| |
| |||||||
Log-Analyse und Auswertung: PC Optimizer Pro eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.02.2014, 18:43
| #1 |
| |  PC Optimizer Pro eingefangen Hallo, leider habe ich mir irgendwie den PC Optimizer Pro eingefangen  . Er hat sich von alleine installiert und gestartet. Ich habe versucht, ihn über den CC - Cleaner zu löschen, das sah aber nicht sehr vertrauenswürdig aus. Nun möchte ich gerne sicher gehen, ob mein Laptop clean ist.Betriebssystem ist Windows8 und Kaspersky auf dem neusten Stand, das hat aber weder gewarnt noch etwas gefunden bei der kompletten Untersuchung. Ich habe Eure Anleitung ausgeführt mit folgenden Ergebnissen: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Jutta (administrator) on JUTTA on 02-02-2014 18:14:41
Running from C:\Users\Jutta\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Runonce: [extractnow] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify] - C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify Web Helper] - C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [SkyDrive] - C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll [2300344 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\iebho.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3859018946-3778628707-202508750-1002\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google-Suche) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-07-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-07-03]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-07-03]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-07-03]
CHR Extension: (Google Mail) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (Anti-Banner) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
==================== Services (Whitelisted) =================
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-02] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-29] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-29] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2013-12-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-29] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:12 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:11 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00000000 ____D () C:\FRST
2014-02-02 18:08 - 2014-02-02 18:09 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:01 - 2014-02-02 17:02 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 16:59 - 2014-02-02 17:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 16:59 - 2014-02-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 17:17 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:01 - 2014-02-02 16:44 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 15:54 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 15:52 - 2014-02-02 15:53 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:43 - 2014-02-02 16:05 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:29 - 2014-02-02 16:21 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 15:29 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 15:29 - 2014-02-02 15:55 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:27 - 2013-10-30 12:13 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-02 15:26 - 2014-02-02 15:54 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:24 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 09:19 - 2014-02-02 16:17 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:19 - 2013-10-04 06:31 - 00579072 _____ () C:\Windows\system32\SNWIAUI.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00155136 _____ () C:\Windows\system32\SnImgFlt.dll
2014-01-27 09:19 - 2013-10-04 05:52 - 00068096 _____ () C:\Windows\system32\SnErHdlr.dll
2014-01-27 09:19 - 2013-09-02 03:57 - 00155696 _____ () C:\Windows\wiainst64.exe
2014-01-27 09:19 - 2013-06-01 06:13 - 01571160 ____N () C:\Windows\TotalUninstaller.exe
2014-01-27 09:19 - 2012-12-10 03:09 - 00120846 _____ () C:\Windows\system32\WIAEXSTR.loc
2014-01-27 09:19 - 2012-03-14 00:58 - 00166640 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll
2014-01-27 09:19 - 2012-03-14 00:58 - 00148728 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll
2014-01-27 09:19 - 2012-02-09 08:20 - 00355840 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll
2014-01-27 09:17 - 2014-01-27 09:18 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:09 - 2014-01-20 21:10 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-15 22:55 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 22:55 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:22 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-09 16:22 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
==================== One Month Modified Files and Folders =======
2014-02-02 18:14 - 2014-02-02 18:12 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:11 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00000000 ____D () C:\FRST
2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:09 - 2014-02-02 18:08 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:08 - 2013-07-01 11:22 - 00000000 ____D () C:\Users\Jutta
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 18:01 - 2013-07-01 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-02 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:25 - 2013-07-01 11:34 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859018946-3778628707-202508750-1002
2014-02-02 17:18 - 2013-07-03 20:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 17:17 - 2014-02-02 16:59 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 17:17 - 2014-02-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 17:17 - 2013-07-03 19:16 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-02 17:17 - 2013-07-01 11:26 - 00001440 _____ () C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 17:16 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-02 17:04 - 2013-07-04 13:55 - 00005122 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta
2014-02-02 17:02 - 2014-02-02 17:01 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 17:00 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Packages
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:54 - 2013-07-04 15:32 - 00634368 ___SH () C:\Users\Jutta\Downloads\Thumbs.db
2014-02-02 16:47 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-02 16:47 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-02 16:47 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 16:44 - 2014-02-02 16:01 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 16:44 - 2013-07-01 14:38 - 00000000 ___RD () C:\Users\Jutta\SkyDrive
