - 00289760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 21:50 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 02:52 - 2013-07-17 10:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 02:50 - 2012-12-21 02:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 23:50 - 2013-03-13 20:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:50 - 2012-12-20 01:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:50 - 2012-12-20 01:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\zweitie\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\thinkpatty\AppData\Local\Temp\avgnt.exe
C:\Users\thinkpatty\AppData\Local\Temp\conduitinstaller.exe
C:\Users\thinkpatty\AppData\Local\Temp\jna1392145300159319316.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna473201254396229551.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jna4816647515258307023.hunspell-win-x86-32.dll
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\thinkpatty\AppData\Local\Temp\nse4F73.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsfF60E.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj359.exe
C:\Users\thinkpatty\AppData\Local\Temp\nsj87F3.exe
C:\Users\thinkpatty\AppData\Local\Temp\nso1456.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstEACF.exe
C:\Users\thinkpatty\AppData\Local\Temp\nstF9F1.exe
C:\Users\thinkpatty\AppData\Local\Temp\nszDD50.exe
C:\Users\thinkpatty\AppData\Local\Temp\Quarantine.exe
C:\Users\thinkpatty\AppData\Local\Temp\SkypeSetup.exe
C:\Users\thinkpatty\AppData\Local\Temp\SPStub.exe
C:\Users\thinkpatty\AppData\Local\Temp\tbHots.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 22:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

[/code]


Diesmal wurde keine neue Addition-Datei kreiert, hab ich da was falsch gemacht?


Alt 05.08.2014, 13:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
--> http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner

Alt 05.08.2014, 13:29   #7
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



hier der Addition-file

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by thinkpatty at 2014-08-05 14:06:41
Running from C:\Users\thinkpatty\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Audition Loopology Content (x32 Version: 3.0.0 - Ihr Firmenname) Hidden
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InCopy CS2 (HKLM-x32\...\Adobe InCopy CS2 - {C35B3785-531C-4D00-9EFA-44A130BFF73F}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InCopy CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (x32 Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.9 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Avid Codecs LE (HKLM-x32\...\{6CA8F328-2590-4232-9A2D-B50F72F41863}) (Version: 2.3.8 - Ihr Firmenname)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bonsai (HKLM-x32\...\{82CEE465-6031-44B7-99C6-556179B3FEDD}) (Version:  - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.27 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2100 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayNotez Desktop (HKLM-x32\...\{57EEC188-B921-48CD-9F0F-A10542AA22F7}) (Version:  - )
DramaQueen (HKLM-x32\...\DramaQueen) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
FotoStation Pro (HKLM-x32\...\{5E96FF24-E3EF-42FA-A212-ACEC6251C564}) (Version:  - )
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Free Videos To DVD V 4.0.0 (HKLM-x32\...\Free Videos To DVD_is1) (Version: 4.0.0.0 - Koyote soft)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMDb 3.5.3 (HKLM-x32\...\MyMDb_0) (Version:  - )
MyMDb 3.6 (HKLM-x32\...\MyMDb_1) (Version:  - )
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11700.17.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{89590A73-9AC3-48ED-B83E-6489900DED5A}) (Version: 10.5.10000 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Ihr Firmenname)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SplashID (HKLM-x32\...\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}) (Version: 4.16 - SplashData, Inc.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2100 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.06 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
TSST OEM Content (HKLM-x32\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
TV-Browser 3.3a (HKLM-x32\...\tvbrowser) (Version: 3.3a - TV-Browser Team)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrvAMDASF) System  (06/21/2012 16.1.4.17) (HKLM\...\A333D414B3783936ED9A3F663498AB82EB07B7A3) (Version: 06/21/2012 16.1.4.17 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (06/21/2012 16.1.4.17) (HKLM\...\FE61CFFCEFBF4E2D83AE176443D33414275365FC) (Version: 06/21/2012 16.1.4.17 - Synaptics)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3195242532-272872467-449839891-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\thinkpatty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-06-2014 08:04:29 Geplanter Prüfpunkt
06-07-2014 20:00:01 Geplanter Prüfpunkt
09-07-2014 00:48:58 Windows Update
17-07-2014 20:01:22 Installed Java 7 Update 65
23-07-2014 21:36:06 Windows Update
01-08-2014 19:39:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0400AA8E-CEB2-4722-9D7F-33CD94B8AF86} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {096F735B-A3A3-42C6-83A5-637F8EDA7730} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2C76250E-6CED-47E5-9675-18E0792897EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {2E9EAA4B-DB11-41C1-834B-E7B76051A26F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {2EC20A49-CACF-44C0-9FC4-244B22B03353} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {35F4E4E9-B36E-40B3-99C4-CE46E80AF4C7} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {54285433-D926-45B1-8E2F-9095FB61A3B2} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2012-05-15] (Lenovo)
Task: {5F13C138-371C-4C65-86D0-D45E2384586D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {652C1122-D9DC-4BEB-B2AC-2F3CBAA86751} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {7A198F95-9567-4937-815C-D4DD806B02D2} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {7DE0015F-68ED-4F30-A4A1-28A58B4DB1FC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {AC4366F4-522C-435C-8255-3008D9D748E9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {BCC556F6-4EF5-43C6-8AB0-6BE3DAE861AE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {BCE198D5-7C97-45C9-BA54-EB428587516A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C6524EC3-F8F8-47E6-973F-6A2286CF1D47} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for thinkpatty-NOTEBOOK.thinkpatty => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {D2679BEC-8639-4987-A56C-3C729C13D5DD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {DF1CE569-459A-4779-BF80-F387A247F0A0} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-07-21 22:01 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2012-09-21 17:45 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-09-21 17:45 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-21 17:48 - 2012-05-15 23:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2012-09-21 17:49 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-09-21 17:49 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-02-15 01:05 - 2012-02-15 01:37 - 11796096 _____ () C:\Users\thinkpatty\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-07-30 22:48 - 2014-07-30 22:48 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 02:06:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/05/2014 02:06:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/05/2014 02:06:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_gpl-ghostscript.exe

