Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SNAP.DO bei Windows 7 (https://www.trojaner-board.de/152127-snap-do-windows-7-a.html)

McRed 06.04.2014 22:36
SNAP.DO bei Windows 7
 
Hallo,
bei verschiedenen Browsern (Google, Firefox) tauchte SNAP.DO auf.
Firefox habe ich durch about:config und dann SNAP.DO Suche und durch "zurücksetzen" bei den gefundenen Einträgen bereinigt. Bei Google-Chrome werde ich SNAP.DO nicht los.
Bitte um Hilfe, bei der Beseitigung des Virus.
Danke!!

schrauber 07.04.2014 07:01
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


McRed 07.04.2014 10:06
Hallo,
herzlichen Dank im Voraus für Deine Unterstützung!!

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by YYYY (ATTENTION: The logged in user is not administrator) on XXXX-THINK on 07-04-2014 10:53:29
Running from C:\Users\YYYY\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(Dropbox, Inc.) C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2327552 2009-04-20] (Vodafone)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SCLicense] - [X]
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [SignCubesSetupRestart] - "C:\Users\XXXX\AppData\Local\Temp\sctmp1\OLSetup.exe" -flags0 -l1031 [X]
HKLM-x32\...\Runonce: [smarttweak] -  [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [KiesPDLR.exe] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {5a2b211b-1e7f-11e2-90f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {fae8f32f-34a7-11e3-a957-e006e6bc71f0} - D:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260968 2012-05-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215400 2012-05-31] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE520
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firebug - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-26]
FF Extension: Ghostery - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Quick Translator - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-04]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (RealDownloader) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-11]
CHR Extension: (Google Wallet) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37408 2014-03-24] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249192 2012-05-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 10:53 - 2014-04-07 10:53 - 00028863 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:51 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-07 10:00 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000056 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:15 - 2014-03-28 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:05 - 2014-03-28 23:05 - 00001223 _____ () C:\Users\XXXX\Desktop\FixMyRegistry.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002498 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002400 _____ () C:\Users\XXXX\Desktop\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Smartbar
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\LPT
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-28 18:28 - 2014-03-28 23:05 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-28 18:28 - 2014-03-28 23:05 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-16 23:56 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-13 09:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:35 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-07 10:53 - 2014-04-07 10:53 - 00028863 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:52 - 2014-04-07 10:51 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:42 - 2012-10-25 11:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 10:35 - 2013-01-27 18:16 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Dropbox
2014-04-07 10:25 - 2013-08-01 18:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 10:08 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 10:08 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 10:06 - 2012-10-25 20:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 10:06 - 2012-10-25 20:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 10:06 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 10:04 - 2012-10-25 10:43 - 01665799 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 10:02 - 2013-01-28 16:21 - 00000000 ____D () C:\Users\YYYY\Documents\Outlook-Dateien
2014-04-07 10:01 - 2012-10-25 11:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 10:00 - 2014-04-07 10:00 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000056 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 10:00 - 2012-10-25 10:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-07 10:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 01:17 - 2013-02-07 11:17 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Skype
2014-04-06 23:00 - 2013-01-27 15:14 - 00000000 ____D () C:\Users\YYYY\AppData\Local\MobileAccess
2014-04-06 22:53 - 2013-05-23 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 22:53 - 2011-02-24 19:03 - 00000000 ____D () C:\Windows\Panther
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\Users\YYYY\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-03-31 10:27 - 2013-01-27 18:52 - 00000000 ____D () C:\0_Daten
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:55 - 2014-03-28 23:15 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:08 - 2013-03-14 23:12 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-03-28 23:05 - 2014-03-28 23:05 - 00001223 _____ () C:\Users\XXXX\Desktop\FixMyRegistry.lnk
2014-03-28 23:05 - 2014-03-28 18:28 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-28 23:05 - 2014-03-28 18:28 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-28 21:02 - 2013-01-28 23:26 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\CoreFTP
2014-03-28 18:46 - 2013-06-04 14:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Mozilla
