so, hier die Malwarebytes-Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 09.05.2014
Suchlauf-Zeit: 14:33:26
Logdatei: Malwarebytes.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 282891
Verstrichene Zeit: 22 Min, 53 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 2
PUP.Optional.SkyTech.A, C:\Users\***\AppData\Local\Temp\9062800\9062800.zipDir\alilog.dll, , [0f6e39a5bbbfe84e609e85fa34cc36ca],
PUP.Optional.WpManager, C:\Users\***\AppData\Local\Temp\9062800\9062800.zipDir\tmp\wpm_v18.8.0.273.exe, , [88f53ca2770383b3e67f5c46b8490ef2],
Physische Sektoren: 0
(No malicious items detected)
(end)
Die Zoek-Logfile: Code:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by *** on 09.05.2014 at 14:47:49,81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\***\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09.05.2014 14:49:29 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462\prefs.js:
Added to C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\prefs.js:
user_pref("browser.startup.homepage", "www.bing.com");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Added to C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default\prefs.js:
Added to C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462
user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\
---- FireFox user.js and prefs.js backups ----
prefs__1503_.backup
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\
---- FireFox user.js and prefs.js backups ----
prefs__1503_.backup
ProfilePath: C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1503_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Package Cache deleted
C:\Users\***\AppData\Local\cache deleted
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462\jetpack deleted
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\jetpack deleted
"C:\Users\***\AppData\Roaming\XnView" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"FFPDFArchitectConverter@pdfarchitect.com"=hex(2):43,00,3a,00,5c,00,50,00,72,\ []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [10.12.2013 08:45]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAflor Support-Anfrage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAflor Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAflor Update-Manager deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\i7qjjyt2.default-1396245209462\Cache emptied successfully
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\7aw1kt3n.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=17 folders=38 10587818 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\***\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\***\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 09.05.2014 at 15:11:12,18 ======================
FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2014 01
Ran by *** (administrator) on APPARAT on 09-05-2014 15:18:46
Running from C:\Users\***\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-12-13] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55120 2010-12-08] (UPEK Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-11-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-11-15] (NVIDIA Corporation)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4395104 2012-05-16] (Lenovo Group Limited)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1575497497-273483109-2788137214-1000\...\Policies\Explorer: []
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-21]
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-10]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-08-24]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-10]
========================== Services (Whitelisted) =================
S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064752 2014-02-24] (Flexera Software LLC)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [988472 2011-12-13] (Lenovo)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-04-16] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-04-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-04-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-04-16] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-04-28] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-04-16] (G Data Software AG)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
S3 swmx01; C:\Windows\system32\drivers\swmx01.sys [72576 2007-04-10] (Sierra Wireless Inc.)
S3 SWUMX01; C:\Windows\system32\drivers\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-09 15:08 - 2014-05-09 14:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-09 14:49 - 2014-05-09 15:11 - 00012428 _____ () C:\zoek-results.log
2014-05-09 14:47 - 2014-05-09 15:03 - 00000000 ____D () C:\zoek_backup
2014-05-09 14:42 - 2014-05-09 14:43 - 01285120 _____ () C:\Users\***\Downloads\zoek(1).exe
2014-05-09 14:42 - 2014-05-09 14:42 - 01285120 _____ () C:\Users\***\Desktop\zoek.exe
2014-05-09 14:33 - 2014-05-09 14:44 - 00001399 _____ () C:\Users\***\Desktop\Malwarebytes.txt
2014-05-09 14:07 - 2014-05-09 14:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-09 14:06 - 2014-05-09 14:07 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\***\Desktop\mbam-rules.exe