Error: (08/05/2014 02:06:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_nvu.exe


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 8105.98 MB
Available physical RAM: 5542.66 MB
Total Pagefile: 16210.13 MB
Available Pagefile: 13441.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:125.92 GB) (Free:53.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (daten) (Fixed) (Total:322.75 GB) (Free:56.69 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D100D3C3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 05.08.2014, 13:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.08.2014, 20:02   #9
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Hi cosinus,

Zitat:
Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an
Alle die ich habe oder nur die, die ich in der letzten Woche mal angeschlossen hatte (= 2 Sticks und 1 Smartphone)?

Hi cosinus,
ich habe den scan mit MBAM gemacht, und die Fehler in die Quarantäne verschoben (und noch nicht gelöscht).

hier der Logbericht:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.08.2014
Suchlauf-Zeit: 20:07:55
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.05.08
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: thinkpatty

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 388625
Verstrichene Zeit: 15 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-3195242532-272872467-449839891-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, , [4fad8e343b4051e5daa515d135cd659b], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\CT3317209, , [cb31ad15daa1b87e3ef689278b77f60a], 

Dateien: 32
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nse4F73.exe, , [2bd12c96671441f5ec55ba6ebe4320e0], 
PUP.Optional.SearchProtect.A, C:\Users\thinkpatty\AppData\Local\Temp\nso1456.exe, , [33c902c0de9dd363d67bfc373ac731cf], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nsj359.exe, , [da229f23413a2610d8690b1d50b1fb05], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nsj87F3.exe, , [2bd1bc065f1c58de1130111751b0738d], 
PUP.Optional.SearchProtect.A, C:\Users\thinkpatty\AppData\Local\Temp\nstEACF.exe, , [56a6ac1690ebaa8cfc5544efa55cfa06], 
PUP.Optional.SearchProtect.A, C:\Users\thinkpatty\AppData\Local\Temp\nstF9F1.exe, , [5f9dfbc789f23afc074a023134cdad53], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nszDD50.exe, , [a95316acb6c59d991b2654d423de0bf5], 
PUP.Optional.Conduit, C:\Users\thinkpatty\AppData\Local\Temp\tbHots.dll, , [8874fbc7b0cb3afc900f5ad56e922bd5], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\SPStub.exe, , [b5479c2686f590a635484cdad22fe719], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nsfF60E.exe, , [67956959c7b48da973ce03257b86827e], 
PUP.Optional.OpenCandy, C:\Users\thinkpatty\AppData\Local\Temp\nskA9BA.tmp\OCSetupHlp.dll, , [bb41fcc63348fb3b1175ae3916ee25db], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nskA9BA.tmp\BI\BI.exe, , [9b61af13c1bacf67324546de8b756898], 
PUP.Optional.OpenCandy, C:\Users\thinkpatty\AppData\Local\Temp\nse3DCE.tmp\OCSetupHlp.dll, , [50ac14aed7a488aeea9c9e49eb194eb2], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nse3DCE.tmp\BI\BI.exe, , [10ecc8fa0e6d84b214635aca45bb2bd5], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nstCF48\SpSetup.exe, , [679589396318df57c879f1371ae709f7], 
