Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SNAP.DO bei Windows 7 (https://www.trojaner-board.de/152127-snap-do-windows-7-a.html)

McRed 06.04.2014 22:36
SNAP.DO bei Windows 7
 
Hallo,
bei verschiedenen Browsern (Google, Firefox) tauchte SNAP.DO auf.
Firefox habe ich durch about:config und dann SNAP.DO Suche und durch "zurücksetzen" bei den gefundenen Einträgen bereinigt. Bei Google-Chrome werde ich SNAP.DO nicht los.
Bitte um Hilfe, bei der Beseitigung des Virus.
Danke!!

schrauber 07.04.2014 07:01
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


McRed 07.04.2014 10:06
Hallo,
herzlichen Dank im Voraus für Deine Unterstützung!!

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by YYYY (ATTENTION: The logged in user is not administrator) on XXXX-THINK on 07-04-2014 10:53:29
Running from C:\Users\YYYY\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(Dropbox, Inc.) C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2327552 2009-04-20] (Vodafone)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SCLicense] - [X]
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [SignCubesSetupRestart] - "C:\Users\XXXX\AppData\Local\Temp\sctmp1\OLSetup.exe" -flags0 -l1031 [X]
HKLM-x32\...\Runonce: [smarttweak] -  [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [KiesPDLR.exe] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {5a2b211b-1e7f-11e2-90f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {fae8f32f-34a7-11e3-a957-e006e6bc71f0} - D:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260968 2012-05-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215400 2012-05-31] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE520
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firebug - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-26]
FF Extension: Ghostery - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Quick Translator - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-04]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (RealDownloader) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-11]
CHR Extension: (Google Wallet) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37408 2014-03-24] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249192 2012-05-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 10:53 - 2014-04-07 10:53 - 00028863 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:51 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-07 10:00 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000056 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:15 - 2014-03-28 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:05 - 2014-03-28 23:05 - 00001223 _____ () C:\Users\XXXX\Desktop\FixMyRegistry.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002498 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002400 _____ () C:\Users\XXXX\Desktop\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Smartbar
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\LPT
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-28 18:28 - 2014-03-28 23:05 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-28 18:28 - 2014-03-28 23:05 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-16 23:56 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-13 09:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:35 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-07 10:53 - 2014-04-07 10:53 - 00028863 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:52 - 2014-04-07 10:51 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:42 - 2012-10-25 11:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 10:35 - 2013-01-27 18:16 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Dropbox
2014-04-07 10:25 - 2013-08-01 18:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 10:08 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 10:08 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 10:06 - 2012-10-25 20:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 10:06 - 2012-10-25 20:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 10:06 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 10:04 - 2012-10-25 10:43 - 01665799 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 10:02 - 2013-01-28 16:21 - 00000000 ____D () C:\Users\YYYY\Documents\Outlook-Dateien
2014-04-07 10:01 - 2012-10-25 11:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 10:00 - 2014-04-07 10:00 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000056 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 10:00 - 2012-10-25 10:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-07 10:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 01:17 - 2013-02-07 11:17 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Skype
2014-04-06 23:00 - 2013-01-27 15:14 - 00000000 ____D () C:\Users\YYYY\AppData\Local\MobileAccess
2014-04-06 22:53 - 2013-05-23 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 22:53 - 2011-02-24 19:03 - 00000000 ____D () C:\Windows\Panther
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\Users\YYYY\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-03-31 10:27 - 2013-01-27 18:52 - 00000000 ____D () C:\0_Daten
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:55 - 2014-03-28 23:15 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:08 - 2013-03-14 23:12 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-03-28 23:05 - 2014-03-28 23:05 - 00001223 _____ () C:\Users\XXXX\Desktop\FixMyRegistry.lnk
2014-03-28 23:05 - 2014-03-28 18:28 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-28 23:05 - 2014-03-28 18:28 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-28 21:02 - 2013-01-28 23:26 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\CoreFTP
2014-03-28 18:46 - 2013-06-04 14:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Mozilla