2014-05-09 13:17 - 2014-05-09 14:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 13:17 - 2014-05-09 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 13:17 - 2014-05-09 13:17 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 13:17 - 2014-05-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 13:17 - 2014-05-09 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-09 13:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 13:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 13:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 13:10 - 2014-05-09 13:10 - 00000757 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-09 12:59 - 2014-05-09 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 12:55 - 2014-05-09 12:56 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-05-09 12:42 - 2014-05-09 12:44 - 00000000 ____D () C:\AdwCleaner
2014-05-09 12:41 - 2014-05-09 12:42 - 01316991 _____ () C:\Users\***\Desktop\adwcleaner.exe
2014-05-09 12:03 - 2014-05-09 12:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 11:54 - 2014-05-09 12:23 - 00003095 _____ () C:\Users\***\Desktop\GMER.log
2014-05-09 11:22 - 2014-05-09 15:18 - 00014689 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-09 11:21 - 2014-05-09 11:22 - 00000472 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-05-09 11:07 - 2014-05-09 11:07 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2014-05-09 11:06 - 2014-05-09 11:06 - 01053184 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-05-09 11:05 - 2014-05-09 11:05 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-05-09 10:09 - 2014-05-09 10:09 - 00000928 _____ () C:\Users\Public\Desktop\freac - free audio converter.lnk
2014-05-09 10:09 - 2014-05-09 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2014-05-09 10:08 - 2014-05-09 10:09 - 00000000 ____D () C:\Program Files\freac
2014-05-09 10:05 - 2014-05-09 10:05 - 01062288 _____ () C:\Users\***\Downloads\fre_ac-audio-converter-lnstall.exe
2014-05-09 09:58 - 2014-05-09 09:58 - 00466744 _____ () C:\Users\***\Downloads\download_audiograbber.exe
2014-05-08 06:39 - 2014-05-09 11:21 - 00000000 ____D () C:\Users\***\AppData\Roaming\Audacity
2014-05-08 06:39 - 2014-05-08 06:39 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-08 06:39 - 2014-05-08 06:39 - 00000972 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-05-08 06:39 - 2014-05-08 06:39 - 00000000 ____D () C:\Program Files\Audacity
2014-05-07 06:37 - 2014-05-07 06:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 18:19 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 18:19 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 06:59 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 06:59 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-30 22:23 - 2014-05-01 19:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 20:51 - 2014-04-29 20:51 - 00002212 _____ () C:\Users\Public\Desktop\DWG TrueView 2015 - English.lnk
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-04-29 20:49 - 2014-04-29 20:49 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-04-29 18:29 - 2014-04-29 18:29 - 01640590 _____ () C:\Users\***\Downloads\764_Housing
2014-04-29 18:29 - 2014-04-29 18:29 - 00072671 _____ () C:\Users\***\Downloads\909_Swimming
2014-04-29 18:29 - 2014-04-29 18:29 - 00042012 _____ () C:\Users\***\Downloads\774_Plantation
2014-04-29 18:07 - 2014-04-29 18:07 - 01150828 _____ () C:\Users\***\Downloads\82_People_Swimmers
2014-04-29 18:04 - 2014-04-29 18:04 - 00743480 _____ () C:\Users\***\Downloads\438_Volleyball
2014-04-29 16:53 - 2014-04-29 16:53 - 00000000 ____D () C:\Users\Default\Downloads\medialink
2014-04-29 16:53 - 2014-04-29 16:53 - 00000000 ____D () C:\Users\Default User\Downloads\medialink
2014-04-29 16:52 - 2014-04-29 16:58 - 46002830 _____ () C:\Users\Default\Downloads\39589.mp4
2014-04-29 16:52 - 2014-04-29 16:58 - 46002830 _____ () C:\Users\Default User\Downloads\39589.mp4
2014-04-29 09:00 - 2014-04-29 20:48 - 00000000 ____D () C:\Program Files\Autodesk
2014-04-29 06:52 - 2014-04-29 06:52 - 00921512 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2014-04-24 19:36 - 2014-04-24 19:36 - 00000000 ____D () C:\Users\***\Documents\AdobeStockPhotos
2014-04-21 23:10 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 23:10 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 23:10 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 23:10 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 23:10 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 23:10 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 23:10 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 23:10 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 23:10 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 23:10 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 23:10 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 23:10 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 23:10 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 23:10 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 23:10 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 23:10 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 23:10 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 23:10 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 23:10 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 23:10 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 23:10 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 23:10 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 23:10 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 23:10 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 19:02 - 2014-04-21 19:02 - 01908225 _____ () C:\Users\***\Downloads\VirtualDub-1.10.4.zip