2014-03-28 18:29 - 2014-03-28 18:29 - 00002498 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002400 _____ () C:\Users\XXXX\Desktop\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Smartbar
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\LPT
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 23:49 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Samsung
2014-03-26 23:49 - 2013-07-11 15:51 - 00000000 ____D () C:\Users\YYYY\Documents\SelfMV
2014-03-26 23:49 - 2013-06-26 22:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-26 23:49 - 2012-10-25 10:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:38 - 2013-01-27 15:14 - 00000000 ___HD () C:\Users\YYYY
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-26 12:12 - 2011-12-08 22:42 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-22 10:10 - 2013-02-07 10:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Jitsi
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-20 10:18 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-20 10:18 - 2014-03-16 23:54 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-20 01:56 - 2013-07-13 12:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 01:54 - 2013-01-27 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:55 - 2013-01-26 17:34 - 00000000 ____D () C:\Users\XXXX
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-16 23:27 - 2013-02-07 11:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:18 - 2009-07-14 06:45 - 00402480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:16 - 2013-01-28 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 22:03 - 2014-02-17 14:32 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\DropboxMaster
2014-03-12 13:25 - 2013-01-28 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:25 - 2013-01-28 16:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\YYYY\AppData\Local\Temp\avgnt.exe
C:\Users\YYYY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0v1ahd.dll
C:\Users\YYYY\AppData\Local\Temp\jitsi-2.4.4997-delta-4603.9615-x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by YYYY at 2014-04-07 10:53:58
Running from C:\Users\YYYY\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
AusweisApp (HKLM-x32\...\{6E2E92F9-A81B-426F-8F35-4F3718A7D0AF}) (Version: 1.11.0 - OpenLimit SignCubes AG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq4809) (Version:  - Canon Inc.)
ChessBase Reader (HKLM-x32\...\{98F9B4F4-A653-4694-8137-672796375FE7}) (Version: 12.10.0.0 - ChessBase)
Cinergy T Stick Black V86.001.1026.2009 (HKLM-x32\...\Cinergy T Stick Black) (Version: 86.001.1026.2009 - )
Citrix XenCenter (HKLM-x32\...\{59FA4194-D2C3-4D19-AF0D-BCE63C391B1D}) (Version: 6.2.0 - Citrix Systems, Inc.)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iSpring Converter 6 (HKLM\...\{63D632B8-3C88-4E72-BEFE-9D7C7232C2CA}) (Version: 6.2.0 - iSpring Solutions Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jitsi (HKLM\...\{650A9287-EAEF-4818-8B11-0274B2AEC1E2}) (Version: 2.4.4997 - Jitsi)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version: 3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.1.0 - Ericsson AB)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.88 - NVIDIA Corporation)
NVIDIA Grafiktreiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.13 (Version: 1.7.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 296.88 (Version: 296.88 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.13 - NVIDIA Corporation) Hidden
OPENLiMiT(R) SignCubes 2.5.0.4 ReaderDeu (HKLM-x32\...\SignCubes) (Version: 2.5.0.4 - OPENLiMiT SignCubes GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SignCubes comct232.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comct323.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comctl32.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comdlg32.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes mscomct2.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
sipgate Faxdrucker (HKLM\...\{7C3D2E25-D221-4109-85DB-DE290DE9C9DA}) (Version: 1.0.0 - sipgate GmbH)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{717D1D53-7613-41C9-9B68-2291B922803D}) (Version: 11.36.1.16132 - ReSoft Ltd.) <==== ATTENTION
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.15.11 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
tsWebEditor 20060920 (HKLM-x32\...\{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}) (Version: 20060920 - thaler software)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vodafone Mobile Connect Lite (HKLM-x32\...\{E3B99F3D-9856-482A-9048-305E28E2510C}) (Version: 9.4.2.14731 - Vodafone)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2012-10-25 10:55 - 2012-05-15 23:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-10-25 10:51 - 2012-04-09 01:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-25 10:49 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:iSpring Converter 6
AlternateDataStreams: C:\ProgramData:iSpring Pro 6
AlternateDataStreams: C:\Users\All Users:iSpring Converter 6
AlternateDataStreams: C:\Users\All Users:iSpring Pro 6
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:iSpring Converter 6
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:iSpring Pro 6
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Converter 6
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6
AlternateDataStreams: C:\Users\YYYY\Anwendungsdaten:iSpring Converter 6
AlternateDataStreams: C:\Users\YYYY\Anwendungsdaten:iSpring Pro 6
AlternateDataStreams: C:\Users\YYYY\AppData\Roaming:iSpring Converter 6
AlternateDataStreams: C:\Users\YYYY\AppData\Roaming:iSpring Pro 6

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/07/2014 10:01:36 AM) (Source: ESENT) (User: )
Description: Windows (6952) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01197.log.