2014-02-02 16:43 - 2013-07-01 11:27 - 00000416 _____ () C:\Users\Jutta\AppData\Roaming\sp_data.sys
2014-02-02 16:41 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 16:40 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-02 16:21 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:17 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 16:17 - 2014-02-02 15:24 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 16:17 - 2014-01-27 09:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-02 16:17 - 2013-04-13 04:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-02 16:05 - 2014-02-02 15:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:55 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:54 - 2014-02-02 15:26 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:53 - 2014-02-02 15:52 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-30 14:03 - 2013-07-01 13:15 - 00000000 ____D () C:\Users\Public\CyberLink
2014-01-29 09:51 - 2013-07-04 15:35 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-01-27 20:44 - 2013-07-01 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-27 17:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 12:41 - 2013-07-03 19:16 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Adobe
2014-01-27 12:39 - 2013-07-03 20:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:18 - 2014-01-27 09:17 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:10 - 2014-01-20 21:09 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-17 23:10 - 2013-08-17 00:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 23:08 - 2013-07-01 15:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 23:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:27 - 2013-04-13 04:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-09 09:02 - 2013-11-19 14:49 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 14:49 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 12:47 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\VirtualStore
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jutta\3DM-Installer.exe
C:\Users\Jutta\D3DX9_42.dll
C:\Users\Jutta\eep8.exe
C:\Users\Jutta\Gleisobj.dll
C:\Users\Jutta\mfc100.dll
C:\Users\Jutta\Mfc71.dll
C:\Users\Jutta\msvcp100.dll
C:\Users\Jutta\Msvcp71.dll
C:\Users\Jutta\msvcr100.dll
C:\Users\Jutta\Msvcr71.dll
C:\Users\Jutta\msxml3.dll
C:\Users\Jutta\msxml3a.dll
C:\Users\Jutta\msxml3r.dll
C:\Users\Jutta\ode.dll
C:\Users\Jutta\opcode.dll
C:\Users\Jutta\SPRender.dll
C:\Users\Jutta\Sucode.dll
C:\Users\Jutta\sureCommon3.dll
C:\Users\Jutta\sureInd.dll
C:\Users\Jutta\sureParticles3.dll
C:\Users\Jutta\susl.dll
C:\Users\Jutta\sutrack+.dll
C:\Users\Jutta\Validator.dll
Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\bitool.dll
C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 21:07
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Jutta at 2014-02-02 18:15:00
Running from C:\Users\Jutta\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Abschleppwagen-Simulator 2010 Version 1.3 (x32 Version: 1.3 - astragon Software GmbH)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (x32 Version: 1.2.8 - ASUS)
ASUS InstantOn (x32 Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.13 - ASUS)
ASUS Live Update (x32 Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.1.2 - ASUS)
ASUS Smart Gesture (x32 Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005 - ASUS)
ASUS Tutor (x32 Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.5 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0023 - ASUS)
CCleaner (Version: 4.05 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eisenbahn.exe Professional 8.0 (x32 Version: 8.00.0000 - Trend)
Fairground 2 Version 1.0 (x32 Version: - rondomedia Marketing & Vertriebs GmbH)
Flughafen-Feuerwehr-Simulator Version 1.0 (x32 Version: - rondomedia Marketing & Vertriebs GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0 - Koyote Soft)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Landwirtschafts Simulator 2011 (x32 Version: 1.0 - GIANTS Software)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (x32 Version: 2.0 - ASUS)
NoLimits Coasters 1.56 (entfernen) (x32 Version: - )
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (x32 Version: - Atari)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (x32 Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SceneSwitch (x32 Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sonderfahrzeug-Simulator 2012 Version 1.0 (x32 Version: 1.0 - Astragon)
Spotify (HKCU Version: 0.9.4.178.g259772ba - Spotify AB)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
THW Simulator 2012 (x32 Version: - )
tulox (x32 Version: - )
VR-NetWorld (x32 Version: - )
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (x32 Version: 4.1.0.3114 - Bandoo Media Inc) <==== ATTENTION
WinFlash (x32 Version: 2.41.1 - ASUS)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
26-12-2013 22:09:46 Geplanter Prüfpunkt
02-01-2014 17:19:24 DirectX wurde installiert
13-01-2014 20:56:33 Geplanter Prüfpunkt
17-01-2014 22:05:32 Windows Update
02-02-2014 14:25:10 Installed Samsung Kies
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {491C78A9-8162-48C4-B69D-71471415546D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)
Task: {64119EBC-2F99-4D3B-8D3D-D637811DCD4B} - System32\Tasks\Microsoft\Windows\RestartManager\{3E371F90-96F3-461f-B927-51987DA7D222} => C:\Windows\system32\rmclient.exe [2012-07-26] (Microsoft Corporation)
Task: {6DBC672D-06CB-4FA8-A423-143D4F6EC94E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {8D798F60-DCA6-4A5D-9F86-77DD4F5BD9E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {90F73258-6FAC-43C9-BA03-D98CEE0D3A14} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {A3941073-3E51-4409-A002-8243A95D5D82} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5F824B5-923B-4AAF-AE8F-63329900FF8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB6AF6C5-6894-4C47-B347-10A306808047} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {E8C27ACF-BE84-4A73-8343-7B16682AAE56} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-13 04:43 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-22 09:44 - 2011-06-22 09:44 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2013-07-01 14:33 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-01 14:33 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-01 14:33 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-07-01 13:52 - 2013-07-01 13:53 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-11 14:01 - 2012-09-11 14:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-05-24 21:19 - 2012-05-24 21:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-11-13 17:12 - 2013-11-13 17:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-15 22:59 - 2014-01-15 22:59 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-04-13 04:48 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-22 15:05 - 2013-12-22 15:05 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3981.57 MB
