Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe (https://www.trojaner-board.de/157152-win-8-firefox-malware-leitet-werbeseiten-um-doppelt-unterstrichene-begriffe.html)

Tina Zee 02.08.2014 08:31
Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe
 
Hallo zusammen.

Ich habe hier letzte Nacht festgestellt, dass ich mit diesem Problem nicht alleine bin und habe diverse Anweisungen (http://www.trojaner-board.de/141363-...linkungen.html) bereits befolgt und durchgeführt ... Malwarebytes Antimalware, AdwCleaner, Junkware Removal Tool, ESET Onlinescanner (hatte 40 Bedrohungen gefunden), Security Check (die txt.Dateien existieren noch)

Ich hoffe das war kein Fehler ... hat aber alles bisher nicht zum Erfolg geführt

Ich habe eine bezahlte "avast Internet Security" auf dem Rechner und bin völlig ratlos, warum die mir dauernd "ALLES OK" meldet ...

Also bitte ich jetzt Euch um Hilfe.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2014
Ran by Martina (administrator) on LENOVO-PC on 02-08-2014 09:11:55
Running from C:\Users\Martina\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\WINDOWS\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [53248 2013-09-26] (PFU LIMITED)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [183808 2014-05-06] (Geek Software GmbH)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [RkiwrtkS] => C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe [67464 2012-04-05] (PFU LIMITED)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-06] (Acresso Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-05-02] (NTeWORKS)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\MountPoints2: {b163cac4-55fa-11e3-bebe-f4b7e2f06094} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Best YouTube Downloader - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} [2014-07-29]
FF Extension: DownloadHelper - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-29]
FF Extension: Wired-Marker - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2014-07-31]
FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
S4 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [65536 2004-10-18] (OLYMPUS Corporation) [File not signed]
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-05-26] (IObit)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed]
R2 Update Service for Best YouTube Downloader; C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe [114688 2014-07-19] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv05; C:\WINDOWS\system32\drivers\acedrv05.sys [136192 2013-11-03] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 09:11 - 2014-08-02 09:12 - 00000000 ____D () C:\FRST
2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe
2014-08-02 09:11 - 2014-08-02 09:11 - 00025128 _____ () C:\Users\Martina\Downloads\FRST.txt
2014-08-02 09:02 - 2014-08-02 09:05 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem
2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe
2014-08-02 08:35 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-02 08:35 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-08-02 08:35 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-02 08:34 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-08-02 08:34 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-08-02 08:34 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-08-02 08:34 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe
2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 23:16 - 2014-08-02 09:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 23:16 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 23:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-01 23:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-01 23:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader
2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat
2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-01 20:12 - 2014-08-02 06:54 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe
2014-07-30 23:34 - 2014-07-30 23:35 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe
2014-07-30 12:45 - 2014-07-30 12:54 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm
2014-07-30 09:53 - 2014-07-30 09:54 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm
2014-07-30 01:45 - 2014-07-30 01:51 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm
2014-07-30 01:37 - 2014-07-30 01:42 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part
2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader
2014-07-29 13:05 - 2014-07-29 13:05 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe
2014-07-26 10:57 - 2014-07-26 10:58 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi
2014-07-26 10:44 - 2014-07-26 11:14 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6
2014-07-26 10:36 - 2014-07-26 11:04 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe
2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe
2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe
2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher
2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java
2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip
2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip
2014-07-19 18:50 - 2014-07-19 18:53 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip
2014-07-18 16:38 - 2014-07-19 13:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-18 16:38 - 2014-07-19 13:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-18 16:38 - 2014-07-19 13:27 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-18 16:37 - 2014-07-18 16:38 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 16:34 - 2014-07-18 16:35 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe
2014-07-17 11:12 - 2014-07-17 11:14 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe
2014-07-17 11:11 - 2014-07-17 11:12 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe
2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk
2014-07-13 20:42 - 2014-07-29 12:11 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe
2014-07-13 20:02 - 2014-07-13 20:12 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe
2014-07-13 19:49 - 2014-07-13 19:51 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe
2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-13 15:34 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-07-13 15:34 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 14:34 - 2014-07-12 14:53 - 00000000 ____D () C:\Users\Martina\MediathekView
2014-07-12 14:18 - 2014-07-12 14:30 - 00000000 ____D () C:\Users\Martina\.mediathek3
2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6
2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip
2014-07-12 13:00 - 2014-07-22 13:01 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software
2014-07-12 12:59 - 2014-07-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-11 12:32 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-11 12:32 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-11 12:32 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-07-11 12:32 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 12:32 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 12:32 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-11 12:32 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-11 12:32 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 12:32 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 12:32 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-11 12:32 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-11 12:32 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-11 12:32 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-07-10 08:42 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-07-10 08:42 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-07-10 08:42 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 08:42 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-07-10 08:41 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-07-10 08:32 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 08:32 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 08:32 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 08:16 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 08:16 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 08:16 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten
2014-07-05 14:51 - 2014-07-05 14:51 - 00001071 _____ () C:\Users\Martina\Desktop\ScanSnap iX500 - Verknüpfung.lnk
2014-07-05 10:31 - 2014-07-05 10:31 - 00000000 ____D () C:\Users\Martina\AppData\Local\PFU_LIMITED
2014-07-05 10:26 - 2014-07-05 10:26 - 00001062 _____ () C:\Users\Public\Desktop\Rack2-Filer Smart.lnk
2014-07-05 10:26 - 2014-07-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rack2-Filer Smart
2014-07-04 16:50 - 2014-07-04 16:50 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-07-04 16:50 - 2014-07-04 16:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 09:12 - 2014-08-02 09:11 - 00000000 ____D () C:\FRST
2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe
2014-08-02 09:11 - 2014-08-02 09:11 - 00025128 _____ () C:\Users\Martina\Downloads\FRST.txt
2014-08-02 09:07 - 2013-08-02 08:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1652106630-3679740725-1600711223-1002
2014-08-02 09:05 - 2014-08-02 09:02 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem
2014-08-02 09:04 - 2014-06-01 12:05 - 01480886 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-02 09:04 - 2013-04-07 22:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-02 09:02 - 2014-08-01 23:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 09:02 - 2014-06-01 07:56 - 00000420 _____ () C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job
2014-08-02 09:01 - 2014-06-11 18:31 - 00030852 _____ () C:\WINDOWS\PFRO.log
2014-08-02 09:01 - 2013-08-05 09:21 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl
2014-08-02 09:01 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-02 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-02 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-02 09:00 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-02 08:57 - 2013-08-06 17:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe
2014-08-02 08:46 - 2013-08-02 12:28 - 02739712 ___SH () C:\Users\Martina\Desktop\Thumbs.db
2014-08-02 08:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe
2014-08-02 06:55 - 2014-05-29 21:16 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-02 06:54 - 2014-08-01 20:12 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 23:44 - 2014-01-15 00:41 - 00000000 ____D () C:\Users\Martina\Desktop\Desktop Zwischenablage
2014-08-01 23:41 - 2014-05-13 13:51 - 00000000 ____D () C:\AdwCleaner
2014-08-01 23:16 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader
2014-08-01 20:17 - 2013-08-02 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-01 20:16 - 2013-08-02 12:59 - 00000000 ____D () C:\Users\Martina\AppData\Local\Google
2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat
2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe
2014-08-01 16:17 - 2012-07-26 07:26 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 20:21 - 2013-04-08 07:35 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-31 20:21 - 2013-04-08 07:35 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-31 20:21 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-31 11:05 - 2014-03-18 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 23:35 - 2014-07-30 23:34 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe
2014-07-30 23:35 - 2013-08-06 09:07 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-30 23:35 - 2013-08-06 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-30 23:35 - 2013-08-06 09:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 12:54 - 2014-07-30 12:45 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm
2014-07-30 09:54 - 2014-07-30 09:53 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm
2014-07-30 09:54 - 2013-08-04 13:31 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\vlc
2014-07-30 01:51 - 2014-07-30 01:45 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm
2014-07-30 01:42 - 2014-07-30 01:37 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part
2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader
2014-07-29 13:05 - 2014-07-29 13:05 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe
2014-07-29 12:11 - 2014-07-13 20:42 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe
2014-07-29 11:19 - 2013-08-04 00:04 - 00000000 ____D () C:\Users\Martina\dwhelper
2014-07-28 09:52 - 2013-08-24 13:18 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Skype
2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 11:14 - 2014-07-26 10:44 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6
2014-07-26 11:04 - 2014-07-26 10:36 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe
2014-07-26 10:59 - 2013-08-06 12:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-26 10:58 - 2014-07-26 10:57 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi
2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe
2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe
2014-07-26 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-25 18:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-07-25 07:24 - 2013-08-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher
2014-07-22 13:01 - 2014-07-12 13:00 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791
2014-07-22 13:01 - 2014-07-12 12:59 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-21 07:25 - 2013-08-02 21:49 - 00000000 ____D () C:\Users\Martina\Documents\02 My Privacy
2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java
2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip
2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip
2014-07-19 18:53 - 2014-07-19 18:50 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip
2014-07-19 13:27 - 2014-07-18 16:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-19 13:27 - 2014-07-18 16:38 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-19 13:27 - 2014-07-18 16:38 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-19 13:27 - 2014-06-17 20:34 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 13:27 - 2014-06-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 17:18 - 2014-06-01 12:15 - 01433027 _____ () C:\WINDOWS\setupact.log
2014-07-18 17:17 - 2014-06-05 11:06 - 00001984 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-07-18 16:54 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 16:38 - 2014-07-18 16:37 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 16:35 - 2014-07-18 16:34 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe
2014-07-17 11:14 - 2014-07-17 11:12 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe
2014-07-17 11:12 - 2014-07-17 11:11 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe
2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk
2014-07-16 09:31 - 2013-08-02 07:58 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Adobe
2014-07-13 20:12 - 2014-07-13 20:02 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe
2014-07-13 20:12 - 2013-08-02 22:46 - 00000000 ___RD () C:\Users\Martina\Dropbox
2014-07-13 19:51 - 2014-07-13 19:49 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe
2014-07-13 16:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 15:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\DropboxMaster
2014-07-13 15:41 - 2013-08-02 22:44 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Dropbox
2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:28 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 13:47 - 2013-08-05 10:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-13 13:44 - 2013-08-02 14:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-13 13:44 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 13:42 - 2013-08-02 09:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 14:53 - 2014-07-12 14:34 - 00000000 ____D () C:\Users\Martina\MediathekView
2014-07-12 14:34 - 2013-08-02 07:56 - 00000000 ____D () C:\Users\Martina
2014-07-12 14:30 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\.mediathek3
2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6
2014-07-12 14:16 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip
2014-07-12 13:33 - 2013-08-06 17:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-07 23:38 - 2014-05-02 09:47 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\dvdcss
2014-07-07 13:13 - 2014-04-07 11:33 - 00000000 ____D () C:\Users\Martina\Documents\ScanSnap
2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten
2014-07-06 11:11 - 2013-08-02 12:59 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-05 14:51 - 2014-07-05 14:51 - 00001071 _____ () C:\Users\Martina\Desktop\ScanSnap iX500 - Verknüpfung.lnk
2014-07-05 10:31 - 2014-07-05 10:31 - 00000000 ____D () C:\Users\Martina\AppData\Local\PFU_LIMITED
2014-07-05 10:31 - 2014-04-07 11:22 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\PFU
2014-07-05 10:26 - 2014-07-05 10:26 - 00001062 _____ () C:\Users\Public\Desktop\Rack2-Filer Smart.lnk
2014-07-05 10:26 - 2014-07-05 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rack2-Filer Smart
2014-07-05 10:26 - 2014-04-07 12:40 - 00000000 ____D () C:\ProgramData\PFU
2014-07-05 10:24 - 2014-04-07 11:10 - 00000000 ____D () C:\Program Files (x86)\PFU
2014-07-04 16:50 - 2014-07-04 16:50 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-07-04 16:50 - 2014-07-04 16:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-04 16:50 - 2014-04-25 09:15 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-04 16:50 - 2014-04-09 09:58 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-04 16:50 - 2014-04-09 09:58 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