System errors:
=============
Error: (04/07/2014 10:01:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/07/2014 10:01:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (04/07/2014 10:00:05 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/03/2014 05:44:59 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/28/2014 11:08:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/26/2014 11:32:58 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (03/26/2014 09:23:55 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/07/2014 10:01:36 AM) (Source: ESENT)(User: )
Description: Windows6952Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01197.log-1811


CodeIntegrity Errors:
===================================
  Date: 2014-03-31 10:27:22.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-31 10:27:22.255
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 12:48:15.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 12:48:15.488
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:47.296
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:47.205
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:37.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:36.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 09:50:38.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 09:50:38.071
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3819.11 MB
Available physical RAM: 1402.49 MB
Total Pagefile: 7636.39 MB
Available Pagefile: 4390.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.73 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:219.79 GB) (Free:90.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.63 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 08.04.2014 09:10
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

McRed 08.04.2014 11:02
Hallo,
Danke!! Hier die Ergebnisse
mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.04.2014
Suchlauf-Zeit: 10:57:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.08.01
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 321789
Verstrichene Zeit: 17 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, 2720, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c]

Module: 5
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Common.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpt.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptc.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],

Registrierungsschlüssel: 2
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSystemUpdater, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SpeedUpMyComputer, In Quarantäne, [07f941bff80801ff62fe531e5aa85ba5],

Registrierungswerte: 2
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", In Quarantäne, [3bc5ff01f10f7090e8d16bffae5445bb]
PUP.Optional.SpeedupmyComputer, HKU\S-1-5-21-3660097188-1312487363-17423623-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpeedUpMyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss, Löschen bei Neustart, [ec1446ba6f91837dd74810485aa81ce4]

Registrierungsdaten: 12
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,),Löschen bei Neustart,[7a86fb0502fea55babe98f88a75d827e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[5ba5619f06fa916f5b37ba5d2bd9e51b]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[d12f70907888ea1697fcfb1ce61e31cf]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[c13f887858a8d42c22732ee9f212ac54]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[4fb19b654fb1cd334155ee296b99a25e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[4eb24eb2b14fc63a002bf01eb15332ce]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,),Löschen bei Neustart,[ee1220e09f61f50bd6bea473a65eec14]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[758bd62af20e40c0f69d8e89a064bc44]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[9c6435cb8b75a759f1a19582689cd32d]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[c13f966a629eb74905908c8b47bd9a66]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[cb356d9317e936cae1b50e09b2528a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[9769ed1329d78b752407c04e947003fd]

Ordner: 4
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],

Dateien: 41
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\PublisherSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Common.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\spusm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\FiddlerCore.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\HtmlAgilityPack.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\linmsl.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\lrrot.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\NewConfig.txt, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Newtonsoft.Json.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sppsm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbs.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbu.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sreu.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpdm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srprl.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpt.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptc.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptm.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptm.exe.config, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe.config, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srut.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\System.Data.SQLite.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\UserSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\XMLOperations.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\BrowserSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\LPTMapping.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\Timers.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\LPT.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.Snapdo.A, C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,",), Ersetzt,[c13ffa065aa6639dbf8949f94bb909f7]
PUP.Optional.Snapdo.A, C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,," ],), Ersetzt,[e91755abde22936d94f1ba897b89659b]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner
Code:
# AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 11:14:07
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : XXXX - XXXX-THINK
# Gestartet von : C:\Users\YYYYY\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\l0o0nw1m.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1396025177");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1395978387153");

[ Datei : C:\Users\YYYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\YYYYY\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4997 octets] - [08/04/2014 11:08:42]
AdwCleaner[S0].txt - [4629 octets] - [08/04/2014 11:14:07]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4689 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by XXXXX on 08.04.2014 at 11:23:47,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\XXXXX\desktop\SpeedUpMyComputer.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\XXXXXX\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2014 at 11:28:49,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by YYYY (ATTENTION: The logged in user is not administrator) on XXXX-THINK on 08-04-2014 11:37:39
Running from C:\Users\YYYY\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2327552 2009-04-20] (Vodafone)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SCLicense] - [X]
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [SignCubesSetupRestart] - "C:\Users\XXXX\AppData\Local\Temp\sctmp1\OLSetup.exe" -flags0 -l1031 [X]
HKLM-x32\...\Runonce: [smarttweak] -  [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3660097188-1312487363-17423623-1002\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [KiesPDLR.exe] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {5a2b211b-1e7f-11e2-90f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {fae8f32f-34a7-11e3-a957-e006e6bc71f0} - D:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260968 2012-05-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215400 2012-05-31] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE520
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-26]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-08]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-04]