Available physical RAM: 1803.45 MB
Total Pagefile: 4685.57 MB
Available Pagefile: 2405.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:111.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:258.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F7791DB4)
Partition: GPT Partition Type
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-02 18:34:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jutta\AppData\Local\Temp\uxloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007f85486257c 8 bytes JMP 000007f9523103b0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007f854866b10 9 bytes JMP 000007f952310308
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f8548e5658 7 bytes JMP 000007f952310260
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f8548e5778 7 bytes JMP 000007f9523102d0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007f854901564 7 bytes JMP 000007f952310340
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f8549140e4 7 bytes JMP 000007f952310298
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f854914178 8 bytes JMP 000007f952310228
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f85491479c 8 bytes JMP 000007f952310378
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f8523528a0 7 bytes JMP 000007f9523100d8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f8523528e8 5 bytes JMP 000007f952310180
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f85236f590 6 bytes JMP 000007f952310148
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f85236f8ac 5 bytes JMP 000007f952310110
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f853d3c5b0 7 bytes JMP 000007f952310490
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007f853d431f0 9 bytes JMP 000007f9523103e8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007f853d433e0 5 bytes JMP 000007f952310458
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f853d47160 5 bytes JMP 000007f952310420
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f854181070 8 bytes JMP 000007f9523101f0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f8541a0c10 8 bytes JMP 000007f9523101b8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007f84f456d10 5 bytes JMP 000007f94f440110
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007f84f45d060 5 bytes JMP 000007f94f4400d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f853c11782 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f853c11782 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199 000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144 000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183 000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168 000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405 000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181 000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354 000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007f8553a26f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236 000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8490b1b32 4 bytes [0B, 49, F8, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8490b1b3a 4 bytes [0B, 49, F8, 07]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199 000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144 000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183 000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168 000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405 000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181 000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354 000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007f8553a26f0 16 bytes {JMP RAX}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236 000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [672:696] fffff960008085e8
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1752] (WPM Service/Cherished Technololgy LIMITED)(2 0000000001340000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 0000000061610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 000000005abf0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 00000000602b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000061610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000059ed0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000059db0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005abf0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 00000000602b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a930000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a850000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a7b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a7a0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a740000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Liebe Grüße Lynette |
|
02.02.2014, 21:23
| #2 |
    | PC Optimizer Pro eingefangen Hallo Lynette wilkommen auf
__________________ Download Adware-Removal-Tool zum Desktop Schließe alle offenen Programme und Browser. Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten. Klicke Repair Schliesse das Fenster und den Internet link. Downloade Dir bitte  Zoek.exe by smeenk zum Desktop Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen. Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten. Nun klicke auf "Run script" und im nächsten Fenster klicke OK. Und sei geduldig bis das Skript durchläuft.(bis zu eine halbe Stunde) Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\ Bitte poste mir das ZOEK-Log in Code-Tags |
|
02.02.2014, 21:57
| #3 |
| | PC Optimizer Pro eingefangen Hallo Argus,
__________________vielen vielen Dank für die schnelle Antwort. Ich habe Deine Anweisungen durchgeführt und das ist das Ergebnis: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 02.02.2014 at 21:35:21,10.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
02.02.2014 21:37:03 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample__2143.zip ======================
Copied file C:\Users\Jutta\3DM-Installer.exe to sample\3DM-Installer.exe