2014-03-28 18:29 - 2014-03-28 18:29 - 00002498 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00002400 _____ () C:\Users\XXXX\Desktop\Search.lnk
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Smartbar
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\XXXX\AppData\Local\LPT
2014-03-28 18:29 - 2014-03-28 18:29 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 23:49 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Samsung
2014-03-26 23:49 - 2013-07-11 15:51 - 00000000 ____D () C:\Users\YYYY\Documents\SelfMV
2014-03-26 23:49 - 2013-06-26 22:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-26 23:49 - 2012-10-25 10:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:38 - 2013-01-27 15:14 - 00000000 ___HD () C:\Users\YYYY
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-26 12:12 - 2011-12-08 22:42 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-22 10:10 - 2013-02-07 10:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Jitsi
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-20 10:18 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-20 10:18 - 2014-03-16 23:54 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-20 01:56 - 2013-07-13 12:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 01:54 - 2013-01-27 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:55 - 2013-01-26 17:34 - 00000000 ____D () C:\Users\XXXX
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-16 23:27 - 2013-02-07 11:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:18 - 2009-07-14 06:45 - 00402480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:16 - 2013-01-28 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 22:03 - 2014-02-17 14:32 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\DropboxMaster
2014-03-12 13:25 - 2013-01-28 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:25 - 2013-01-28 16:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\YYYY\AppData\Local\Temp\avgnt.exe
C:\Users\YYYY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0v1ahd.dll
C:\Users\YYYY\AppData\Local\Temp\jitsi-2.4.4997-delta-4603.9615-x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by YYYY at 2014-04-07 10:53:58
Running from C:\Users\YYYY\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
AusweisApp (HKLM-x32\...\{6E2E92F9-A81B-426F-8F35-4F3718A7D0AF}) (Version: 1.11.0 - OpenLimit SignCubes AG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq4809) (Version:  - Canon Inc.)
ChessBase Reader (HKLM-x32\...\{98F9B4F4-A653-4694-8137-672796375FE7}) (Version: 12.10.0.0 - ChessBase)
Cinergy T Stick Black V86.001.1026.2009 (HKLM-x32\...\Cinergy T Stick Black) (Version: 86.001.1026.2009 - )
Citrix XenCenter (HKLM-x32\...\{59FA4194-D2C3-4D19-AF0D-BCE63C391B1D}) (Version: 6.2.0 - Citrix Systems, Inc.)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iSpring Converter 6 (HKLM\...\{63D632B8-3C88-4E72-BEFE-9D7C7232C2CA}) (Version: 6.2.0 - iSpring Solutions Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jitsi (HKLM\...\{650A9287-EAEF-4818-8B11-0274B2AEC1E2}) (Version: 2.4.4997 - Jitsi)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version: 3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.1.0 - Ericsson AB)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.88 - NVIDIA Corporation)
NVIDIA Grafiktreiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.13 (Version: 1.7.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 296.88 (Version: 296.88 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.13 - NVIDIA Corporation) Hidden
OPENLiMiT(R) SignCubes 2.5.0.4 ReaderDeu (HKLM-x32\...\SignCubes) (Version: 2.5.0.4 - OPENLiMiT SignCubes GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SignCubes comct232.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comct323.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comctl32.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes comdlg32.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
SignCubes mscomct2.msm Update (x32 Version: 1.0.0 - SignCubes GmbH) Hidden
sipgate Faxdrucker (HKLM\...\{7C3D2E25-D221-4109-85DB-DE290DE9C9DA}) (Version: 1.0.0 - sipgate GmbH)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{717D1D53-7613-41C9-9B68-2291B922803D}) (Version: 11.36.1.16132 - ReSoft Ltd.) <==== ATTENTION
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.15.11 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
tsWebEditor 20060920 (HKLM-x32\...\{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}) (Version: 20060920 - thaler software)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vodafone Mobile Connect Lite (HKLM-x32\...\{E3B99F3D-9856-482A-9048-305E28E2510C}) (Version: 9.4.2.14731 - Vodafone)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2012-10-25 10:55 - 2012-05-15 23:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-10-25 10:51 - 2012-04-09 01:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-25 10:49 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:iSpring Converter 6
AlternateDataStreams: C:\ProgramData:iSpring Pro 6
AlternateDataStreams: C:\Users\All Users:iSpring Converter 6
AlternateDataStreams: C:\Users\All Users:iSpring Pro 6
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:iSpring Converter 6
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:iSpring Pro 6
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Converter 6
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6
AlternateDataStreams: C:\Users\YYYY\Anwendungsdaten:iSpring Converter 6
AlternateDataStreams: C:\Users\YYYY\Anwendungsdaten:iSpring Pro 6
AlternateDataStreams: C:\Users\YYYY\AppData\Roaming:iSpring Converter 6
AlternateDataStreams: C:\Users\YYYY\AppData\Roaming:iSpring Pro 6

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/07/2014 10:01:36 AM) (Source: ESENT) (User: )
Description: Windows (6952) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01197.log.