PUP.Optional.OpenCandy, C:\Users\thinkpatty\AppData\Local\Temp\nsu6230.tmp\OCSetupHlp.dll, , [4ab2843e97e481b5384e3bacc440ce32], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\nsu6230.tmp\BI\BI.exe, , [9b61c8fafe7d56e08bec1410e71905fb], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\Downloads\Avidemux_brff.exe, , [e814e2e04b30ff3731330e46b9488b75], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe, , [c9335b670c6fcd694eb5e3473bc64bb5], 
PUP.Optional.Softonic, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_dvd-shrink.exe, , [619b07bb82f993a305a0cb438e73ef11], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_eax-movie-catalog.exe, , [7488279b205bb284f70ca98148b99c64], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_evernote.exe, , [a15bdbe799e200369a691119778a4ab6], 
PUP.Optional.Softonic, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_gpl-ghostscript.exe, , [94687e442754c76fe2c3fc1209f8fb05], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_mycam.exe, , [d22a7a4805765cda03001911aa5748b8], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_mymdb.exe, , [ca327a48bdbece68a55e51d91ae7837d], 
PUP.Optional.Koyote.A, C:\Users\thinkpatty\Downloads\FreeEasyCDDVDBurnerSetup-r0-n-bf.exe, , [8577efd3d0abb4829f5d19301fe26d93], 
PUP.Optional.Koyote.A, C:\Users\thinkpatty\Downloads\FreeVideosToDVDSetup-r0-n-bf.exe, , [31cb0cb61b60ca6c7a823910de23e11f], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_quicktime.exe, , [ae4eedd5b7c459dd28db78b218e904fc], 
PUP.Optional.Softonic.A, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe, , [04f86c564536ae880bf83febc04135cb], 
PUP.Optional.Softonic, C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_nvu.exe, , [24d8467ca4d7999d2a7bf41aa859b848], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\conduitinstaller.exe, , [35c7bc060d6ea39331d5af869f6521df], 
PUP.Optional.Conduit.A, C:\Users\thinkpatty\AppData\Local\Temp\CT3317209\ddt.csf, , [cb31ad15daa1b87e3ef689278b77f60a], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Mit ESET mache ich weiter, wenn ich das mit den Sticks / ext. Festplatten verstanden hab.

Schon mal vielen Dank bis hier!

Alt 06.08.2014, 00:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Ähm, wie viele USB-Stick und Platten haste denn?

Grundsätzlich dient ESET nur der Kontrolle ob das System sauber ist, nicht wie es mit USB-Datenträgern bestellt ist.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2014, 09:15   #11
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Zitat:
Zitat von cosinus Beitrag anzeigen
Ähm, wie viele USB-Stick und Platten haste denn?
ich hab 2 externe Festplatten, die in den letzten Wochen aber nicht an den Rechner angeschlossen waren. und 3 usb-sticks und 1 Telefon.
der Rechner hat nur 2 usb-Anschlüsse.

Soll ich erst mal nur die beiden Sticks anschließen, die ich in letzter Zeit benutzt hab und dann ESET laufen lassen?

Alt 06.08.2014, 10:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Ja, so mach das mal
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2014, 21:38   #13
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Habe gerade die ESET-Prüfung abgeschlossen,
es gab 35 infizierte Dateien :-(