Chrome:
=======
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (RealDownloader) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-11]
CHR Extension: (Google Wallet) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249192 2012-05-31] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Macromedia
2014-04-08 11:28 - 2014-04-08 11:28 - 00000903 _____ () C:\Users\XXXX\Desktop\JRT.txt
2014-04-08 11:23 - 2014-04-08 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 11:19 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Desktop\JRT.exe
2014-04-08 11:18 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Downloads\JRT.exe
2014-04-08 11:08 - 2014-04-08 11:14 - 00000000 ____D () C:\AdwCleaner
2014-04-08 11:08 - 2014-04-08 11:05 - 00017502 _____ () C:\Users\YYYY\Desktop\mbam1.txt
2014-04-08 11:07 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Desktop\adwcleaner.exe
2014-04-08 11:06 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Downloads\adwcleaner.exe
2014-04-08 10:38 - 2014-04-08 10:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:38 - 2014-04-08 10:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 10:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 10:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 10:36 - 2014-04-08 10:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\YYYY\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:26 - 2014-04-08 10:26 - 00001275 _____ () C:\Users\XXXX\Desktop\Revo Uninstaller.lnk
2014-04-08 10:26 - 2014-04-08 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 10:25 - 2014-04-08 10:35 - 00017564 _____ () C:\Users\YYYY\Downloads\revosetup95.exe
2014-04-08 00:52 - 2014-04-08 00:54 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-04-08 00:48 - 2014-04-08 00:49 - 41315792 _____ (Samsung Electronics Co., Ltd.) C:\Users\YYYY\Downloads\Kies3Setup.exe
2014-04-07 21:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-07 21:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-07 21:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-07 21:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-07 21:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-07 21:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-07 21:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-07 21:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-07 21:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-07 21:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-07 21:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-07 21:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-07 21:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-07 21:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-07 21:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-07 21:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-07 21:29 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-07 21:29 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-07 21:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-07 21:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-07 10:53 - 2014-04-08 11:37 - 00025677 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-08 11:37 - 00000000 ____D () C:\FRST
2014-04-07 10:53 - 2014-04-07 10:54 - 00039340 _____ () C:\Users\YYYY\Desktop\Addition.txt
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:51 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-08 11:16 - 00000224 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-08 10:59 - 00013284 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-07 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:15 - 2014-03-28 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-16 23:56 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-13 09:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:35 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-08 11:39 - 2014-04-07 10:53 - 00025677 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-08 11:37 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Macromedia
2014-04-08 11:31 - 2012-10-25 10:43 - 01729339 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 11:28 - 2014-04-08 11:28 - 00000903 _____ () C:\Users\XXXX\Desktop\JRT.txt
2014-04-08 11:25 - 2013-08-01 18:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 11:25 - 2013-01-26 17:34 - 00001432 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-08 11:25 - 2013-01-26 17:34 - 00000000 ___RD () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-08 11:25 - 2013-01-26 17:34 - 00000000 ___RD () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-08 11:23 - 2014-04-08 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 11:23 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 11:23 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 11:21 - 2012-10-25 20:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 11:21 - 2012-10-25 20:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 11:21 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 11:18 - 2014-04-08 11:19 - 01016261 _____ (Thisisu) C:\Users\YYYY\Desktop\JRT.exe
2014-04-08 11:18 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Downloads\JRT.exe
2014-04-08 11:16 - 2014-04-07 10:00 - 00000224 _____ () C:\Windows\setupact.log
2014-04-08 11:16 - 2013-01-27 18:16 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Dropbox