System errors:
=============
Error: (04/07/2014 10:01:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/07/2014 10:01:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (04/07/2014 10:00:05 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/03/2014 05:44:59 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/28/2014 11:08:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/28/2014 11:08:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/26/2014 11:32:58 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (03/26/2014 09:23:55 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/07/2014 10:01:36 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/07/2014 10:01:36 AM) (Source: ESENT)(User: )
Description: Windows6952Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01197.log-1811


CodeIntegrity Errors:
===================================
  Date: 2014-03-31 10:27:22.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-31 10:27:22.255
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 12:48:15.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 12:48:15.488
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:47.296
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:47.205
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:37.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 11:59:36.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 09:50:38.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-27 09:50:38.071
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3819.11 MB
Available physical RAM: 1402.49 MB
Total Pagefile: 7636.39 MB
Available Pagefile: 4390.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.73 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:219.79 GB) (Free:90.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.63 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 08.04.2014 09:10
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

McRed 08.04.2014 11:02
Hallo,
Danke!! Hier die Ergebnisse
mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.04.2014
Suchlauf-Zeit: 10:57:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.08.01
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 321789
Verstrichene Zeit: 17 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, 2720, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c]

Module: 5
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Common.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpt.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptc.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],

Registrierungsschlüssel: 2
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSystemUpdater, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SpeedUpMyComputer, In Quarantäne, [07f941bff80801ff62fe531e5aa85ba5],

Registrierungswerte: 2
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", In Quarantäne, [3bc5ff01f10f7090e8d16bffae5445bb]
PUP.Optional.SpeedupmyComputer, HKU\S-1-5-21-3660097188-1312487363-17423623-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpeedUpMyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss, Löschen bei Neustart, [ec1446ba6f91837dd74810485aa81ce4]

Registrierungsdaten: 12
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,),Löschen bei Neustart,[7a86fb0502fea55babe98f88a75d827e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[5ba5619f06fa916f5b37ba5d2bd9e51b]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[d12f70907888ea1697fcfb1ce61e31cf]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[c13f887858a8d42c22732ee9f212ac54]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[4fb19b654fb1cd334155ee296b99a25e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3660097188-1312487363-17423623-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[4eb24eb2b14fc63a002bf01eb15332ce]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,),Löschen bei Neustart,[ee1220e09f61f50bd6bea473a65eec14]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[758bd62af20e40c0f69d8e89a064bc44]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[9c6435cb8b75a759f1a19582689cd32d]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[c13f966a629eb74905908c8b47bd9a66]
PUP.Optional.Snapdo, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[cb356d9317e936cae1b50e09b2528a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3660097188-1312487363-17423623-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}),Löschen bei Neustart,[9769ed1329d78b752407c04e947003fd]

Ordner: 4
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],

Dateien: 41
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\PublisherSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Common.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\spusm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\FiddlerCore.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\HtmlAgilityPack.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\linmsl.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\lrrot.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\NewConfig.txt, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Newtonsoft.Json.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sppsm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbs.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbu.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sreu.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpdm.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srprl.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpt.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptc.dll, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptm.exe, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptm.exe.config, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, Löschen bei Neustart, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe.config, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srut.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\System.Data.SQLite.dll, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\UserSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\XMLOperations.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\BrowserSettings.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\LPTMapping.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\Timers.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\LPT.xml, In Quarantäne, [8080e21e4eb2758b4473442620e2847c],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.SpeedupmyComputer, C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe, In Quarantäne, [ec1446ba6f91837dd74810485aa81ce4],
PUP.Optional.Snapdo.A, C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,,",), Ersetzt,[c13ffa065aa6639dbf8949f94bb909f7]
PUP.Optional.Snapdo.A, C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PvfzJPtRcF1-_sPBQ0QUBo4-aRSdRgnZN8Hsc7fgaSrVuxZWuB871Ilfnp32OE0A,," ],), Ersetzt,[e91755abde22936d94f1ba897b89659b]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner
Code:
# AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 11:14:07
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : XXXX - XXXX-THINK
# Gestartet von : C:\Users\YYYYY\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\l0o0nw1m.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1396025177");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1395978387153");