Files to move or delete:
====================
C:\ProgramData\Lenovo-8204.vbs


Some content of TEMP:
====================
C:\Users\Martina\AppData\Local\Temp\APNSetup.exe
C:\Users\Martina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkbmxe.dll
C:\Users\Martina\AppData\Local\Temp\Execute2App.exe
C:\Users\Martina\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\Martina\AppData\Local\Temp\msvcp90.dll
C:\Users\Martina\AppData\Local\Temp\msvcr90.dll
C:\Users\Martina\AppData\Local\Temp\Quarantine.exe
C:\Users\Martina\AppData\Local\Temp\SHSetup.exe
C:\Users\Martina\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 08:25

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2014
Ran by Martina at 2014-08-02 09:13:30
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader for ScanSnap (TM) 5.0 (HKLM-x32\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
BelegManager (HKLM-x32\...\{FBF4C1A4-C82A-4678-8382-CFDCEE14D515}) (Version: 1.00.0000 - Wolters Kluwer Deutschland GmbH)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Best YouTube Downloader (HKLM-x32\...\Best YouTube Downloader) (Version: 1.5.3 - Neobars)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.0L10 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Delicious (HKCU\...\hxxp://delicious.com) (Version:  - )
DirPrintOK (HKLM-x32\...\DirPrintOK) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Evernote v. 4.5.8 (HKLM-x32\...\{DED01768-E634-11E1-AEB0-984BE15F174E}) (Version: 4.5.8.7356 - Evernote Corp.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Klett Lehrersoftware Red Line (LM 4) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 4)) (Version:  - )
Klett Lehrersoftware Red Line (LM 5) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 5)) (Version:  - )
Klett Lernsoftware Mathematik - Einblicke 9 (HKLM-x32\...\Klett Lernsoftware Mathematik - Einblicke 9_is1) (Version:  - )
Klett Lernsoftware Mathematik - Schnittpunkt (4. Lernjahr) 8 BW (HKLM-x32\...\Klett Lernsoftware Mathematik - Schnittpunkt (4.~93F79701_is1) (Version:  - )
Klett Mathetrainer 10 (HKLM-x32\...\Klett Mathetrainer 10_is1) (Version:  - )
KV-WIN (HKLM-x32\...\{54613ADC-0DDC-4BFE-8D25-281272D58D5D}) (Version: 7.113.6 - MORGEN & MORGEN)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LV-WIN (HKLM-x32\...\{BFC1E04D-AA94-4E5F-A220-89209FF0FA3A}) (Version: 7.113.6 - MORGEN & MORGEN)
Magic Desktop (HKLM-x32\...\{A96758C2-3ED3-4035-BD35-7194ED35AB92}) (Version: 1.00.2250 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neevia PDFcompress v3.5 (HKLM-x32\...\Neevia PDFcompress_is1) (Version:  - neeviaPDF.com)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Olympus DSS Player (HKLM-x32\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 23.0.1522.60 (HKLM-x32\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.3 - NTeWORKS)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Rack2-Filer Smart (HKLM-x32\...\{3793727D-CC1F-40CC-BEA6-1E04539714ED}) (Version: 1.00.0012 - PFU LIMITED)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.1L11 - PFU)
ScanSnap Manager (x32 Version: 6.1.11.2.4 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.0L11 - PFU)
ScanSnap Organizer (x32 Version: 5.0.11.1 - PFU LIMITED) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Softwarenetz Fahrtenbuch2 (HKLM-x32\...\Fahrtenbuch2) (Version:  - Softwarenetz)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version:  - Softwarenetz)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version:  - Softwarenetz)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Steuer-Spar-Erklärung Selbstständige 2012 (HKLM-x32\...\{9D1F3849-C808-4D5F-AB86-C8DD27B24439}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung Selbstständige 2013 (HKLM-x32\...\{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Martina\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-07-2014 12:15:29 Installed Java 8 Update 5
18-07-2014 14:37:00 Installed Java 7 Update 65
25-07-2014 05:19:36 Windows Update
26-07-2014 08:58:09 Dot4 wird installiert
01-08-2014 17:39:47 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 17:47:54 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 18:13:02 Installed SpyHunter
02-08-2014 04:52:00 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {212A5001-F299-4F98-99D6-E234C179E989} - System32\Tasks\Opera scheduled Autoupdate 1405162791 => C:\Program Files (x86)\Opera\launcher.exe [2014-07-18] (Opera Software)
Task: {2190BDB8-D7C5-43B9-AA04-C53ABC6D9184} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {36143B39-7C47-4FE5-A62D-AAA73900E896} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {4337FFEB-74D2-497F-AD9B-3330BA744750} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {554DF1F8-9A06-4334-B47B-77E2F929A8B8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5F66191A-8E53-475B-83A2-BDFD6E583948} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {64004EF0-4EDA-43E2-AF48-7EDFC0A5B1F7} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-05-26] (IObit)
Task: {70E8F7AF-F0B1-4ACB-BC36-E3DAFA303290} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {763DCDBC-39FF-4A75-9DFD-C19406D5BDD6} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-03-14] (Microsoft)
Task: {80EF7B72-DC16-40A1-A554-ECE32978D598} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {A2663767-C3B8-4360-9790-267B1C9D7171} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()
Task: {B6FBDAD0-7DFA-4C65-B5CB-A23D281076DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
Task: {BB24F679-4849-4747-A847-3A2AB26771FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C3983FEE-E76A-4EE6-A45B-6C82B9F6E16B} - System32\Tasks\RegInOut on user logon - Martina => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC0A0224-A31C-47A1-94E6-24803ABCDEB3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {DAE4A480-805B-4479-A779-CFC8FE820136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EA81D209-10E0-4E18-9815-C30890BE2A16} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F083E840-E69B-477D-A3EF-A2B1995D2F42} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {FD368452-5A59-45DD-8D70-B992DFE31867} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-12-26 19:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-07 22:17 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-12 13:04 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-10-12 13:04 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-07-19 06:03 - 2014-07-19 06:03 - 00114688 _____ () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
2014-07-04 16:50 - 2014-07-04 16:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 19:39 - 2014-08-01 19:39 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2014-06-02 08:33 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-07 11:15 - 2012-06-25 16:54 - 00599419 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\sqlite3.dll
2014-04-07 11:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2014-04-07 11:10 - 2013-04-24 14:50 - 00421888 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-04-07 11:10 - 2012-09-05 11:25 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-04-07 11:10 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-04-07 11:10 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-04-07 11:10 - 2011-12-06 14:00 - 00897024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-18 23:14 - 2014-07-30 00:18 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DM1Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StartMenuService => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Detector 3.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKCU\...\StartupApproved\Run: => "ISUSPM"
HKCU\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 09:00:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/02/2014 09:00:43 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/02/2014 08:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 08:44:01 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/02/2014 07:05:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 07:05:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 07:05:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 06:55:59 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/02/2014 06:54:32 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LENOVO-PC)
Description: Die Anwendung oder der Dienst "SpyHunter4 application" konnte nicht heruntergefahren werden.


System errors:
=============
Error: (08/02/2014 09:01:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 09:00:37 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (08/02/2014 08:45:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 06:56:29 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (05/17/2014 03:11:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 154173 seconds with 5280 seconds of active time.  This session ended with a crash.

Error: (05/13/2014 00:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18897 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (01/18/2014 00:04:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 87142 seconds with 2820 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-02 09:01:21.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 08:45:18.408
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 06:56:42.564
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 23:42:01.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 23:32:07.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 20:06:31.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 11:05:28.830
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-28 16:12:25.174
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 11:43:15.466
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-23 11:50:10.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8055.77 MB
Available physical RAM: 5393.51 MB
Total Pagefile: 9271.77 MB
Available Pagefile: 6783.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:753.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 914B441A)

Partition: GPT Partition Type.

==================== End Of Log ============================

Tina Zee 02.08.2014 09:00
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting,
Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started,
Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting,
Protection, 01.08.2014 23:16:26, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started,
Update, 01.08.2014 23:16:28, SYSTEM, LENOVO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 01.08.2014 23:16:46, SYSTEM, LENOVO-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.1.5,
Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Refresh, Starting,
Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 01.08.2014 23:17:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Refresh, Success,
Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting,
Protection, 01.08.2014 23:17:09, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started,
Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting,
Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started,
Protection, 01.08.2014 23:32:56, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting,
Protection, 01.08.2014 23:33:01, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started,

(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01.08.2014
Scan Time: 23:17:05
Logfile: 140801 MBAM Scanning History Log.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.08.01.05
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Martina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306005
Time Elapsed: 12 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7F2F43AC-A6F0-4685-A6BD-6550C3836F91}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{58BB7423-A9E3-47E0-9742-61E3BC3D5A18}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{58BB7423-A9E3-47E0-9742-61E3BC3D5A18}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7F2F43AC-A6F0-4685-A6BD-6550C3836F91}, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SquirrelWeb, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, HKLM\SOFTWARE\WOW6432NODE\SquirrelWeb, Quarantined, [125716ab403b3cfacdc6d34c6e9627d9],
PUP.Optional.SquirrelWeb.A, HKU\S-1-5-21-1652106630-3679740725-1600711223-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SquirrelWeb, Quarantined, [c3a611b05328e94d563ea679010343bd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],

Files: 5
PUP.Optional.OpenCandy, C:\Users\Martina\Downloads\PhotoScape_V3.6.5.exe, Quarantined, [8bde4978b4c73501fa08994945bfb34d],
PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWeb.ico, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWebBHO.dll, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\SquirrelWebUninstall.exe, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],
PUP.Optional.SquirrelWeb.A, C:\Program Files (x86)\SquirrelWeb\updateSquirrelWeb.exe, Quarantined, [5a0ff4cd7ffca393efa3918ecc38d22e],

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Martina on 01.08.2014 at 23:48:47,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Martina\AppData\Roaming\mozilla\firefox\profiles\6to7x2jt.default-1404712144356\prefs.js