Copied file C:\Users\Jutta\eep8.exe to sample\eep8.exe
sample\3DM-Installer.exe renamed to 6FD63DA30D6FBB1E3CF91E37CEB657E3
sample\eep8.exe renamed to 143BAFC75C5B85769C18C81DED2E428F
C:\Users\Public\Desktop\sample__2143.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
---- FireFox user.js and prefs.js backups ----
user__2143_.backup
prefs__2143_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted
C:\PROGRA~2\PC Speed Maximizer deleted
C:\PROGRA~2\Optimizer Pro deleted
C:\PROGRA~2\SupTab deleted
C:\Users\Jutta\AppData\Roaming\DigitalSites deleted
C:\Users\Jutta\AppData\Roaming\FoxTab deleted
C:\Users\Jutta\D3DX9_42.dll deleted
C:\Users\Jutta\Gleisobj.dll deleted
C:\Users\Jutta\mfc100.dll deleted
C:\Users\Jutta\Mfc71.dll deleted
C:\Users\Jutta\msvcp100.dll deleted
C:\Users\Jutta\Msvcp71.dll deleted
C:\Users\Jutta\msvcr100.dll deleted
C:\Users\Jutta\Msvcr71.dll deleted
C:\Users\Jutta\msxml3.dll deleted
C:\Users\Jutta\msxml3a.dll deleted
C:\Users\Jutta\msxml3r.dll deleted
C:\Users\Jutta\ode.dll deleted
C:\Users\Jutta\opcode.dll deleted
C:\Users\Jutta\SPRender.dll deleted
C:\Users\Jutta\Sucode.dll deleted
C:\Users\Jutta\sureCommon3.dll deleted
C:\Users\Jutta\sureInd.dll deleted
C:\Users\Jutta\sureParticles3.dll deleted
C:\Users\Jutta\susl.dll deleted
C:\Users\Jutta\sutrack+.dll deleted
C:\Users\Jutta\Validator.dll deleted
C:\ProgramData\SetStretch.VBS deleted
C:\ProgramData\boost_interprocess deleted
C:\ProgramData\WPM deleted
C:\Users\Jutta\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Jutta\AppData\LocalLow\DataMngr deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Windows\tasks\FoxTab.job deleted
C:\windows\SysNative\tasks\FoxTab deleted
C:\Users\Jutta\Documents\Optimizer Pro deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\searchplugins\Search_Results.xml deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\foxydeal.sqlite deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\searchqutoolbar deleted
C:\Users\Jutta\3DM-Installer.exe deleted
C:\Users\Jutta\eep8.exe deleted
"C:\ProgramData\IePluginService\PluginService.exe" deleted
"C:\ProgramData\IePluginService" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-02-02 17:26:34 BAEEBB5AF4E53B2EEC013631A70F2DC4 496345971 ----a-w- C:\Windows\MEMORY.DMP
2014-01-27 08:19:46 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ----a-w- C:\Windows\wiainst64.exe
2014-01-27 08:19:01 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:01 1C27CEECA7EAECC2A74C3D9D9DF68CA6 26694 ------w- C:\Windows\uninstall.ico
====== C:\Users\Jutta\AppData\Local\Temp ====
2014-02-02 15:59:52 EBCC8C1AA76FC2F61CCDE7E172AD51EB 1037208 ----a-w- C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
2014-02-02 15:59:40 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-02-02 15:59:37 EEB382B229D9F88DB261893BA339AE31 6640888 ----a-w- C:\Users\Jutta\AppData\Local\Temp\{1E416967-D883-4A04-88E2-6BC5BF4B328E}\setup.exe
2014-02-02 15:58:57 098DF3D1E5BC12D8D158315FAF0BAAC5 6779920 ----a-w- C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
2014-02-02 15:58:50 333DBEE2C6F16A84A3ED61BBCF6F138A 882672 ----a-w- C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
2014-02-02 15:58:00 C0157AD57D34D1D608ADEA523B228266 59904 ----a-w- C:\Users\Jutta\AppData\Local\Temp\bitool.dll
====== C:\Windows\SysWOW64 =====
2014-02-02 14:54:21 37655385D1CF8560A52027B8008FAE0E 821824 ----a-w- C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 14:27:13 A64711C9CF690718EADA750370EC5EB2 4659712 ----a-w- C:\Windows\SysWOW64\Redemption.dll
2014-01-27 08:19:01 7D86DB1C92BCA149B76446607CF4F560 148728 ----a-w- C:\Windows\SysWOW64\TWAINDSM.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-27 08:19:01 D76D53BF84A0266C2CACAD2F5CC17CF4 68096 ----a-w- C:\Windows\Sysnative\SnErHdlr.dll
2014-01-27 08:19:01 A1DF91B94880E86EB56442238B1DD4F0 355840 ----a-w- C:\Windows\Sysnative\snWIAMUI.dll
2014-01-27 08:19:01 786E43779828BFAEED211C66A5A2A50B 166640 ----a-w- C:\Windows\Sysnative\TWAINDSM.dll
2014-01-27 08:19:01 77A5C083801B37BFA729235DFE868BC4 120846 ----a-w- C:\Windows\Sysnative\WIAEXSTR.loc
2014-01-27 08:19:01 6856749CA241FA3DD283B740D0BE14B1 579072 ----a-w- C:\Windows\Sysnative\SNWIAUI.dll
2014-01-27 08:19:01 5FFD7C9224CC1EDE494B38E18764C4B8 155136 ----a-w- C:\Windows\Sysnative\SnImgFlt.dll
2014-01-27 08:19:01 51D746152800FC7FB4AAE4A6DA34E8C5 734720 ----a-w- C:\Windows\Sysnative\SnMinDrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-09 15:22:52 2E334C10BFAB37BDF2A66F6E0D36C061 32544 ----a-w- C:\Windows\Sysnative\drivers\nvpciflt.sys
2014-01-09 15:22:51 0218E1CE8F7B5D404980192B9112D03A 12645664 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-02 17:21:22 -------- d-----w- C:\PROGRA~2\Foxtab
2014-02-02 15:58:42 -------- d-----w- C:\PROGRA~2\ExtractNow
2014-01-27 08:19:00 -------- d-----w- C:\PROGRA~2\Samsung
======= C: =====
====== C:\Users\Jutta\AppData\Roaming ======
2014-02-02 17:21:32 -------- d-----w- C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-02 17:21:22 AB17A11AE065D6C96926FC77BDF7A8C5 43 ----a-w- C:\Users\Jutta\AppData\Roaming\WB.CFG
2014-02-02 15:59:16 -------- d-----w- C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 15:58:42 -------- d-----w- C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 14:29:12 -------- d-----w- C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 14:29:10 -------- d-----w- C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 14:24:36 -------- d-----w- C:\Users\Jutta\AppData\Local\Downloaded Installations
====== C:\Users\Jutta ======
2014-02-02 20:29:20 D2B83B77504C8E59766898A192F4AD56 1190704 ----a-w- C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:20:33 776F2EF3D454F30598154DCBA0C1CF72 670752 ----a-w- C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49 BB0DDF9D86BDCEA86CF778AC8D0D9DA7 2080256 ----a-w- C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:08:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Jutta\defogger_reenable
2014-02-02 17:07:46 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:59:33 -------- d-----w- C:\ProgramData\IePluginService
2014-02-02 15:57:48 7056ED797114FA95925960C9C2D07ABE 2025752 ----a-w- C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 14:54:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-02-02 14:52:09 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:26:21 -------- d-----w- C:\ProgramData\Samsung
2014-02-02 14:23:05 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 08:19:47 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-01-27 08:17:52 469F9C407723247C382B4CF0887A4476 23580208 ----a-w- C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 20:09:54 5B4E8F5AEA41FDAB79B7CE733A08150F 128000 --sha-w- C:\Users\Jutta\Thumbs.db