[ Datei : C:\Users\YYYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\YYYYY\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4997 octets] - [08/04/2014 11:08:42]
AdwCleaner[S0].txt - [4629 octets] - [08/04/2014 11:14:07]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4689 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by XXXXX on 08.04.2014 at 11:23:47,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\XXXXX\desktop\SpeedUpMyComputer.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\XXXXXX\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2014 at 11:28:49,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by YYYY (ATTENTION: The logged in user is not administrator) on XXXX-THINK on 08-04-2014 11:37:39
Running from C:\Users\YYYY\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileAccess] - C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2327552 2009-04-20] (Vodafone)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SCLicense] - [X]
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [SignCubesSetupRestart] - "C:\Users\XXXX\AppData\Local\Temp\sctmp1\OLSetup.exe" -flags0 -l1031 [X]
HKLM-x32\...\Runonce: [smarttweak] -  [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3660097188-1312487363-17423623-1002\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\Run: [KiesPDLR.exe] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {5a2b211b-1e7f-11e2-90f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3660097188-1312487363-17423623-1004\...\MountPoints2: {fae8f32f-34a7-11e3-a957-e006e6bc71f0} - D:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260968 2012-05-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215400 2012-05-31] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0oIn_UapcN-gt8QZqCm9ZwZ564WXpcaKf5_x7rG35eUrEfB4DaZCQHD5APoKAKQ_PjWw7fjPRXMWarqYaC1V00wout1HOn2_AytxJ-MBJxLmdvYSg496dWwzQ0LSiagw,,&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE520
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-26]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-08]
FF Extension: No Name - C:\Users\YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\fobwwu6t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-04]