2014-04-21 19:00 - 2014-04-21 19:07 - 79086728 _____ (Lightworks) C:\Users\***\Downloads\lightworks_v11.5.1_full_32bit.exe
2014-04-17 13:46 - 2014-04-17 13:54 - 24145786 _____ () C:\Users\Default\Downloads\976546.flv
2014-04-17 13:46 - 2014-04-17 13:54 - 24145786 _____ () C:\Users\Default User\Downloads\976546.flv
2014-04-17 12:34 - 2014-04-17 12:57 - 98418176 _____ () C:\Users\Default\Downloads\2833384.flv
2014-04-17 12:34 - 2014-04-17 12:57 - 98418176 _____ () C:\Users\Default User\Downloads\2833384.flv
2014-04-16 10:10 - 2014-04-16 10:10 - 00020736 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt32.sys
2014-04-16 10:10 - 2014-04-16 10:10 - 00001943 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-04-16 10:10 - 2014-04-16 10:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt32_01007.Wdf
2014-04-16 10:10 - 2014-04-16 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-04-10 12:57 - 2014-04-10 13:25 - 111863875 _____ () C:\Users\Default\Downloads\2155873_hd.flv
2014-04-10 12:57 - 2014-04-10 13:25 - 111863875 _____ () C:\Users\Default User\Downloads\2155873_hd.flv
2014-04-10 07:05 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:05 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:05 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:05 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:05 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:05 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-05-09 15:19 - 2014-05-09 11:22 - 00014689 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-09 15:18 - 2013-11-27 17:21 - 00000000 ____D () C:\FRST
2014-05-09 15:17 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:17 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:13 - 2014-01-05 13:37 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2014-05-09 15:11 - 2014-05-09 14:49 - 00012428 _____ () C:\zoek-results.log
2014-05-09 15:10 - 2014-03-02 02:00 - 00007483 _____ () C:\Windows\setupact.log
2014-05-09 15:10 - 2010-11-20 23:48 - 00117368 _____ () C:\Windows\PFRO.log
2014-05-09 15:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 15:08 - 2013-11-21 17:59 - 02054136 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 15:03 - 2014-05-09 14:47 - 00000000 ____D () C:\zoek_backup
2014-05-09 14:47 - 2014-05-09 15:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-09 14:44 - 2014-05-09 14:33 - 00001399 _____ () C:\Users\***\Desktop\Malwarebytes.txt
2014-05-09 14:43 - 2014-05-09 14:42 - 01285120 _____ () C:\Users\***\Downloads\zoek(1).exe
2014-05-09 14:42 - 2014-05-09 14:42 - 01285120 _____ () C:\Users\***\Desktop\zoek.exe
2014-05-09 14:08 - 2014-05-09 13:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 14:07 - 2014-05-09 14:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-09 14:07 - 2014-05-09 14:06 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\***\Desktop\mbam-rules.exe
2014-05-09 14:07 - 2014-05-09 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 13:17 - 2014-05-09 13:17 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 13:17 - 2014-05-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 13:17 - 2014-05-09 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-09 13:10 - 2014-05-09 13:10 - 00000757 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-09 12:59 - 2014-05-09 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 12:56 - 2014-05-09 12:55 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-05-09 12:45 - 2013-11-21 23:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-09 12:44 - 2014-05-09 12:42 - 00000000 ____D () C:\AdwCleaner
2014-05-09 12:44 - 2013-11-21 23:39 - 00001026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 12:44 - 2013-11-21 18:24 - 00001155 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-09 12:42 - 2014-05-09 12:41 - 01316991 _____ () C:\Users\***\Desktop\adwcleaner.exe
2014-05-09 12:23 - 2014-05-09 11:54 - 00003095 _____ () C:\Users\***\Desktop\GMER.log
2014-05-09 12:04 - 2014-05-09 12:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 11:22 - 2014-05-09 11:21 - 00000472 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-05-09 11:21 - 2014-05-08 06:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\Audacity
2014-05-09 11:10 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-09 11:07 - 2014-05-09 11:07 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2014-05-09 11:06 - 2014-05-09 11:06 - 01053184 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-05-09 11:05 - 2014-05-09 11:05 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-05-09 10:09 - 2014-05-09 10:09 - 00000928 _____ () C:\Users\Public\Desktop\freac - free audio converter.lnk