Hier der Inhalt vom ESET-logfile

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=09ea9d78fba51b49983b8dccea84802c
# engine=19530
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-06 08:24:56
# local_time=2014-08-06 10:24:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 130972 272779986 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13127922 158986546 0 0
# scanned=165941
# found=35
# cleaned=0
# scan_time=17066
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\thinkpatty\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\thinkpatty\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\456a7aaa4898da7bbdff88a06fd66a2a\MyPhoneExplorer_1.8.5.exe.vir"
sh=753708B21A190F0BFA98D7C65AC53492D68CA205 ft=1 fh=036dd4c0cd709774 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free Easy CD DVD Burner\Helper.dll"
sh=3386DA2CADF366DEE5EE4123C6F1739FAFE1FEFE ft=1 fh=ee9472f32cd813a8 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free Videos To DVD\Helper.dll"
sh=D5907316A3C8AC2F19234078F8EF3FA3038B0475 ft=1 fh=3919d26acdd857af vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VCA82RQ\hotspot_shield[1].exe"
sh=776C1BDC80950127EDA4D555545BB21618AE61AE ft=1 fh=12c6880e1253bcbf vn="Win32/InstallMonetizer.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VCA82RQ\MyPhoneExplorer_v2_5185[1].exe"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VCA82RQ\statisticsstub[1].exe"
sh=9FE1F2B1FB6F2E1BBBE7B068CD5F79832C36BE39 ft=1 fh=526118062f73ede6 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3I3BSU3\SPSetup[1].exe"
sh=46C04D1538599A9A0F2BA6D3F274A3C3C8C1E66D ft=1 fh=b7ab7837e8729a3b vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG7AVDAR\Hotspot_Shield[1].exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG7AVDAR\sp-downloader[1].exe"
sh=212ED8B01386C69F4610FB0D8ECEC6EC59F34EB9 ft=1 fh=ca9f110549e6e28e vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG7AVDAR\SPSetup[1].exe"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\conduitinstaller.exe"
sh=954C6BC07E97C488D4A1CCB6A810B320E5EDCC64 ft=1 fh=1655e6147d4f45a9 vn="Win32/Conduit.SearchProtect.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\SPStub.exe"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\tbHots.dll"
sh=8DE9F21E12D49A7888DC6630957AF3030C4C0371 ft=1 fh=a5f84d314dd44d92 vn="Variante von Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nse3DCE.tmp\wajam_validate.exe"
sh=0366AAD91C76F3E945C2FA00E87C35217FEA1AD0 ft=1 fh=7ae4608d7bd92252 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nse3DCE.tmp\webapphost.dll"
sh=B8F22AC737A7D0F96DE4AA1D41381DF3EBD3723B ft=1 fh=1b94e0ae40b2cc36 vn="Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nse3DCE.tmp\ProxyInstallerDir\ProxyInstaller.exe"
sh=8DE9F21E12D49A7888DC6630957AF3030C4C0371 ft=1 fh=a5f84d314dd44d92 vn="Variante von Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nskA9BA.tmp\wajam_validate.exe"
sh=0366AAD91C76F3E945C2FA00E87C35217FEA1AD0 ft=1 fh=7ae4608d7bd92252 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nskA9BA.tmp\webapphost.dll"
sh=B8F22AC737A7D0F96DE4AA1D41381DF3EBD3723B ft=1 fh=1b94e0ae40b2cc36 vn="Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nskA9BA.tmp\ProxyInstallerDir\ProxyInstaller.exe"
sh=212ED8B01386C69F4610FB0D8ECEC6EC59F34EB9 ft=1 fh=ca9f110549e6e28e vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nstCF48\SpSetup.exe"
sh=0366AAD91C76F3E945C2FA00E87C35217FEA1AD0 ft=1 fh=7ae4608d7bd92252 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\AppData\Local\Temp\nsu6230.tmp\webapphost.dll"
sh=C234DB2395BC851902AC46F5E55BD339E7B85917 ft=1 fh=6d48c92e2b3b4751 vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\Avidemux_brff.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\PDFCreator-1_7_2_setup.exe"
sh=79E1F49F37E85A037EB993C28E88F020F0827A36 ft=1 fh=0cea9d72a6b17cd8 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe"
sh=36CF854E4AB44B67704AFA8BE2C6DABB5B8ECB85 ft=1 fh=bcb6dad0db90fa56 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_dvd-shrink.exe"
sh=770B20417E7C1718DC195F00D46C532EC8D21FBF ft=1 fh=c87f99f6836a069a vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_eax-movie-catalog.exe"
sh=6C02434489BDC9A47866330AFBBFD8B14F1AEDF2 ft=1 fh=c38883e59d946fb6 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_evernote.exe"
sh=B1977EAA9E5CBFD5A88E9126882EFF90F527C6C3 ft=1 fh=28d23a6e7638fc5d vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_gpl-ghostscript.exe"
sh=62910B002325AE7871D670427E2BBD98ED1C6636 ft=1 fh=80fd946527866694 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_mycam.exe"
sh=BE5F7C2355BA600089D7A7BD0A0DAA1F0B26479E ft=1 fh=cbe2484dc1b3a2fe vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_mymdb.exe"
sh=85F115CFD5C6B59F14C4849469B49FDD26EFA7DA ft=1 fh=44e69a6f478fffae vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_nvu.exe"
sh=AC14D7821F8AEC1E13445AA6291711FC9A74125A ft=1 fh=0e6b5ea17c5f36f1 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_quicktime.exe"
sh=9CE27F75A8D8BF617D9FA6703B281D712C2EFCA4 ft=1 fh=2d75eb2af9d1a745 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thinkpatty\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe"
         
Und jetzt deinstalliere ich ESET wieder lt. Anleitung.