user_pref("extensions.5b3b7c2afb3f46ffb50f1c7c8fe92f36.localStoragecom.ab.advertising.ad.AdvertiseCOM_intext.common_data", "\"eyJpZCI6IjEyIiwibmFtZSI6IkFkdmVydGlzZUNPTV9pbnRle
user_pref("extensions.5b3b7c2afb3f46ffb50f1c7c8fe92f36.localStoragecom.ab.advertising.ad.DealPly.common_data", "\"eyJpZCI6IjIzIiwibmFtZSI6IkRlYWxQbHkiLCJ1cmwiOiJodHRwOi8vZmlsZ
Emptied folder: C:\Users\Martina\AppData\Roaming\mozilla\firefox\profiles\6to7x2jt.default-1404712144356\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at  6:49:59,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir        Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir        Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir        Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir        Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir        Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir        Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir        Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir        Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe.vir        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\456a7aaa4898da7bbdff88a06fd66a2a\MyPhoneExplorer_1.8.5.exe.vir        Win32/DownWare.L evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\ABC teaching\_pupils\Michelle - Krabat usw\BerlinervonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe        Win32/Somoto.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\adobe-flash-player-for-64-bit-windows_setup.exe        Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\mahjong.exe        Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\PDFCreator-1_7_1_setup.exe        Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick26_inst.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst328.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer(1).exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Angry IP Scanner - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Junkware Removal Tool - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\MediathekView - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\MyPhoneExplorer - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Office Vorlagen Top 50 Pack - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\OpenOffice - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\OpenOffice offizielles Vorlagenpaket - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Opera - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\PDFCreator-1_7_3_setup.exe        Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Personal Backup - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_333inst.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_inst-3.3.0.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\picpick_inst_331.exe        Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\reginout_setup.exe        Mehrere Bedrohungen        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Martina\Downloads\Revo Uninstaller - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Samsung Kies - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\SpiderOak - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\Martina\Downloads\Zattoo - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2725197c882b264e8528f889d7d91d1f
# engine=19464
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-02 06:38:55
# local_time=2014-08-02 08:38:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 96 45158 9931219 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5275862 11352424 0 0
# scanned=249123
# found=40
# cleaned=40
# scan_time=5407
sh=19A9D79A96AA8133AA10546D440F8049FEC45261 ft=1 fh=64f4e669a01b7e7c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=1F574BFEF2A0958496E684ACA4F3F2E1F85DD6CE ft=1 fh=1abf73cff647d1b5 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=D4DC02B4AC9316700F2F5A95BF11A48C1BCB98C9 ft=1 fh=8bab25556a7d729a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E8A32149C1221F5B8694E2999BFF0B9ACFBE1DCC ft=1 fh=79afd1c4006030eb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=ECF7023B3AD76F29BD7EF5DE4926C99826289041 ft=1 fh=151b867e28c46231 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1AABC9516F78675BBA63E865FC14259E2DD6B18C ft=1 fh=27e90cb0da2da6dd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=C7503F846F47819BA49BE6A8EB87E094C012D6AB ft=1 fh=2a7e0f6b6b94c09b vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=AFA7B3C2D0452211D736AF40E5E94CDAACE0BC03 ft=1 fh=54ae330ed9e71419 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Martina\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\456a7aaa4898da7bbdff88a06fd66a2a\MyPhoneExplorer_1.8.5.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=EE5D21744C192C7FE80EFFCA349F53886D30E7D6 ft=1 fh=fe76caba6c65e116 vn="Win32/Somoto.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\ABC teaching\_pupils\Michelle - Krabat usw\BerlinervonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe"
sh=D791C2B78450956563670BE5BAD0068069A2DB58 ft=1 fh=c71c001137204650 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\adobe-flash-player-for-64-bit-windows_setup.exe"
sh=7AD7D1BCE688BB590A89BBF403DDEFD139F12B30 ft=1 fh=5b10c69677ec3e71 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\mahjong.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\PDFCreator-1_7_1_setup.exe"
sh=5115311E34260AF7A85F1B910BDA7185B3858834 ft=1 fh=f64756f81c0e55b5 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick26_inst.exe"
sh=87D0C5FD58DB8B74BB056F161A891498E56E8DD5 ft=1 fh=63a456f7817a8f4f vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst.exe"
sh=413FA20C5887A35B4DCD9274CC2E143F31B13100 ft=1 fh=65bcca7ded8fcd4c vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Documents\01 My Business\OO office organizing\picpick_inst328.exe"
sh=9B07920006AC114DA0CCF68F1C384A1A960ED75E ft=1 fh=337b8dff9700f16d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer(1).exe"
sh=708BC09A2F0F295F5B84868F537F28ED095C2C22 ft=1 fh=262f53d0fba7d672 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\AdwCleaner - CHIP-Installer.exe"
sh=51EE7E0F64AED6A0CD27E098F40821CCF9B9E685 ft=1 fh=1cbfff55588eb226 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Angry IP Scanner - CHIP-Installer.exe"
sh=B6811FCE0651FE0AA88A6EE7749885260C16C20D ft=1 fh=c3e1d11626ade648 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=36E2B26B109F3C690053AF0539AD6AED7FE2433E ft=1 fh=f11055d2f219e929 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Junkware Removal Tool - CHIP-Installer.exe"
sh=96CDE6F910CFFE301CC8ABDFAEAF5F9F63197508 ft=1 fh=c4bd8f9d3aa6d1fa vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\MediathekView - CHIP-Installer.exe"
sh=0873115CDC0FB208E477C499CED185ECEF27694D ft=1 fh=50134d8d40f9fad0 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\MyPhoneExplorer - CHIP-Installer.exe"
sh=A2AEB16E1B503FB50591A38C02E49F2F1E7842B7 ft=1 fh=455d0aefbd9a0775 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Office Vorlagen Top 50 Pack - CHIP-Installer.exe"
sh=85F8F2C2014C6849F50A87B1752037F6B6772E35 ft=1 fh=46269d4ee93b53db vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\OpenOffice - CHIP-Installer.exe"
sh=93596A439566663D0410B73B547CC6B7E343A057 ft=1 fh=add184adf083e30a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\OpenOffice offizielles Vorlagenpaket - CHIP-Installer.exe"
sh=1983AA789FA0A7A65E637D2E163B98108638AE90 ft=1 fh=3f23d5fe1169db57 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Opera - CHIP-Installer.exe"
sh=663F12BD27FEB069D3464270E43F8A02089312A3 ft=1 fh=670eb494ede74dee vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\PDFCreator-1_7_3_setup.exe"
sh=A83C0C4A209C6B1302CEF3ECC804260C980CEFD1 ft=1 fh=34131789163bbc22 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Personal Backup - CHIP-Installer.exe"
sh=0ABC8ADF9D9E13D3D9BC26A52E01E51147905548 ft=1 fh=c48ce4d4114f6e4f vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_333inst.exe"
sh=D5C6A637D1BF0D61F60BBF293FFF5133307DB528 ft=1 fh=f46e862e906b9486 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_inst-3.3.0.exe"
sh=F6A2FFF6E12DDA10C85E740D9E9A5F83102F1D51 ft=1 fh=3489e83bfbbdf76a vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\picpick_inst_331.exe"
sh=C514A1A086FACED27A0A1F47D1FD1AFDA02E4F13 ft=1 fh=7e9d68697073312d vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\reginout_setup.exe"
sh=F14FF3D5DDE145E45102B6A08FD6312290A9F1BF ft=1 fh=92462fdce21d64c4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Revo Uninstaller - CHIP-Installer.exe"
sh=7048E1195286B6B5ABB620F35F3BC944112D923D ft=1 fh=3a165938ba31ad2c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Samsung Kies - CHIP-Installer.exe"
sh=E013F71B3A3E4E678B5E162630D122F66F59985C ft=1 fh=04e6437f9ca917ac vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\SpiderOak - CHIP-Installer.exe"
sh=CEB6D78A43A3D97778C03A5303253D5B12FA829D ft=1 fh=ebb63204d13aade1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Martina\Downloads\Zattoo - CHIP-Installer.exe"
Code:
Results of screen317's Security Check version 0.99.85 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60 
 Java 8 Update 11 
 Adobe Flash Player        14.0.0.145 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Tina Zee 05.08.2014 06:33
Was habe ich denn falsch gemacht, dass hier gar niemand reagiert?

cosinus 06.08.2014 09:59
Hi,

Zitat:
Was habe ich denn falsch gemacht, dass hier gar niemand reagiert?
Weil du dir hier im Thread zuerst selbst geantwortet hast. Hier im Malwarebereich beachten wir nur unbeantwortete Threads.

Zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Tina Zee 06.08.2014 10:22
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2014
Ran by Martina (administrator) on LENOVO-PC on 06-08-2014 11:17:48
Running from C:\Users\Martina\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\phase-6\phase-6\jre6\bin\javaw.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Update\ScanSnapUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Softwarenetz) C:\Softwarenetz\Haushaltsbuch4\hausbuch4.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [53248 2013-09-26] (PFU LIMITED)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [183808 2014-05-06] (Geek Software GmbH)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [RkiwrtkS] => C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe [67464 2012-04-05] (PFU LIMITED)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-06] (Acresso Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-05-02] (NTeWORKS)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1652106630-3679740725-1600711223-1002\...\MountPoints2: {b163cac4-55fa-11e3-bebe-f4b7e2f06094} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {AB6E8CAB-6490-465F-B299-2323AD4C5D46} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Best YouTube Downloader -> {5B3B7C2A-FB3F-46FF-B50F-1C7C8FE92F36} -> C:\Program Files (x86)\Best YouTube Downloader\Toolbar32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-03]
FF Extension: DownloadHelper - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-29]
FF Extension: Wired-Marker - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2014-07-31]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\extension@hidemyass.com.xpi [2014-08-03]
FF Extension: NoScript - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-02]
FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\6to7x2jt.default-1404712144356\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
S4 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [65536 2004-10-18] (OLYMPUS Corporation) [File not signed]
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-05-26] (IObit)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed]
R2 Update Service for Best YouTube Downloader; C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe [114688 2014-07-19] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv05; C:\WINDOWS\system32\drivers\acedrv05.sys [136192 2013-11-03] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 07:14 - 2014-08-05 07:14 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64(1).msi
2014-08-05 07:14 - 2014-08-05 07:14 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(2).msi
2014-08-05 07:14 - 2014-08-05 07:14 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6(1).msi
2014-08-05 07:12 - 2014-08-05 07:12 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64.msi
2014-08-05 07:12 - 2014-08-05 07:12 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(1).msi
2014-08-05 07:12 - 2014-08-05 07:12 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6.msi
2014-08-05 06:59 - 2014-08-05 06:59 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64.msi
2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Martina\AppData\Local\Conexant
2014-08-04 16:10 - 2014-08-04 16:10 - 00130803 _____ () C:\Users\Martina\Desktop\Michael_F.html
2014-08-02 21:45 - 2014-08-02 21:45 - 00448512 _____ (OldTimer Tools) C:\Users\Martina\Downloads\TFC.exe
2014-08-02 21:29 - 2014-08-02 21:35 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-02 21:29 - 2014-08-02 21:29 - 00001094 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-02 21:27 - 2014-08-02 21:27 - 04095448 _____ (BrightFort LLC ) C:\Users\Martina\Downloads\spywareblastersetup50.exe
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinPatrol
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-02 21:15 - 2014-08-02 21:16 - 01156136 _____ (Ruiware) C:\Users\Martina\Downloads\wpsetup.exe
2014-08-02 21:08 - 2014-08-06 07:08 - 00002262 _____ () C:\WINDOWS\SecuniaPackage.log
2014-08-02 21:01 - 2014-08-02 21:01 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Users\Martina\AppData\Local\Secunia PSI
2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-02 20:37 - 2014-08-02 20:37 - 05329480 _____ (Secunia) C:\Users\Martina\Downloads\PSISetup_3.0.0.9016.exe
2014-08-02 20:28 - 2014-08-02 20:29 - 00538220 _____ () C:\Users\Martina\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-02 13:50 - 2014-08-02 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-02 13:20 - 2014-08-06 11:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ClassicShell
2014-08-02 13:20 - 2014-08-02 13:20 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\Program Files\Classic Shell
2014-08-02 13:17 - 2014-08-02 13:17 - 00826192 _____ (Chip Digital GmbH) C:\Users\Martina\Downloads\Classic Shell - CHIP-Installer.exe
2014-08-02 09:13 - 2014-08-02 09:14 - 00047779 _____ () C:\Users\Martina\Downloads\Addition.txt
2014-08-02 09:11 - 2014-08-06 11:18 - 00028312 _____ () C:\Users\Martina\Downloads\FRST.txt
2014-08-02 09:11 - 2014-08-06 11:17 - 00000000 ____D () C:\FRST
2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe
2014-08-02 09:02 - 2014-08-04 07:00 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem
2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe
2014-08-02 08:35 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-02 08:35 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-08-02 08:35 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-08-02 08:35 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-02 08:34 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-08-02 08:34 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-08-02 08:34 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-08-02 08:34 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe
2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 23:16 - 2014-08-06 08:05 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 23:16 - 2014-08-02 13:52 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 23:16 - 2014-08-02 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 23:16 - 2014-08-02 13:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 23:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-01 23:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-01 23:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader
2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat
2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe
2014-07-30 23:34 - 2014-07-30 23:35 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe
2014-07-30 12:45 - 2014-07-30 12:54 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm
2014-07-30 09:53 - 2014-07-30 09:54 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm
2014-07-30 01:45 - 2014-07-30 01:51 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm
2014-07-30 01:37 - 2014-07-30 01:42 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part
2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader
2014-07-29 13:05 - 2014-08-06 07:08 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe
2014-07-26 10:57 - 2014-07-26 10:58 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi
2014-07-26 10:44 - 2014-07-26 11:14 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6
2014-07-26 10:36 - 2014-07-26 11:04 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe
2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe
2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe
2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher
2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java
2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip
2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip
2014-07-19 18:50 - 2014-07-19 18:53 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip
2014-07-18 16:38 - 2014-07-19 13:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-18 16:38 - 2014-07-19 13:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-18 16:38 - 2014-07-19 13:27 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-18 16:37 - 2014-07-18 16:38 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 16:34 - 2014-07-18 16:35 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe
2014-07-17 11:12 - 2014-07-17 11:14 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe
2014-07-17 11:11 - 2014-07-17 11:12 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe
2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk
2014-07-13 20:42 - 2014-07-29 12:11 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe
2014-07-13 20:02 - 2014-07-13 20:12 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe
2014-07-13 19:49 - 2014-07-13 19:51 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe
2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-13 15:34 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-07-13 15:34 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 14:34 - 2014-07-12 14:53 - 00000000 ____D () C:\Users\Martina\MediathekView
2014-07-12 14:18 - 2014-07-12 14:30 - 00000000 ____D () C:\Users\Martina\.mediathek3
2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6
2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip
2014-07-12 13:00 - 2014-07-22 13:01 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software
2014-07-12 12:59 - 2014-07-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-11 12:32 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-11 12:32 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-11 12:32 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-07-11 12:32 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-11 12:32 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 12:32 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 12:32 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-11 12:32 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-11 12:32 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-11 12:32 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 12:32 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 12:32 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 12:32 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-11 12:32 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-11 12:32 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-11 12:32 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-11 12:32 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-07-10 08:42 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-07-10 08:42 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-07-10 08:42 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 08:42 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-07-10 08:41 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-07-10 08:32 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 08:32 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 08:32 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 08:16 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 08:16 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 08:16 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 11:18 - 2014-08-02 09:11 - 00028312 _____ () C:\Users\Martina\Downloads\FRST.txt
2014-08-06 11:17 - 2014-08-02 13:20 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ClassicShell
2014-08-06 11:17 - 2014-08-02 09:11 - 00000000 ____D () C:\FRST
2014-08-06 11:09 - 2013-08-24 13:18 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Skype
2014-08-06 11:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-06 10:57 - 2013-08-06 17:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-06 10:44 - 2013-08-02 09:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-06 10:41 - 2012-07-26 07:26 - 00000269 _____ () C:\WINDOWS\win.ini
2014-08-06 08:49 - 2013-08-02 12:28 - 02854400 ___SH () C:\Users\Martina\Desktop\Thumbs.db
2014-08-06 08:05 - 2014-08-01 23:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 07:49 - 2014-06-01 12:05 - 01789684 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 07:19 - 2013-08-02 08:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1652106630-3679740725-1600711223-1002
2014-08-06 07:08 - 2014-08-02 21:08 - 00002262 _____ () C:\WINDOWS\SecuniaPackage.log
2014-08-06 07:08 - 2014-07-29 13:05 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-06 07:04 - 2013-04-08 07:35 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-06 07:04 - 2013-04-08 07:35 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-06 07:04 - 2013-04-07 22:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-06 07:04 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-06 07:01 - 2014-06-01 07:56 - 00000420 _____ () C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job
2014-08-06 06:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-05 14:13 - 2014-06-05 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-05 14:13 - 2014-06-05 09:19 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Samsung
2014-08-05 14:13 - 2014-06-05 09:06 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-05 14:13 - 2013-04-07 22:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 07:18 - 2013-08-05 09:21 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl
2014-08-05 07:18 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-05 07:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-05 07:14 - 2014-08-05 07:14 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64(1).msi
2014-08-05 07:14 - 2014-08-05 07:14 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(2).msi
2014-08-05 07:14 - 2014-08-05 07:14 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6(1).msi
2014-08-05 07:12 - 2014-08-05 07:12 - 03707392 _____ () C:\Users\Martina\Downloads\msxml6_ia64.msi
2014-08-05 07:12 - 2014-08-05 07:12 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64(1).msi
2014-08-05 07:12 - 2014-08-05 07:12 - 01488384 _____ () C:\Users\Martina\Downloads\msxml6.msi
2014-08-05 06:59 - 2014-08-05 06:59 - 02617344 _____ () C:\Users\Martina\Downloads\msxml6_x64.msi
2014-08-04 19:44 - 2013-08-04 13:31 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\vlc
2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Martina\AppData\Local\Conexant
2014-08-04 19:10 - 2013-04-07 22:20 - 00000000 ____D () C:\ProgramData\Conexant
2014-08-04 16:10 - 2014-08-04 16:10 - 00130803 _____ () C:\Users\Martina\Desktop\Michael_F.html
2014-08-04 07:27 - 2014-06-05 09:57 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\MyPhoneExplorer
2014-08-04 07:00 - 2014-08-02 09:02 - 00000000 ____D () C:\Users\Martina\Desktop\Malware Problem
2014-08-04 07:00 - 2014-01-15 00:41 - 00000000 ____D () C:\Users\Martina\Desktop\Desktop Zwischenablage
2014-08-02 21:58 - 2014-06-11 18:31 - 00031670 _____ () C:\WINDOWS\PFRO.log
2014-08-02 21:49 - 2014-05-29 21:16 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-02 21:45 - 2014-08-02 21:45 - 00448512 _____ (OldTimer Tools) C:\Users\Martina\Downloads\TFC.exe
2014-08-02 21:38 - 2013-04-07 22:43 - 00000000 ____D () C:\ProgramData\Temp
2014-08-02 21:35 - 2014-08-02 21:29 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-02 21:29 - 2014-08-02 21:29 - 00001094 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-02 21:29 - 2014-08-02 21:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-02 21:27 - 2014-08-02 21:27 - 04095448 _____ (BrightFort LLC ) C:\Users\Martina\Downloads\spywareblastersetup50.exe
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinPatrol
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-02 21:17 - 2014-08-02 21:17 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-02 21:16 - 2014-08-02 21:15 - 01156136 _____ (Ruiware) C:\Users\Martina\Downloads\wpsetup.exe
2014-08-02 21:01 - 2014-08-02 21:01 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Users\Martina\AppData\Local\Secunia PSI
2014-08-02 21:01 - 2014-08-02 21:01 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-02 20:37 - 2014-08-02 20:37 - 05329480 _____ (Secunia) C:\Users\Martina\Downloads\PSISetup_3.0.0.9016.exe
2014-08-02 20:29 - 2014-08-02 20:28 - 00538220 _____ () C:\Users\Martina\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-02 13:52 - 2014-08-01 23:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 13:52 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 13:52 - 2014-08-01 23:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 13:50 - 2014-08-02 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-02 13:20 - 2014-08-02 13:20 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-08-02 13:19 - 2014-08-02 13:19 - 00000000 ____D () C:\Program Files\Classic Shell