====== C: exe-files ==
2014-02-02 20:29:20 D2B83B77504C8E59766898A192F4AD56 1190704 ----a-w- C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:21:32 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-02-02 17:21:24 55DBA9F8D394DC3B628BB27D46A1B2BE 647680 ----a-w- C:\Program Files (x86)\Foxtab\1.8.12.0\uninstall.exe
2014-02-02 17:20:33 776F2EF3D454F30598154DCBA0C1CF72 670752 ----a-w- C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:09:42 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQVOI9MF\FRST64[1].exe
2014-02-02 17:08:49 BB0DDF9D86BDCEA86CF778AC8D0D9DA7 2080256 ----a-w- C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:07:46 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:59:52 EBCC8C1AA76FC2F61CCDE7E172AD51EB 1037208 ----a-w- C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
2014-02-02 15:59:40 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-02-02 15:59:37 EEB382B229D9F88DB261893BA339AE31 6640888 ----a-w- C:\Users\Jutta\AppData\Local\Temp\{1E416967-D883-4A04-88E2-6BC5BF4B328E}\setup.exe
2014-02-02 15:59:16 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\Jutta\AppData\Roaming\awesomehp\awesomehp.exe
2014-02-02 15:58:57 098DF3D1E5BC12D8D158315FAF0BAAC5 6779920 ----a-w- C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
2014-02-02 15:58:50 333DBEE2C6F16A84A3ED61BBCF6F138A 882672 ----a-w- C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
2014-02-02 15:57:48 7056ED797114FA95925960C9C2D07ABE 2025752 ----a-w- C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 15:17:36 FA0A96170B46640A8C209E3970E60D60 1193984 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe
2014-02-02 14:55:12 23285008C849E88C36DBF71447F1B73F 1515288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
2014-02-02 14:54:19 C46B351F1F6F83FBB3B0F6E73341CDCF 987744 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe
2014-02-02 14:52:09 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:23:05 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup.exe
2014-02-01 14:29:06 C2F12B0F6B1BCE79CC2ACD749E80F74C 3199520 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000578e\DAO.17749621.exe
2014-01-29 17:25:17 95538B9357EE263A75A3349550974262 364288 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000577a\updatus.17734322_RUNASUSER.exe
2014-01-29 17:24:57 F1F92AD02D1B24779EDB2B9D99EB7450 3193160 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe
2014-01-27 08:19:46 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ----a-w- C:\Windows\wiainst64.exe
2014-01-27 08:19:03 4EAF9C855BB31464CD5C62F613EEA937 237104 ----a-w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
2014-01-27 08:19:03 4EAF9C855BB31464CD5C62F613EEA937 237104 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ICCUpdater.exe
2014-01-27 08:19:03 3663347C2BD4595E527B4B5500A22DB9 220720 ----a-w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
2014-01-27 08:19:03 3663347C2BD4595E527B4B5500A22DB9 220720 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ScanCDLM.exe
2014-01-27 08:19:01 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:00 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\totalUninstaller.exe
2014-01-27 08:19:00 94C8FEA50F87167956CDFE65D5A1F668 126512 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst.exe
2014-01-27 08:19:00 8B646BF51290F85A9F6E9CECB2514998 1292632 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Setup.exe
2014-01-27 08:19:00 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst64.exe
2014-01-27 08:17:52 469F9C407723247C382B4CF0887A4476 23580208 ----a-w- C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
=== C: other files ==
2014-02-02 20:43:04 C7CF79B63B24689E8E1C89428680D531 4527482 ----a-w- C:\Users\Public\Desktop\sample__2143.zip
2014-02-02 15:59:19 77622F55199528236129C848432AE102 1439487 ----a-w- C:\Users\Jutta\AppData\Local\Temp\fullpackage_temp1391356732\tmp\package2.zip
2014-02-02 15:58:55 5B09FBE7AD2BDCF40A1882AD654D8A9D 1524895 ----a-w- C:\Users\Jutta\AppData\Local\Temp\fullpackage_temp1391356732\package1.zip
2014-02-02 15:55:31 ED5B2D7F42D36C7566D970C791049A48 486926 ----a-w- C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Style\Themed\doenerschlumpf_brakefins.zip
2014-02-02 15:54:21 ED5B2D7F42D36C7566D970C791049A48 486926 ----a-w- C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 15:46:27 FD5A6D8D629108FF84B6D2D15647A659 68888 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys
2014-02-02 15:46:27 F568EA5F0DE16F945E8578C377243E8E 50968 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys
2014-02-02 15:46:27 F4BE1C58B05BEA30A9A60D4398EB0058 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys
2014-02-02 15:46:27 E428DFFA96FAD07D8CA3C9082563A225 103576 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys
2014-02-02 15:46:27 DBA556BA23FA76E1C89BA3AB4843AE5D 33176 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys
2014-02-02 15:46:27 D720E872772D004E304FCE0CE54E1F8A 84248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys
2014-02-02 15:46:27 CF77B95E2D28AC4CD794E91E0F78777B 80664 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys
2014-02-02 15:46:27 CE883E32A3DC090B957823F0D46B3EB1 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys
2014-02-02 15:46:27 BE1160978D7517F0BB940960CE71B737 39192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys
2014-02-02 15:46:27 AAF6F247F1DC370C593B4430974EAD9C 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys
2014-02-02 15:46:27 A1CC726323FB41FFD29F436A77237E41 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys
2014-02-02 15:46:27 9BFC65F8A17D8B21CF67BE4142DFEF44 92952 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys
2014-02-02 15:46:27 9A8D59146B6FC187140179D0F05EB07E 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys
2014-02-02 15:46:27 6507F48723F8469F783F2EE9D7DCC2DD 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys
2014-02-02 15:46:27 60356DA57A9F7722C4F8A633EB4FA38A 60184 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys
2014-02-02 15:46:27 539B830D9B1634928EFD24FBBDBB6D29 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys
2014-02-02 15:46:27 3648963C50EF859A1DC4426EBDEBF69B 45336 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys
2014-02-02 15:46:27 3248B5CC4AA7942EE7BC26F1EB00210B 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys
2014-02-02 15:05:10 AAF6F247F1DC370C593B4430974EAD9C 204568 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudmdm.sys
2014-02-02 14:43:39 E428DFFA96FAD07D8CA3C9082563A225 103576 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudbus.sys
2014-01-27 08:19:04 5F77725EC309DE1242D8EFC8E9259A9F 5120 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\i386\SSPORT.sys
2014-01-27 08:19:01 0211AB46B73A2623B86C1CFCB30579AB 11576 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\amd64\SSPORT.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DATAMNGR"="C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\wia6eb~1\\datamngr\\datamngr.dll c:\\progra~2\\wia6eb~1\\datamngr\\iebho.dll c:\\windows\\syswow64\\nvinit.dll "
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\WIA6EB~1\\Datamngr\\x64\\datamngr.dll C:\\PROGRA~2\\WIA6EB~1\\Datamngr\\x64\\IEBHO.dll C:\\Windows\\system32\\nvinitx.dll "
==== Startup Folders ======================
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27.01.2014 12:39]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Foxtab Speed Dial - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 15:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[29.12.2013 12:01]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 15:49]
YouTube - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Gmail - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Start Page Redirect Cache"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Start Page Redirect Cache"="hxxp://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Jutta\AppData\Local\Mozilla\Firefox\Profiles\xzh6j33k.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=98 folders=39 23415624 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Jutta\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jutta\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\IePluginService" not found
==== EOF on 02.02.2014 at 21:53:44,02 ======================
Lynette |
|
02.02.2014, 22:27
| #4 |
| | PC Optimizer Pro eingefangen Download SFTGC by Pierre13 zum Desktop Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten. Klicke GO Poste mir den Inhalt von SFTGC.txt auf dein Desktop Poste noch ein frisches log von FRST Kannst du mir bitte Sample__2143.zip (Desktop)Uploaden mit hilfe von http://www.file-upload.net/?why=2 Und mir ein PN/PM schicken mit den Downloadlink? Geändert von Argus (02.02.2014 um 22:44 Uhr) |
|
02.02.2014, 23:24
| #5 |
| | PC Optimizer Pro eingefangen Hallo Argus, hier die Ergebnisse. Es kam die Anweisung, die Dateien zu packen und als Anhang zu schicken. Außerdem ist auf meinem Desktop wieder ein neues Programm aufgetaucht - Open it. Ich weiß nicht ob das was zu bedeuten hat... Liebe Grüße Lynette |
|
02.02.2014, 23:31
| #6 |
| | PC Optimizer Pro eingefangen
|
|
02.02.2014, 23:49
| #7 |
| | PC Optimizer Pro eingefangen Hier das Ergebnis: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 02.02.2014 at 23:35:42,65.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-02-02-205344.log 31233 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll"
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Foxtab deleted
C:\Users\Jutta\AppData\Roaming\awesomehp deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Foxtab Speed Dial - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Deleted Firefox Extensions ======================
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} deleted
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SupTab deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=233 folders=70 26126288 bytes)
==== EOF on 02.02.2014 at 23:39:09,20 ======================
Gruß, Lynette |
|
03.02.2014, 00:05
| #8 |
| /// Malwareteam / Visitor  | PC Optimizer Pro eingefangen Ich übernehme es von Argus  Anscheinend ist wieder etwas neues aufgetaucht.
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
03.02.2014, 00:37
| #9 |
| | PC Optimizer Pro eingefangen Hallo Smeenk, vielen Dank für die Übernahme Hier die Ergebnisse: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Jutta on 03.02.2014 at 0:12:50,26.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-02-02-205344.log 31233 bytes
C:\zoek-results2014-02-02-223909.log 3105 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\rightsurf deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-02-02 22:26:27 0764915EFB21368607CF1AABE4D1015D 126 ----a-w- C:\Windows\wininit.ini
2014-02-02 17:26:34 BAEEBB5AF4E53B2EEC013631A70F2DC4 496345971 ----a-w- C:\Windows\MEMORY.DMP
2014-01-27 08:19:46 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ----a-w- C:\Windows\wiainst64.exe
2014-01-27 08:19:01 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:01 1C27CEECA7EAECC2A74C3D9D9DF68CA6 26694 ------w- C:\Windows\uninstall.ico
====== C:\Users\Jutta\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2014-02-02 14:54:21 37655385D1CF8560A52027B8008FAE0E 821824 ----a-w- C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 14:27:13 A64711C9CF690718EADA750370EC5EB2 4659712 ----a-w- C:\Windows\SysWOW64\Redemption.dll
2014-01-27 08:19:01 7D86DB1C92BCA149B76446607CF4F560 148728 ----a-w- C:\Windows\SysWOW64\TWAINDSM.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-27 08:19:01 D76D53BF84A0266C2CACAD2F5CC17CF4 68096 ----a-w- C:\Windows\Sysnative\SnErHdlr.dll
2014-01-27 08:19:01 A1DF91B94880E86EB56442238B1DD4F0 355840 ----a-w- C:\Windows\Sysnative\snWIAMUI.dll
2014-01-27 08:19:01 786E43779828BFAEED211C66A5A2A50B 166640 ----a-w- C:\Windows\Sysnative\TWAINDSM.dll
2014-01-27 08:19:01 77A5C083801B37BFA729235DFE868BC4 120846 ----a-w- C:\Windows\Sysnative\WIAEXSTR.loc
2014-01-27 08:19:01 6856749CA241FA3DD283B740D0BE14B1 579072 ----a-w- C:\Windows\Sysnative\SNWIAUI.dll
2014-01-27 08:19:01 5FFD7C9224CC1EDE494B38E18764C4B8 155136 ----a-w- C:\Windows\Sysnative\SnImgFlt.dll
2014-01-27 08:19:01 51D746152800FC7FB4AAE4A6DA34E8C5 734720 ----a-w- C:\Windows\Sysnative\SnMinDrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-09 15:22:52 2E334C10BFAB37BDF2A66F6E0D36C061 32544 ----a-w- C:\Windows\Sysnative\drivers\nvpciflt.sys
2014-01-09 15:22:51 0218E1CE8F7B5D404980192B9112D03A 12645664 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
2014-02-02 22:10:37 EEE1CB4FF860DDD021BB7965113EE86D 2642 ----a-w- C:\Windows\Sysnative\Tasks\Digital Sites
2014-02-02 22:10:37 C4B4CF295BB1FA149D35BA3BF0C507AF 304 ----a-w- C:\Windows\Tasks\Digital Sites.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-02 22:10:41 -------- d-----w- C:\PROGRA~2\OpenIt
2014-02-02 22:08:14 -------- d-----w- C:\PROGRA~2\7-Zip