2014-05-09 10:09 - 2014-05-09 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2014-05-09 10:09 - 2014-05-09 10:08 - 00000000 ____D () C:\Program Files\freac
2014-05-09 10:05 - 2014-05-09 10:05 - 01062288 _____ () C:\Users\***\Downloads\download_audiograbber.exe
2014-05-09 09:52 - 2013-11-22 21:09 - 00000000 ____D () C:\Users\***\dwhelper
2014-05-09 09:41 - 2014-01-09 11:46 - 00000000 ____D () C:\Users\***\Documents\11_MISC
2014-05-08 06:39 - 2014-05-08 06:39 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-08 06:39 - 2014-05-08 06:39 - 00000972 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-05-08 06:39 - 2014-05-08 06:39 - 00000000 ____D () C:\Program Files\Audacity
2014-05-07 06:37 - 2014-05-07 06:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 07:43 - 2013-11-21 23:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-05-02 11:20 - 2013-12-10 14:16 - 00000000 ____D () C:\Users\***\Documents\9_HAUS
2014-05-01 19:07 - 2014-04-30 22:23 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-01 18:37 - 2012-08-24 13:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-01 18:37 - 2012-08-24 13:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 09:53 - 2009-07-14 06:33 - 00376032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 20:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-29 20:52 - 2013-11-21 18:13 - 00097968 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 20:51 - 2014-04-29 20:51 - 00002212 _____ () C:\Users\Public\Desktop\DWG TrueView 2015 - English.lnk
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-04-29 20:51 - 2014-03-30 16:08 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-04-29 20:51 - 2014-03-30 16:07 - 00000000 ____D () C:\Users\***\AppData\Roaming\Autodesk
2014-04-29 20:50 - 2014-03-30 16:07 - 00000000 ____D () C:\ProgramData\Autodesk
2014-04-29 20:49 - 2014-04-29 20:49 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-04-29 20:48 - 2014-04-29 09:00 - 00000000 ____D () C:\Program Files\Autodesk
2014-04-29 20:48 - 2014-03-30 16:11 - 00000000 ____D () C:\Users\***\AppData\Local\Autodesk
2014-04-29 18:29 - 2014-04-29 18:29 - 01640590 _____ () C:\Users\***\Downloads\764_Housing
2014-04-29 18:29 - 2014-04-29 18:29 - 00072671 _____ () C:\Users\***\Downloads\909_Swimming
2014-04-29 18:29 - 2014-04-29 18:29 - 00042012 _____ () C:\Users\***\Downloads\774_Plantation
2014-04-29 18:07 - 2014-04-29 18:07 - 01150828 _____ () C:\Users\***\Downloads\82_People_Swimmers
2014-04-29 18:04 - 2014-04-29 18:04 - 00743480 _____ () C:\Users\***\Downloads\438_Volleyball
2014-04-29 16:58 - 2014-04-29 16:52 - 46002830 _____ () C:\Users\Default\Downloads\39589.mp4
2014-04-29 16:58 - 2014-04-29 16:52 - 46002830 _____ () C:\Users\Default User\Downloads\39589.mp4
2014-04-29 16:53 - 2014-04-29 16:53 - 00000000 ____D () C:\Users\Default\Downloads\medialink
2014-04-29 16:53 - 2014-04-29 16:53 - 00000000 ____D () C:\Users\Default User\Downloads\medialink
2014-04-29 14:48 - 2014-05-05 06:59 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:34 - 2014-05-05 06:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 06:52 - 2014-04-29 06:52 - 00921512 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2014-04-28 14:39 - 2013-11-23 04:45 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-28 14:39 - 2013-11-23 04:45 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-25 19:37 - 2013-11-21 22:07 - 00000000 ____D () C:\Users\***\AppData\Roaming\Adobe
2014-04-24 20:23 - 2009-07-14 04:04 - 00000438 _____ () C:\Window***\Documents\AdobeStockPhotos
2014-04-24 19:36 - 2012-08-24 13:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-22 19:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 08:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-21 19:07 - 2014-04-21 19:00 - 79086728 _____ (Lightworks) C:\Users\***\Downloads\lightworks_v11.5.1_full_32bit.exe
2014-04-21 19:02 - 2014-04-21 19:02 - 01908225 _____ () C:\Users\***\Downloads\VirtualDub-1.10.4.zip
2014-04-18 12:11 - 2013-11-29 16:33 - 00000000 ____D () C:\ProgramData\ORCA AVA
2014-04-17 13:54 - 2014-04-17 13:46 - 24145786 _____ () C:\Users\Default\Downloads\976546.flv
2014-04-17 13:54 - 2014-04-17 13:46 - 24145786 _____ () C:\Users\Default User\Downloads\976546.flv
2014-04-17 12:57 - 2014-04-17 12:34 - 98418176 _____ () C:\Users\Default\Downloads\2833384.flv
2014-04-17 12:57 - 2014-04-17 12:34 - 98418176 _____ () C:\Users\Default User\Downloads\2833384.flv
2014-04-16 18:48 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 10:10 - 2014-04-16 10:10 - 00020736 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt32.sys
2014-04-16 10:10 - 2014-04-16 10:10 - 00001943 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-04-16 10:10 - 2014-04-16 10:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt32_01007.Wdf
2014-04-16 10:10 - 2014-04-16 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-04-16 10:10 - 2013-11-21 18:21 - 00056832 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-04-16 10:10 - 2013-11-21 18:21 - 00050176 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-04-16 10:09 - 2013-11-21 18:21 - 00101504 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-04-16 10:09 - 2013-11-21 18:21 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2014-04-16 10:09 - 2013-11-21 18:21 - 00044544 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-04-16 10:08 - 2013-11-21 18:19 - 00000000 ____D () C:\ProgramData\G Data