Chrome:
=======
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (RealDownloader) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-11]
CHR Extension: (Google Wallet) - C:\Users\YYYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249192 2012-05-31] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Macromedia
2014-04-08 11:28 - 2014-04-08 11:28 - 00000903 _____ () C:\Users\XXXX\Desktop\JRT.txt
2014-04-08 11:23 - 2014-04-08 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 11:19 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Desktop\JRT.exe
2014-04-08 11:18 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Downloads\JRT.exe
2014-04-08 11:08 - 2014-04-08 11:14 - 00000000 ____D () C:\AdwCleaner
2014-04-08 11:08 - 2014-04-08 11:05 - 00017502 _____ () C:\Users\YYYY\Desktop\mbam1.txt
2014-04-08 11:07 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Desktop\adwcleaner.exe
2014-04-08 11:06 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Downloads\adwcleaner.exe
2014-04-08 10:38 - 2014-04-08 10:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:38 - 2014-04-08 10:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 10:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 10:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 10:36 - 2014-04-08 10:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\YYYY\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:26 - 2014-04-08 10:26 - 00001275 _____ () C:\Users\XXXX\Desktop\Revo Uninstaller.lnk
2014-04-08 10:26 - 2014-04-08 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 10:25 - 2014-04-08 10:35 - 00017564 _____ () C:\Users\YYYY\Downloads\revosetup95.exe
2014-04-08 00:52 - 2014-04-08 00:54 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-04-08 00:48 - 2014-04-08 00:49 - 41315792 _____ (Samsung Electronics Co., Ltd.) C:\Users\YYYY\Downloads\Kies3Setup.exe
2014-04-07 21:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-07 21:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-07 21:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-07 21:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-07 21:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-07 21:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-07 21:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-07 21:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-07 21:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-07 21:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-07 21:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-07 21:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-07 21:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-07 21:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-07 21:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-07 21:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-07 21:29 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-07 21:29 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-07 21:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-07 21:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-07 10:53 - 2014-04-08 11:37 - 00025677 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-07 10:53 - 2014-04-08 11:37 - 00000000 ____D () C:\FRST
2014-04-07 10:53 - 2014-04-07 10:54 - 00039340 _____ () C:\Users\YYYY\Desktop\Addition.txt
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:51 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-08 11:16 - 00000224 _____ () C:\Windows\setupact.log
2014-04-07 10:00 - 2014-04-08 10:59 - 00013284 _____ () C:\Windows\PFRO.log
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-07 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:15 - 2014-03-28 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-16 23:56 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-16 23:55 - 2014-03-21 22:56 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-20 10:18 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-13 09:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:35 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:33 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-08 11:39 - 2014-04-07 10:53 - 00025677 _____ () C:\Users\YYYY\Desktop\FRST.txt
2014-04-08 11:37 - 2014-04-07 10:53 - 00000000 ____D () C:\FRST
2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Macromedia
2014-04-08 11:31 - 2012-10-25 10:43 - 01729339 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 11:28 - 2014-04-08 11:28 - 00000903 _____ () C:\Users\XXXX\Desktop\JRT.txt
2014-04-08 11:25 - 2013-08-01 18:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 11:25 - 2013-01-26 17:34 - 00001432 _____ () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-08 11:25 - 2013-01-26 17:34 - 00000000 ___RD () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-08 11:25 - 2013-01-26 17:34 - 00000000 ___RD () C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-08 11:23 - 2014-04-08 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 11:23 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 11:23 - 2009-07-14 06:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 11:21 - 2012-10-25 20:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 11:21 - 2012-10-25 20:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 11:21 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 11:18 - 2014-04-08 11:19 - 01016261 _____ (Thisisu) C:\Users\YYYY\Desktop\JRT.exe
2014-04-08 11:18 - 2014-04-08 11:18 - 01016261 _____ (Thisisu) C:\Users\YYYY\Downloads\JRT.exe
2014-04-08 11:16 - 2014-04-07 10:00 - 00000224 _____ () C:\Windows\setupact.log
2014-04-08 11:16 - 2013-01-27 18:16 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Dropbox
2014-04-08 11:16 - 2012-10-25 11:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 11:16 - 2012-10-25 10:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 11:16 - 2009-07-14 07:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 11:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 11:14 - 2014-04-08 11:08 - 00000000 ____D () C:\AdwCleaner
2014-04-08 11:06 - 2014-04-08 11:07 - 01426178 _____ () C:\Users\YYYY\Desktop\adwcleaner.exe
2014-04-08 11:06 - 2014-04-08 11:06 - 01426178 _____ () C:\Users\YYYY\Downloads\adwcleaner.exe
2014-04-08 11:05 - 2014-04-08 11:08 - 00017502 _____ () C:\Users\YYYY\Desktop\mbam1.txt
2014-04-08 10:59 - 2014-04-07 10:00 - 00013284 _____ () C:\Windows\PFRO.log