---- erledigt!

Alt 06.08.2014, 23:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Du hast dir auch viel Müll von Softonix runtergeladen; die Programme an sich sind kein Schrott, aber Softonic bietet die in ihrem eigenen Downloader an und dann kommt immer Müll mit rein. Außerdem musst du bei JEDEM Setup benutzerdefiniert installieren, denn nur dann kannst du Adware abwählen.

Lass nochmal Malwraebytes durchlaufen, bei m letzten Lauf hast du nämlich die Funde nicht entfernt!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.08.2014, 13:08   #15
thinkpatty
 
http://search.fbdownloader.com/?channel=de_nt  auf Windows 7 Rechner - Standard

http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner



Zitat:
Zitat von cosinus Beitrag anzeigen
Außerdem musst du bei JEDEM Setup benutzerdefiniert installieren, denn nur dann kannst du Adware abwählen.
Ja, das hab ich auch meistens gemacht,
hab aber auch mal zu schnell weitergeklickt und vergessen den Haken zu entfernen, dann hatte ich nachträglich ne Searchbar wieder deinstalliert, aber das reicht ja nicht.
Zitat:
Lass nochmal Malwraebytes durchlaufen, bei m letzten Lauf hast du nämlich die Funde nicht entfernt
OK, mach ich!
Hatte alles nach Deiner Anleitung gemacht, da stand "in Quarantäne verschieben", aber was mit Löschen hab ich nicht gesehen.

update 14:03 Uhr

Ich hab jetzt rausgefunden, warum beim letzten Mal die Dateien nicht gelöscht wurden, und zwar lief das hier "Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen." nicht automatisch, so dass ich den Rechner selber neu gestartet hatte, was aber wohl nicht zum Löschen führte. Dieshalb hat es aber von alleine geklappt, inkl. Bereinigung.

Soll ich den neuen MBAM logfile posten?
oder ESET noch mal wiederholen?

Antwort

Themen zu http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner
pup.optional.conduit, pup.optional.conduit.a, pup.optional.koyote.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.simplenewtab.a, pup.optional.softonic, pup.optional.softonic.a, tr/crypt.xpack.gen3, win32/conduit.searchprotect.a, win32/conduit.searchprotect.j, win32/conduit.searchprotect.n, win32/conduit.searchprotect.q, win32/downloadsponsor.a, win32/downware.l, win32/installmonetizer.aq, win32/installmonetizer.az, win32/toolbar.conduit, win32/toolbar.conduit.ae, win32/toolbar.conduit.m, win32/toolbar.conduit.r, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.searchsuite.p, win32/wajam.f



Ähnliche Themen: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner


  1. http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (9)
  2. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 29.08.2014 (15)
  3. http://search.fbdownloader.com/?channel=de als neue Startseite
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (53)
  4. http://search.fbdownloader.com/?channel=de - Hilfe gesucht
    Log-Analyse und Auswertung - 08.08.2014 (10)
  5. http://search.fbdownloader.com/?channel=de
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (11)
  6. Entfernen von http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  7. http://search.fbdownloader.com/?channel=de_nt entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  8. Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (5)
  9. http://search.fbdownloader.com/?channel=deg -Virus
    Log-Analyse und Auswertung - 04.05.2014 (19)
  10. http://search.fbdownloader.com/?channel=deg_nt
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  11. WIN 7: Trojaner-Link erscheint in jedem Browser: http://search.fbdownloader.com/?channel=de
    Log-Analyse und Auswertung - 24.03.2014 (10)
  12. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 18.03.2014 (18)
  13. http://search.fbdownloader.com/?channel=de - unerwünschte Startseiten
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (22)
  14. http://search.fbdownloader.com/?channel=de Ist es gefährlich und wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (1)
  15. Virus: Browserstartseite: http://search.fbdownloader.com/?channel=sfde203fbdgy21
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (9)
  16. http://wisersearch.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (7)
  17. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)

Zum Thema http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner - Hallo, ich habe wohl leider seit heute diesen Virus / Trojaner auf dem Rechner: hxxp://search.fbdownloader.com/?channel=de_nt-Seite. (Jedenfalls befürchte ich, dass es ein Virus ist, weil er hier in dem Forum schon - http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner...
Archiv
Du betrachtest: http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.