2014-08-02 13:17 - 2014-08-02 13:17 - 00826192 _____ (Chip Digital GmbH) C:\Users\Martina\Downloads\Classic Shell - CHIP-Installer.exe
2014-08-02 10:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-02 09:14 - 2014-08-02 09:13 - 00047779 _____ () C:\Users\Martina\Downloads\Addition.txt
2014-08-02 09:11 - 2014-08-02 09:11 - 02094080 _____ (Farbar) C:\Users\Martina\Downloads\FRST64.exe
2014-08-02 08:56 - 2014-08-02 08:56 - 00854390 _____ () C:\Users\Martina\Downloads\SecurityCheck.exe
2014-08-02 08:44 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-02 07:05 - 2014-08-02 07:05 - 02347384 _____ (ESET) C:\Users\Martina\Downloads\esetsmartinstaller_deu.exe
2014-08-01 23:48 - 2014-08-01 23:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 23:41 - 2014-05-13 13:51 - 00000000 ____D () C:\AdwCleaner
2014-08-01 23:16 - 2014-08-01 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 23:14 - 2014-08-01 23:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martina\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 20:17 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Best YouTube Downloader
2014-08-01 20:17 - 2013-08-02 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-01 20:16 - 2013-08-02 12:59 - 00000000 ____D () C:\Users\Martina\AppData\Local\Google
2014-08-01 20:14 - 2014-08-01 20:14 - 00000000 _____ () C:\autoexec.bat
2014-08-01 20:13 - 2014-08-01 20:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-01 19:15 - 2014-08-01 19:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martina\Downloads\SpyHunter-installer.exe
2014-07-31 11:05 - 2014-03-18 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 23:35 - 2014-07-30 23:34 - 04813544 _____ (Piriform Ltd) C:\Users\Martina\Downloads\ccsetup416.exe
2014-07-30 12:54 - 2014-07-30 12:45 - 298907924 _____ () C:\Users\Martina\Downloads\-Die-Anstalt-29042014-Weiterverbreiten-Das-Original-wurde-bereits-verboten-YouTube.webm
2014-07-30 09:54 - 2014-07-30 09:53 - 18957146 _____ () C:\Users\Martina\Downloads\-Dr-Nikolai-Worm-Ohne-Sonne-geht-es-nicht-YouTube.webm
2014-07-30 01:51 - 2014-07-30 01:45 - 188478327 _____ () C:\Users\Martina\Downloads\stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm
2014-07-30 01:42 - 2014-07-30 01:37 - 145669040 _____ () C:\Users\Martina\Downloads\-stoersendertv-exklusiv-Benefizgala-Teil-2-Episode-6-YouTube.webm.part
2014-07-29 13:07 - 2014-07-29 13:07 - 00000000 ____D () C:\Program Files (x86)\Best YouTube Downloader
2014-07-29 12:45 - 2014-07-29 12:45 - 01755542 _____ (Neobars) C:\Users\Martina\Downloads\best_youtube_downloader.exe
2014-07-29 12:11 - 2014-07-13 20:42 - 00000000 ____D () C:\Users\Martina\AppData\Local\Adobe
2014-07-29 11:19 - 2013-08-04 00:04 - 00000000 ____D () C:\Users\Martina\dwhelper
2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 11:43 - 2013-08-19 17:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 11:14 - 2014-07-26 10:44 - 00000000 ____D () C:\Users\Martina\Documents\park-v1.7.6
2014-07-26 11:04 - 2014-07-26 10:36 - 19495200 _____ () C:\Users\Martina\Downloads\upd-ps-x64-5.8.0.17508.exe
2014-07-26 10:59 - 2013-08-06 12:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-26 10:58 - 2014-07-26 10:57 - 03616768 _____ () C:\Users\Martina\Downloads\Dot4x64.msi
2014-07-26 09:41 - 2014-07-26 09:41 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2014-07-26 09:41 - 2014-07-26 09:41 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2014-07-26 09:33 - 2014-07-26 09:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Martina\Downloads\setup(1).exe
2014-07-26 09:32 - 2014-07-26 09:32 - 02936692 _____ () C:\Users\Martina\Downloads\setup.exe
2014-07-26 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-25 18:41 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-07-25 07:24 - 2013-08-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 00:10 - 2014-07-25 00:10 - 00000000 ____D () C:\ProgramData\explauncher
2014-07-22 13:01 - 2014-07-12 13:00 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405162791
2014-07-22 13:01 - 2014-07-12 12:59 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-21 07:25 - 2013-08-02 21:49 - 00000000 ____D () C:\Users\Martina\Documents\02 My Privacy
2014-07-20 10:06 - 2014-07-20 10:06 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-20 10:06 - 2014-07-20 10:06 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-07-20 10:06 - 2014-07-20 10:06 - 00000000 ____D () C:\Program Files\Java
2014-07-19 23:04 - 2014-07-19 23:04 - 13966684 _____ () C:\Users\Martina\Downloads\50_Vorlagen_fuer_Office.zip
2014-07-19 22:48 - 2014-07-19 22:48 - 01940642 _____ () C:\Users\Martina\Downloads\vorlagen3de_opendoc.zip
2014-07-19 18:53 - 2014-07-19 18:50 - 54337472 _____ () C:\Users\Martina\Downloads\SpiderOakSetup_5.1.5.zip
2014-07-19 13:27 - 2014-07-18 16:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-19 13:27 - 2014-07-18 16:38 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-19 13:27 - 2014-07-18 16:38 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-19 13:27 - 2014-06-17 20:34 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 13:27 - 2014-06-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 17:18 - 2014-06-01 12:15 - 01433027 _____ () C:\WINDOWS\setupact.log
2014-07-18 16:54 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 16:38 - 2014-07-18 16:37 - 00004191 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 16:35 - 2014-07-18 16:34 - 00918440 _____ (Oracle Corporation) C:\Users\Martina\Downloads\jxpiinstall.exe
2014-07-17 11:14 - 2014-07-17 11:12 - 37178696 _____ () C:\Users\Martina\Downloads\lvwup915.exe
2014-07-17 11:12 - 2014-07-17 11:11 - 46729239 _____ () C:\Users\Martina\Downloads\lvwup918.exe
2014-07-16 11:07 - 2014-07-16 11:07 - 00000711 _____ () C:\Users\Martina\Desktop\Bibliotheken - Verknüpfung.lnk
2014-07-16 09:31 - 2013-08-02 07:58 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Adobe
2014-07-13 20:12 - 2014-07-13 20:02 - 40490476 _____ () C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153(1).exe
2014-07-13 20:12 - 2013-08-02 22:46 - 00000000 ___RD () C:\Users\Martina\Dropbox
2014-07-13 19:51 - 2014-07-13 19:49 - 40514640 _____ (Google Inc.) C:\Users\Martina\Downloads\ChromeStandaloneSetup_35.0.1916.153.exe
2014-07-13 15:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\DropboxMaster
2014-07-13 15:41 - 2013-08-02 22:44 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Dropbox
2014-07-13 15:36 - 2014-07-13 15:36 - 00341008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-13 14:28 - 2014-07-13 14:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:28 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 13:47 - 2013-08-05 10:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-13 13:44 - 2013-08-02 14:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-13 13:44 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-12 14:53 - 2014-07-12 14:34 - 00000000 ____D () C:\Users\Martina\MediathekView
2014-07-12 14:34 - 2013-08-02 07:56 - 00000000 ____D () C:\Users\Martina
2014-07-12 14:30 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\.mediathek3
2014-07-12 14:18 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Martina\Downloads\MediathekView_6
2014-07-12 14:16 - 2013-10-30 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-12 14:12 - 2014-07-12 14:12 - 28875706 _____ () C:\Users\Martina\Downloads\MediathekView_6.zip
2014-07-12 13:33 - 2013-08-06 17:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Opera Software
2014-07-12 13:00 - 2014-07-12 13:00 - 00000000 ____D () C:\Users\Martina\AppData\Local\Opera Software
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-12 12:59 - 2014-07-12 12:59 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-07 23:38 - 2014-05-02 09:47 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\dvdcss
2014-07-07 13:13 - 2014-04-07 11:33 - 00000000 ____D () C:\Users\Martina\Documents\ScanSnap
2014-07-07 07:49 - 2014-07-07 07:49 - 00000000 ____D () C:\Users\Martina\Desktop\Alte Firefox-Daten