2014-04-08 11:16 - 2012-10-25 11:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 11:16 - 2012-10-25 10:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 11:16 - 2009-07-14 07:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 11:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 11:14 - 2014-04-08 11:08 - 00000000 ____D () C:\AdwCleaner
2014-04-08 11:06 - 2014-04-08 11:07 - 01426178 _____ () C:\Users\YYYY\Desktop\adwcleaner.exe
2014-04-08 11:06 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Downloads\adwcleaner.exe
2014-04-08 11:05 - 2014-04-08 11:08 - 00017502 _____ () C:\Users\YYYY\Desktop\mbam1.txt
2014-04-08 10:59 - 2014-04-07 10:00 - 00013284 _____ () C:\Windows\PFRO.log
2014-04-08 10:42 - 2012-10-25 11:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 10:40 - 2014-04-08 10:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:38 - 2014-04-08 10:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 10:38 - 2013-01-28 15:10 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 10:38 - 2013-01-28 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 10:37 - 2014-04-08 10:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\YYYY\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:35 - 2014-04-08 10:25 - 00017564 _____ () C:\Users\YYYY\Downloads\revosetup95.exe
2014-04-08 10:26 - 2014-04-08 10:26 - 00001275 _____ () C:\Users\XXXX\Desktop\Revo Uninstaller.lnk
2014-04-08 10:26 - 2014-04-08 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 00:57 - 2013-01-28 16:21 - 00000000 ____D () C:\Users\YYYY\Documents\Outlook-Dateien
2014-04-08 00:54 - 2014-04-08 00:52 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-04-08 00:54 - 2013-06-26 22:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-08 00:52 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Samsung
2014-04-08 00:52 - 2013-07-11 15:51 - 00000000 ____D () C:\Users\YYYY\Documents\SelfMV
2014-04-08 00:52 - 2013-06-26 22:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Downloaded Installations
2014-04-08 00:52 - 2013-01-26 17:34 - 00000000 ____D () C:\Users\XXXX
2014-04-08 00:52 - 2012-10-25 10:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-08 00:49 - 2014-04-08 00:48 - 41315792 _____ (Samsung Electronics Co., Ltd.) C:\Users\YYYY\Downloads\Kies3Setup.exe
2014-04-07 21:25 - 2013-02-07 11:17 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Skype
2014-04-07 19:03 - 2013-01-27 18:52 - 00000000 ____D () C:\0_Daten
2014-04-07 14:49 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 10:54 - 2014-04-07 10:53 - 00039340 _____ () C:\Users\YYYY\Desktop\Addition.txt
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:52 - 2014-04-07 10:51 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:00 - 2013-01-27 15:14 - 00000000 ____D () C:\Users\YYYY\AppData\Local\MobileAccess
2014-04-06 22:53 - 2013-05-23 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 22:53 - 2011-02-24 19:03 - 00000000 ____D () C:\Windows\Panther
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\Users\YYYY\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 09:51 - 2014-04-08 10:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 10:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-01-28 15:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:55 - 2014-03-28 23:15 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:08 - 2013-03-14 23:12 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-03-28 21:02 - 2013-01-28 23:26 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\CoreFTP
2014-03-28 18:46 - 2013-06-04 14:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Mozilla
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:38 - 2013-01-27 15:14 - 00000000 ___HD () C:\Users\YYYY
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-26 12:12 - 2011-12-08 22:42 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-22 10:10 - 2013-02-07 10:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Jitsi
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-20 10:18 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-20 10:18 - 2014-03-16 23:54 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-20 01:56 - 2013-07-13 12:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 01:54 - 2013-01-27 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-16 23:27 - 2013-02-07 11:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:18 - 2009-07-14 06:45 - 00402480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:16 - 2013-01-28 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 22:03 - 2014-02-17 14:32 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\DropboxMaster
2014-03-12 13:25 - 2013-01-28 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:25 - 2013-01-28 16:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\XXXX\AppData\Local\Temp\Execute2App.exe
C:\Users\XXXX\AppData\Local\Temp\msvcp90.dll
C:\Users\XXXX\AppData\Local\Temp\msvcr90.dll
C:\Users\XXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXX\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\YYYY\AppData\Local\Temp\avgnt.exe
C:\Users\YYYY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmponjuxp.dll
C:\Users\YYYY\AppData\Local\Temp\jitsi-2.4.4997-delta-4603.9615-x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

Danke noch einmal!!

schrauber 09.04.2014 08:26

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58