2014-04-16 10:08 - 2013-11-21 18:19 - 00000000 ____D () C:\Program Files\Common Files\G Data
2014-04-16 10:08 - 2012-08-24 14:45 - 00022158 _____ () C:\Windows\DPINST.LOG
2014-04-14 04:11 - 2014-05-06 18:19 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:07 - 2014-05-06 18:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 13:25 - 2014-04-10 12:57 - 111863875 _____ () C:\Users\Default\Downloads\2155873_hd.flv
2014-04-10 13:25 - 2014-04-10 12:57 - 111863875 _____ () C:\Users\Default User\Downloads\2155873_hd.flv
2014-04-10 11:25 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 11:19 - 2013-11-25 08:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:17 - 2013-11-25 08:33 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 07:00 - 2013-11-22 21:03 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 20:01
==================== End Of Log ============================
--- --- ---
--- --- ---
und Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-05-2014 01
Ran by Tomsk at 2014-05-09 15:28:49
Running from C:\Users\Tomsk\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoCAD Map 3D 2011 Language Pack - Deutsch (Version: 14.0.045.0 - Autodesk) Hidden
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0052.00 - Lenovo Group Limited)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01g - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
ORCA AVA (HKLM\...\{744D764A-4345-4632-A987-E1DBEAB892C8}) (Version: 17.00.0007 - ORCA)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Wireless HSDPA MiniCard (HKLM\...\{D2A6CB42-8327-4167-AB04-F4A15658F2BF}) (Version: 7.0.2.1300 - Sierra Wireless Inc)
Sierra Wireless MC57xx Package for Access Connections (Version: 6.30.0.3 - Sierra Wireless) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
System Explorer 4.6.0 (HKLM\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
XnView 2.11 (HKLM\...\XnView_is1) (Version: 2.11 - Gougelet Pierre-e)
==================== Restore Points =========================
05-05-2014 04:59:23 Windows Update
07-05-2014 04:35:03 Windows Update
09-05-2014 12:49:14 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {267CDBAE-730F-4417-8101-56801CD7BA30} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-16] (Lenovo Group Limited)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\\BthUdTask.exe [2009-07-14] (Microsoft Corporation)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\\aitagent.exe [2010-11-20] (Microsoft Corporation)
Task: {F0A4850A-4054-4A76-B41B-2CABF8698050} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Loaded Modules (whitelisted) =============
2013-12-28 19:10 - 2012-08-18 12:31 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2011-01-24 12:35 - 2011-01-24 12:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-08-24 14:45 - 2011-05-19 21:05 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-08-24 15:29 - 2012-05-16 06:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-05-09 12:04 - 2014-05-09 12:04 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
==================== Faulty Device Manager Devices =============
Name: HP Designjet T770 PostScript
Description: HP Designjet T770 PostScript
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2014 03:10:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 03:10:36 PM) (Source: LMS) (User: NT-AUTORITÄT) (EventID: 2)
Description: LMS Service cannot connect to HECI driver
System errors:
=============
Error: (05/09/2014 03:10:32 PM) (Source: NETLOGON) (User: ) (EventID: 3095)
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (05/09/2014 03:10:23 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/09/2014 03:09:15 PM) (Source: Service Control Manager) (User: ) (EventID: 7043)
Description: Der Dienst G Data Personal Firewall konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (05/09/2014 03:03:03 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 03:03:03 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 03:03:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 03:03:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 03:03:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 01:10:48 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (05/09/2014 03:10:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 03:10:36 PM) (Source: LMS) (User: NT-AUTORITÄT) (EventID: 2)
Description: LMS Service cannot connect to HECI driver
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 3046.3 MB
Available physical RAM: 2013.84 MB
Total Pagefile: 6088.83 MB
Available Pagefile: 4399.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.69 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:63.93 GB) (Free:24.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 0A7034EB)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=64 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
So funktioniert es:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