Files to move or delete:
====================
C:\ProgramData\Lenovo-8204.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 08:25

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2014
Ran by Martina at 2014-08-06 11:18:55
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader for ScanSnap (TM) 5.0 (HKLM-x32\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
BelegManager (HKLM-x32\...\{FBF4C1A4-C82A-4678-8382-CFDCEE14D515}) (Version: 1.00.0000 - Wolters Kluwer Deutschland GmbH)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Best YouTube Downloader (HKLM-x32\...\Best YouTube Downloader) (Version: 1.5.3 - Neobars)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.0L10 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Delicious (HKCU\...\hxxp://delicious.com) (Version:  - )
DirPrintOK (HKLM-x32\...\DirPrintOK) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Evernote v. 4.5.8 (HKLM-x32\...\{DED01768-E634-11E1-AEB0-984BE15F174E}) (Version: 4.5.8.7356 - Evernote Corp.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Klett Lehrersoftware Red Line (LM 4) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 4)) (Version:  - )
Klett Lehrersoftware Red Line (LM 5) (HKLM-x32\...\Klett Lehrersoftware Red Line (LM 5)) (Version:  - )
Klett Lernsoftware Mathematik - Einblicke 9 (HKLM-x32\...\Klett Lernsoftware Mathematik - Einblicke 9_is1) (Version:  - )
Klett Lernsoftware Mathematik - Schnittpunkt (4. Lernjahr) 8 BW (HKLM-x32\...\Klett Lernsoftware Mathematik - Schnittpunkt (4.~93F79701_is1) (Version:  - )
Klett Mathetrainer 10 (HKLM-x32\...\Klett Mathetrainer 10_is1) (Version:  - )
KV-WIN (HKLM-x32\...\{54613ADC-0DDC-4BFE-8D25-281272D58D5D}) (Version: 7.113.6 - MORGEN & MORGEN)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LV-WIN (HKLM-x32\...\{BFC1E04D-AA94-4E5F-A220-89209FF0FA3A}) (Version: 7.113.6 - MORGEN & MORGEN)
Magic Desktop (HKLM-x32\...\{A96758C2-3ED3-4035-BD35-7194ED35AB92}) (Version: 1.00.2250 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neevia PDFcompress v3.5 (HKLM-x32\...\Neevia PDFcompress_is1) (Version:  - neeviaPDF.com)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Olympus DSS Player (HKLM-x32\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 23.0.1522.60 (HKLM-x32\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.3 - NTeWORKS)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Rack2-Filer Smart (HKLM-x32\...\{3793727D-CC1F-40CC-BEA6-1E04539714ED}) (Version: 1.00.0012 - PFU LIMITED)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.1L11 - PFU)
ScanSnap Manager (x32 Version: 6.1.11.2.4 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.0L11 - PFU)
ScanSnap Organizer (x32 Version: 5.0.11.1 - PFU LIMITED) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Softwarenetz Fahrtenbuch2 (HKLM-x32\...\Fahrtenbuch2) (Version:  - Softwarenetz)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version:  - Softwarenetz)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version:  - Softwarenetz)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Steuer-Spar-Erklärung Selbstständige 2012 (HKLM-x32\...\{9D1F3849-C808-4D5F-AB86-C8DD27B24439}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung Selbstständige 2013 (HKLM-x32\...\{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Martina\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1652106630-3679740725-1600711223-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-07-2014 14:37:00 Installed Java 7 Update 65
25-07-2014 05:19:36 Windows Update
26-07-2014 08:58:09 Dot4 wird installiert
01-08-2014 17:39:47 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 17:47:54 Dragon NaturallySpeaking 11.5 wurde entfernt.
01-08-2014 18:13:02 Installed SpyHunter
02-08-2014 04:52:00 Removed SpyHunter
02-08-2014 11:18:51 Installed Classic Shell
05-08-2014 12:12:22 Removed Samsung Kies3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {212A5001-F299-4F98-99D6-E234C179E989} - System32\Tasks\Opera scheduled Autoupdate 1405162791 => C:\Program Files (x86)\Opera\launcher.exe [2014-07-18] (Opera Software)
Task: {2190BDB8-D7C5-43B9-AA04-C53ABC6D9184} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {36143B39-7C47-4FE5-A62D-AAA73900E896} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {4337FFEB-74D2-497F-AD9B-3330BA744750} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {554DF1F8-9A06-4334-B47B-77E2F929A8B8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5F66191A-8E53-475B-83A2-BDFD6E583948} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {64004EF0-4EDA-43E2-AF48-7EDFC0A5B1F7} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-05-26] (IObit)
Task: {70E8F7AF-F0B1-4ACB-BC36-E3DAFA303290} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {763DCDBC-39FF-4A75-9DFD-C19406D5BDD6} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-03-14] (Microsoft)
Task: {80EF7B72-DC16-40A1-A554-ECE32978D598} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {A2663767-C3B8-4360-9790-267B1C9D7171} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()
Task: {BB24F679-4849-4747-A847-3A2AB26771FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C3983FEE-E76A-4EE6-A45B-6C82B9F6E16B} - System32\Tasks\RegInOut on user logon - Martina => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC0A0224-A31C-47A1-94E6-24803ABCDEB3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CF0C2287-4C79-46E2-9A6D-FAF1CAC5418C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
Task: {EA81D209-10E0-4E18-9815-C30890BE2A16} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F083E840-E69B-477D-A3EF-A2B1995D2F42} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {FD368452-5A59-45DD-8D70-B992DFE31867} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Martina.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-12 13:04 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-10-12 13:04 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-07-19 06:03 - 2014-07-19 06:03 - 00114688 _____ () C:\Program Files (x86)\Best YouTube Downloader\Basement\ExtensionUpdaterService.exe
2013-12-26 19:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-07 22:17 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-14 02:54 - 2014-05-14 02:54 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-28 18:21 - 2012-11-01 21:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-04 23:23 - 2014-08-04 23:23 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080401\algo.dll
2014-08-05 11:23 - 2014-08-05 11:23 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080500\algo.dll
2014-06-02 08:33 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-07 11:15 - 2012-06-25 16:54 - 00599419 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\sqlite3.dll
2014-04-07 11:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2014-07-04 16:50 - 2014-07-04 16:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-07 11:10 - 2013-04-24 14:50 - 00421888 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-04-07 11:10 - 2012-09-05 11:25 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-04-07 11:10 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-04-07 11:10 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-04-07 11:10 - 2011-12-06 14:00 - 00897024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2011-09-20 08:07 - 2011-09-20 08:07 - 00842752 _____ () C:\Program Files (x86)\phase-6\phase-6\xulrunner\js3250.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-08-02 09:41 - 2011-12-07 09:11 - 00472984 _____ () C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader.dll
2013-08-02 09:48 - 2013-08-02 09:48 - 00347544 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\ba498a33\006d395e_afb4cc01\OBAOutlookAddIn.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00292760 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\11c67a38\00a89166_afb4cc01\OBAOutlookAddIn.resources.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00292760 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\914f6c72\004e2f64_afb4cc01\Interop.Outlook.DLL
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-08-02 09:48 - 2013-08-02 09:48 - 00124824 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\fa283728\00c79b60_afb4cc01\PTControls.DLL
2013-08-02 09:48 - 2013-08-02 09:48 - 00031128 _____ () C:\Users\Martina\AppData\Local\assembly\dl3\8QYB5AY7.PJY\GMPX52C4.G7H\93d857ed\009a6a5f_afb4cc01\PTCommons.DLL
2014-03-18 23:14 - 2014-07-30 00:18 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DM1Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StartMenuService => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Detector 3.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKCU\...\StartupApproved\Run: => "ISUSPM"
HKCU\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2014 07:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/05/2014 11:31:34 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/04/2014 06:41:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (08/04/2014 04:43:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/04/2014 04:43:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (08/04/2014 10:48:17 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/04/2014 10:43:06 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/04/2014 08:09:48 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/04/2014 00:20:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/03/2014 09:58:20 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (08/05/2014 07:18:06 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 09:58:33 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 00:23:27 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 09:01:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 09:00:37 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (08/02/2014 08:45:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/02/2014 06:56:29 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (05/17/2014 03:11:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 154173 seconds with 5280 seconds of active time.  This session ended with a crash.