2014-02-02 15:58:42 -------- d-----w- C:\PROGRA~2\ExtractNow
2014-01-27 08:19:00 -------- d-----w- C:\PROGRA~2\Samsung
======= C: =====
====== C:\Users\Jutta\AppData\Roaming ======
2014-02-02 22:10:36 -------- d-----w- C:\Users\Jutta\AppData\Roaming\DigitalSites
2014-02-02 20:50:06 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-02-02 20:50:06 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-02-02 20:50:06 -------- d-----w- C:\Users\Jutta\AppData\Local\Temp
2014-02-02 20:50:06 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-02-02 20:50:06 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-02-02 17:21:32 -------- d-----w- C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-02 17:21:22 AB17A11AE065D6C96926FC77BDF7A8C5 43 ----a-w- C:\Users\Jutta\AppData\Roaming\WB.CFG
2014-02-02 15:58:42 -------- d-----w- C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 14:29:12 -------- d-----w- C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 14:29:10 -------- d-----w- C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 14:24:36 -------- d-----w- C:\Users\Jutta\AppData\Local\Downloaded Installations
====== C:\Users\Jutta ======
2014-02-02 22:10:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
2014-02-02 22:08:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-02-02 22:07:52 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Jutta\Downloads\7z920.exe
2014-02-02 21:48:57 23559EB760D28016AEA2D77890EEDCD5 1052688 ----a-w- C:\Users\Jutta\Downloads\SFTGC.exe
2014-02-02 20:29:20 D2B83B77504C8E59766898A192F4AD56 1190704 ----a-w- C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:20:33 776F2EF3D454F30598154DCBA0C1CF72 670752 ----a-w- C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49 BB0DDF9D86BDCEA86CF778AC8D0D9DA7 2080256 ----a-w- C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:08:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Jutta\defogger_reenable
2014-02-02 17:07:46 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:57:48 7056ED797114FA95925960C9C2D07ABE 2025752 ----a-w- C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 14:54:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-02-02 14:52:09 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:26:21 -------- d-----w- C:\ProgramData\Samsung
2014-02-02 14:23:05 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 08:19:47 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-01-27 08:17:52 469F9C407723247C382B4CF0887A4476 23580208 ----a-w- C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 20:09:54 5B4E8F5AEA41FDAB79B7CE733A08150F 128000 --sha-w- C:\Users\Jutta\Thumbs.db
====== C: exe-files ==
2014-02-02 22:10:52 2B450C618B761E76E2C3D752E0B77E88 2172872 ----a-w- C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD9ASVQU\Setup[1].exe
2014-02-02 22:10:44 2FCAFA4BE1FB14E180E14D57342657F4 33556 ----a-w- C:\Program Files (x86)\OpenIt\Open It!\uninstall.exe
2014-02-02 22:08:15 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files (x86)\7-Zip\Uninstall.exe
2014-02-02 22:07:52 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Jutta\Downloads\7z920.exe
2014-02-02 21:54:04 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06IOIW9Y\FRST64[1].exe
2014-02-02 21:48:57 23559EB760D28016AEA2D77890EEDCD5 1052688 ----a-w- C:\Users\Jutta\Downloads\SFTGC.exe
2014-02-02 20:29:20 D2B83B77504C8E59766898A192F4AD56 1190704 ----a-w- C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:21:32 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-02-02 17:20:33 776F2EF3D454F30598154DCBA0C1CF72 670752 ----a-w- C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49 BB0DDF9D86BDCEA86CF778AC8D0D9DA7 2080256 ----a-w- C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:07:46 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:57:48 7056ED797114FA95925960C9C2D07ABE 2025752 ----a-w- C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 15:17:36 FA0A96170B46640A8C209E3970E60D60 1193984 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe
2014-02-02 14:55:12 23285008C849E88C36DBF71447F1B73F 1515288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
2014-02-02 14:54:19 C46B351F1F6F83FBB3B0F6E73341CDCF 987744 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe
2014-02-02 14:52:09 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:23:05 D87CB18503A3F8E00D2B1A79D4B40814 70015304 ----a-w- C:\Users\Jutta\Downloads\KiesSetup.exe
2014-02-01 14:29:06 C2F12B0F6B1BCE79CC2ACD749E80F74C 3199520 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000578e\DAO.17749621.exe
2014-01-29 17:25:17 95538B9357EE263A75A3349550974262 364288 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000577a\updatus.17734322_RUNASUSER.exe
2014-01-29 17:24:57 F1F92AD02D1B24779EDB2B9D99EB7450 3193160 ----a-w- C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe
2014-01-27 08:19:46 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ----a-w- C:\Windows\wiainst64.exe
2014-01-27 08:19:03 4EAF9C855BB31464CD5C62F613EEA937 237104 ----a-w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
2014-01-27 08:19:03 4EAF9C855BB31464CD5C62F613EEA937 237104 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ICCUpdater.exe
2014-01-27 08:19:03 3663347C2BD4595E527B4B5500A22DB9 220720 ----a-w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
2014-01-27 08:19:03 3663347C2BD4595E527B4B5500A22DB9 220720 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ScanCDLM.exe
2014-01-27 08:19:01 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:00 A359924461317E87EB5DC85FEAF10C53 1571160 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\totalUninstaller.exe
2014-01-27 08:19:00 94C8FEA50F87167956CDFE65D5A1F668 126512 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst.exe
2014-01-27 08:19:00 8B646BF51290F85A9F6E9CECB2514998 1292632 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Setup.exe
2014-01-27 08:19:00 434B5E262EF6D0520D6DD4C3C78E47C4 155696 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst64.exe
2014-01-27 08:17:52 469F9C407723247C382B4CF0887A4476 23580208 ----a-w- C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
=== C: other files ==
2014-02-02 20:43:04 C7CF79B63B24689E8E1C89428680D531 4527482 ----a-w- C:\Users\Public\Desktop\sample__2143.zip
2014-02-02 15:55:31 ED5B2D7F42D36C7566D970C791049A48 486926 ----a-w- C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Style\Themed\doenerschlumpf_brakefins.zip
2014-02-02 15:54:21 ED5B2D7F42D36C7566D970C791049A48 486926 ----a-w- C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 15:46:27 FD5A6D8D629108FF84B6D2D15647A659 68888 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys
2014-02-02 15:46:27 F568EA5F0DE16F945E8578C377243E8E 50968 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys
2014-02-02 15:46:27 F4BE1C58B05BEA30A9A60D4398EB0058 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys
2014-02-02 15:46:27 E428DFFA96FAD07D8CA3C9082563A225 103576 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys
2014-02-02 15:46:27 DBA556BA23FA76E1C89BA3AB4843AE5D 33176 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys
2014-02-02 15:46:27 D720E872772D004E304FCE0CE54E1F8A 84248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys
2014-02-02 15:46:27 CF77B95E2D28AC4CD794E91E0F78777B 80664 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys
2014-02-02 15:46:27 CE883E32A3DC090B957823F0D46B3EB1 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys
2014-02-02 15:46:27 BE1160978D7517F0BB940960CE71B737 39192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys
2014-02-02 15:46:27 AAF6F247F1DC370C593B4430974EAD9C 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys
2014-02-02 15:46:27 A1CC726323FB41FFD29F436A77237E41 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys
2014-02-02 15:46:27 9BFC65F8A17D8B21CF67BE4142DFEF44 92952 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys
2014-02-02 15:46:27 9A8D59146B6FC187140179D0F05EB07E 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys
2014-02-02 15:46:27 6507F48723F8469F783F2EE9D7DCC2DD 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys
2014-02-02 15:46:27 60356DA57A9F7722C4F8A633EB4FA38A 60184 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys
2014-02-02 15:46:27 539B830D9B1634928EFD24FBBDBB6D29 182680 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys
2014-02-02 15:46:27 3648963C50EF859A1DC4426EBDEBF69B 45336 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys
2014-02-02 15:46:27 3248B5CC4AA7942EE7BC26F1EB00210B 204568 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys
2014-02-02 15:05:10 AAF6F247F1DC370C593B4430974EAD9C 204568 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudmdm.sys
2014-02-02 14:43:39 E428DFFA96FAD07D8CA3C9082563A225 103576 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudbus.sys
2014-02-01 03:23:24 9D68A041CE834BD4E0FF32CEF0006A98 9074 ----a-w- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
2014-01-27 08:19:04 5F77725EC309DE1242D8EFC8E9259A9F 5120 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\i386\SSPORT.sys
2014-01-27 08:19:01 0211AB46B73A2623B86C1CFCB30579AB 11576 ------w- C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\amd64\SSPORT.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"
==== Startup Folders ======================
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27.01.2014 12:39]
C:\Windows\tasks\Digital Sites.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\Windows\SysNative\tasks\Digital Sites" [C:\Users\Jutta\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Deleted Firefox Extensions ======================
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 15:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[29.12.2013 12:01]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 15:49]
YouTube - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Gmail - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=239 folders=71 28106062 bytes)
==== EOF on 03.02.2014 at 0:21:13,41 ======================
Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 00:27:15
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Jutta - JUTTA
# Gestartet von : C:\Users\Jutta\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5866 octets] - [03/02/2014 00:24:31]
AdwCleaner[S0].txt - [5456 octets] - [03/02/2014 00:27:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5516 octets] ##########
Lynette |
|
03.02.2014, 00:48
| #10 |
| /// Malwareteam / Visitor | PC Optimizer Pro eingefangen Wünsch Dir auch eine gute Nacht
Merkst du momentan noch Probleme? |
|
03.02.2014, 08:58
| #11 |
| | PC Optimizer Pro eingefangen Guten Morgen, hier das neueste Ergebnis: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 03.02.2014 at 8:44:16,76.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-02-02-205344.log 31233 bytes
C:\zoek-results2014-02-02-223909.log 3105 bytes
C:\zoek-results2014-02-02-232113.log 23295 bytes
==== Deleting Files \ Folders ======================
"C:\Windows\tasks\Digital Sites.job" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\config.dat" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\prod.dat" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc" deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=239 folders=71 28106339 bytes)
==== EOF on 03.02.2014 at 8:46:20,24 ======================
 |
|
03.02.2014, 11:18
| #12 |
| /// Malwareteam / Visitor | PC Optimizer Pro eingefangen Meiner Meinung nach sind wir Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Grüße Smeenk |
|
03.02.2014, 17:02
| #13 |
| | PC Optimizer Pro eingefangen Hallo, ich hoffe dass es das tatsächlich war, denn Malwarebytes hat noch was gefunden und entfernt. Dies war das Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.03.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Jutta :: JUTTA [Administrator] Schutz: Aktiviert 03.02.2014 16:17:06 mbam-log-2014-02-03 (16-17-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208631 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Jutta\AppData\Local\Temp\is357113909\4652562_stp\RightSurfSetup.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\Downloads\SAMSUNG CLX-3185FW user guide provided through bedienungsanleitung-pdf.com.exe (PUP.Optional.LiveSoftAction.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Lynett |
|
03.02.2014, 19:19
| #14 |
| /// Malwareteam / Visitor | PC Optimizer Pro eingefangen Hallo Lynette Aus Meiner sicht waren das nur Überreste und keine aktive infektionen. Wenn es weiterhin Problemlos läuft solltest du nicht beunruhigt sein. Smeenk |
|
03.02.2014, 19:47
| #15 |
| | PC Optimizer Pro eingefangen Dann vielen tausend Dank Euch beiden! Bin sehr erleichtert! Macht´s weiterhin so gut, liebe Grüße Lynette |
|
| Themen zu PC Optimizer Pro eingefangen |
| browser, converter, cpu, desktop, ebanking, entfernen, error, firefox, flash player, homepage, iexplore.exe, kaspersky, klelam.sys, koyote, mozilla, mp3, ntdll.dll, realtek, registry, rundll, samsung kies, scan, security, services.exe, software, spotify web helper, suptab, svchost.exe, tastatur, updates, windows, windowsapps, wma |
Linear-Darstellung