2014-04-08 10:42 - 2012-10-25 11:04 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 10:40 - 2014-04-08 10:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:38 - 2014-04-08 10:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 10:38 - 2013-01-28 15:10 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 10:38 - 2013-01-28 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 10:37 - 2014-04-08 10:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\YYYY\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:35 - 2014-04-08 10:25 - 00017564 _____ () C:\Users\YYYY\Downloads\revosetup95.exe
2014-04-08 10:26 - 2014-04-08 10:26 - 00001275 _____ () C:\Users\XXXX\Desktop\Revo Uninstaller.lnk
2014-04-08 10:26 - 2014-04-08 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 00:57 - 2013-01-28 16:21 - 00000000 ____D () C:\Users\YYYY\Documents\Outlook-Dateien
2014-04-08 00:54 - 2014-04-08 00:52 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-04-08 00:54 - 2013-06-26 22:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-08 00:52 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Samsung
2014-04-08 00:52 - 2013-07-11 15:51 - 00000000 ____D () C:\Users\YYYY\Documents\SelfMV
2014-04-08 00:52 - 2013-06-26 22:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Downloaded Installations
2014-04-08 00:52 - 2013-01-26 17:34 - 00000000 ____D () C:\Users\XXXX
2014-04-08 00:52 - 2012-10-25 10:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-08 00:49 - 2014-04-08 00:48 - 41315792 _____ (Samsung Electronics Co., Ltd.) C:\Users\YYYY\Downloads\Kies3Setup.exe
2014-04-07 21:25 - 2013-02-07 11:17 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Skype
2014-04-07 19:03 - 2013-01-27 18:52 - 00000000 ____D () C:\0_Daten
2014-04-07 14:49 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 10:54 - 2014-04-07 10:53 - 00039340 _____ () C:\Users\YYYY\Desktop\Addition.txt
2014-04-07 10:52 - 2014-04-07 10:52 - 02157056 _____ (Farbar) C:\Users\YYYY\Desktop\FRST64.exe
2014-04-07 10:52 - 2014-04-07 10:51 - 02157056 _____ (Farbar) C:\Users\YYYY\Downloads\FRST64.exe
2014-04-07 10:00 - 2014-04-07 10:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:00 - 2013-01-27 15:14 - 00000000 ____D () C:\Users\YYYY\AppData\Local\MobileAccess
2014-04-06 22:53 - 2013-05-23 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 22:53 - 2011-02-24 19:03 - 00000000 ____D () C:\Windows\Panther
2014-04-06 22:52 - 2014-04-06 22:52 - 03710504 _____ (Piriform Ltd) C:\Users\YYYY\Downloads\ccsetup412_slim.exe
2014-04-06 22:45 - 2014-04-06 22:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 22:45 - 2014-04-06 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 22:44 - 2014-04-06 22:44 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-06 22:43 - 2014-04-06 22:43 - 00283192 _____ (Mozilla) C:\Users\YYYY\Downloads\Firefox Setup Stub 28.0.exe
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\Users\YYYY\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 21:34 - 2013-02-25 17:33 - 00000384 ____H () C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
2014-04-03 09:51 - 2014-04-08 10:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 10:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-01-28 15:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Citrix
2014-03-28 23:57 - 2014-03-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-28 23:55 - 2014-03-28 23:15 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\ImgBurn
2014-03-28 23:09 - 2014-03-28 23:09 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-03-28 23:09 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-28 23:08 - 2013-03-14 23:12 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-03-28 21:02 - 2013-01-28 23:26 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\CoreFTP
2014-03-28 18:46 - 2013-06-04 14:11 - 00000000 ____D () C:\Users\XXXX\AppData\Local\Mozilla
2014-03-28 18:28 - 2014-03-28 18:28 - 02330672 _____ () C:\Users\YYYY\Downloads\imgburn_smc_installer.exe
2014-03-27 13:57 - 2014-03-27 13:57 - 00000218 _____ () C:\Users\YYYY\AppData\Local\recently-used.xbel
2014-03-26 14:38 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\YYYY\.pdfsam
2014-03-26 14:38 - 2013-01-27 15:14 - 00000000 ___HD () C:\Users\YYYY
2014-03-26 14:19 - 2014-03-26 14:19 - 00000000 ____D () C:\Program Files\PDF Split And Merge Basic
2014-03-26 12:12 - 2011-12-08 22:42 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-22 10:10 - 2013-02-07 10:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Jitsi
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos
2014-03-21 22:56 - 2014-03-16 23:55 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-03-20 10:18 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos VPN
2014-03-20 10:18 - 2014-03-16 23:54 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\Steganos
2014-03-20 01:56 - 2013-07-13 12:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 01:54 - 2013-01-27 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 23:56 - 2014-03-16 23:56 - 00000000 ____D () C:\Users\XXXX\AppData\Roaming\Steganos VPN
2014-03-16 23:55 - 2014-03-16 23:55 - 15821488 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedom.exe
2014-03-16 23:54 - 2014-03-16 23:54 - 02756408 _____ (Steganos Software GmbH) C:\Users\YYYY\Downloads\okayfreedomintdle11.exe
2014-03-16 23:27 - 2014-03-16 23:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 ____D () C:\Users\YYYY\AppData\Local\Skype
2014-03-16 23:27 - 2013-02-07 11:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:18 - 2013-02-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 11:18 - 2009-07-14 06:45 - 00402480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:16 - 2013-01-28 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 22:03 - 2014-02-17 14:32 - 00000000 ____D () C:\Users\YYYY\AppData\Roaming\DropboxMaster
2014-03-12 13:25 - 2013-01-28 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:25 - 2013-01-28 16:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\XXXX\AppData\Local\Temp\Execute2App.exe
C:\Users\XXXX\AppData\Local\Temp\msvcp90.dll
C:\Users\XXXX\AppData\Local\Temp\msvcr90.dll
C:\Users\XXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXX\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\YYYY\AppData\Local\Temp\avgnt.exe
C:\Users\YYYY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmponjuxp.dll
C:\Users\YYYY\AppData\Local\Temp\jitsi-2.4.4997-delta-4603.9615-x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

Danke noch einmal!!

schrauber 09.04.2014 08:26

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131