Error: (05/13/2014 00:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18897 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (01/18/2014 00:04:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 87142 seconds with 2820 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-05 07:18:19.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 21:58:47.595
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 12:23:42.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 09:01:21.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 08:45:18.408
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-02 06:56:42.564
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 23:42:01.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 23:32:07.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 20:06:31.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 11:05:28.830
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\Drivers\acedrv05.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 8055.77 MB
Available physical RAM: 5002.88 MB
Total Pagefile: 9271.77 MB
Available Pagefile: 5867.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:752.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 914B441A)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

Hab ich das jetzt richtig gemacht?

cosinus 06.08.2014 11:15
Zitat:
Hab ich das jetzt richtig gemacht?
Niemand hat die vorgeworfen, dass du an den Logs was Falsches gemacht hast.

Zitat:
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Hm, wo war denn der Rechner die letzten Monate?
Warum fehlen da so viele Updates?
Wie sind bei Windows 8.1 und Internet Explorer 11

Tina Zee 06.08.2014 12:15
So war das nicht gemeint ... ich bin/war ehrlich unsicher, ob das richtig ist.

Das Update auf 8.1 habe ich vor 2 Monaten versucht und hatte soviel Probleme, dass ich es aufgegebne habe.
Mit dem IE arbeite ich nicht ... ich geh über Mozilla ins Netz ... den (IE) kann ich aber natürlich trotzdem mal updaten ... aber Secunia meldet den nicht als "upzudaten"

cosinus 06.08.2014 12:22
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\Lenovo-8204.vbs
C:\Program Files\Enigma Software Group
C:\ProgramData\InstallMate

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Tina Zee 06.08.2014 12:42
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2014
Ran by Martina at 2014-08-06 13:41:51 Run:1
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\Lenovo-8204.vbs
C:\Program Files\Enigma Software Group
C:\ProgramData\InstallMate

*****************

esgiguard => Service deleted successfully.
C:\ProgramData\Lenovo-8204.vbs => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.

==== End of Fixlog ====

cosinus 06.08.2014 14:30
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Tina Zee 06.08.2014 15:27
Liste der Anhänge anzeigen (Anzahl: 3)
HAllo,
da ich MBAM bereits installiert hatte, habe ich es geöffnet und während ich überlegte, ob ich Dir einen Ausdruck von der letzten Prüfung heute schicken soll, find hier der Mozilla das Spinnen an ... hat selbsttätig zig Fenster geöffnet und überhaupt kein Stop akzeptiert. Als ich es dann über den Taskmanager irgendwie geschafft habe, dass er innehält kam die Frage: sind sie sicher, dass sie alle 1934 Tabs schließen wollen? ... häääää? :kloppen:

Also Rechner runtergefahren und wieder hoch und dann kam zunächst diese Fehlermeldung - siehe 1. Bilddatei ...

Was hat das jetzt zu bedeuten?

dann habe ich MBAM gestartet und folgendes erhalten - siehe die beiden anderen Bilder

cosinus 06.08.2014 15:30
Das kommt weil da ein Geplanter (zeitgesteuerter) Task noch ist, der das gelöschte VBS-Script starten will.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Tina Zee 06.08.2014 15:34
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2014
Ran by Martina at 2014-08-06 16:34:06 Run:2
Running from C:\Users\Martina\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A} - System32\Tasks\Lenovo\Lenovo-8204 => C:\ProgramData\Lenovo-8204.vbs [2013-04-07] ()

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABEB34F6-ACB5-4F7C-9777-B8AAC41D553A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Lenovo\Lenovo-8204 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo-8204" => Key deleted successfully.

==== End of Fixlog ====

cosinus 06.08.2014 15:38
So, dann mach jetzt die Kontrollscans bitte

Tina Zee 06.08.2014 15:42
Hier das MBAM Protokoll ...

Soll ich das mit dem ESET jetzt machen?

Wird gemacht ... hatte nicht aktualisiert ... sorry


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:27 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131